The present invention relates generally to computer network security systems and, more specifically, to a passive network data monitoring and response system providing enhanced security for enterprise networks allowing user-supplied devices to connect to the networks.
Traditionally, companies have supplied and managed information technology (IT) equipment for their employees. As IT has become far less expensive, and with the extensive “consumerization” of IT through consumer electronics and cloud-based computing, many enterprises such as companies, universities and others are encouraging their users to purchase their own IT devices. Mobile devices, such as laptop computers, smartphones and tablets, have become so inexpensive and ubiquitous that many people are connecting their own user-supplied devices to the enterprise networks in a trend sometimes referred to as Bring Your Own Device (BYOD).
Enterprise supplied user devices, such as desktop computers, laptop computers, tablets and mobile smartphones, have traditionally been monitored by the enterprise itself by installing software-based asset management and security compliance tracking “agents” on devices supplied to authorized network users. This allows the enterprise operating the network to know where the devices are located, control the software installed, and manage the security posture of the devices, such as software security configurations, anti-virus, security patches, firewalls, etc. From an enterprise perspective, a challenge arises when allowing BYOD network access to user-supplied devices in that these personally owned mobile devices typically do not have enterprise managed security agent software installed on them. Configuring a large and constantly changing set of different types of mobile devices having different operating systems, capabilities and applications with enterprise managed agents as a condition of allowing network access can be expensive and cumbersome. The continued boom in consumerization of IT will render the traditional approaches increasingly impractical. In the absence of having an enterprise managed security agent installed on a user-supplied device, organizations lack insight into the devices that are active on the network and the associated security posture. The network administration may also be unable to track, limit or manage the network and external resources accesses by the BYOD devices.