Identification is the authentication layer that feeds the NAC substitute. For customers and workers, Nile pulls identification from Lively Listing, together with group and function membership, which maps on to coverage enforcement. Company gadgets can authenticate by means of RADIUS utilizing certificates, which carry extra machine metadata. For wired connections, Nile helps 802.1X but additionally presents a captive portal possibility, permitting second-factor authentication with out requiring full 802.1X deployment on each port.
Microsegmentation and the ‘Phase-of-1’
Prior Nile implementations used identity-based entry however solely supported macrosegmentation. The brand new launch provides fine-grained microsegmentation enforced on the identification degree fairly than on the IP handle or VLAN degree.
Katukam mentioned the shift means coverage follows the consumer or machine no matter bodily location, change port or connection kind. “We don’t even will let you uncover on the community. We don’t will let you talk on the community except the coverage means that you can do it,” he mentioned.
For IoT gadgets the place certificate-based authentication just isn’t out there, Nile makes use of machine fingerprinting because the coverage anchor. The system can establish gadgets all the way down to a selected mannequin. The system continues studying machine attributes over time to refine classification.
The “Phase-of-1” functionality takes that isolation to its furthest level, containing a compromised or misbehaving machine to a blast radius of 1 endpoint. Kiran mentioned this is applicable to malware propagation but additionally to shadow AI, the place AI brokers working on worker machines haven’t been approved by IT.
“Immediately, loads of AI being utilized in company environments just isn’t essentially approved by IT, and so they don’t even have visibility in lots of instances, but when they do detect this, with the Phase-of-1 capabilities, it’s doable to isolate it with out increasing the blast radius,” Kiran mentioned.
