Network access control (NAC), a technology that was hyped as the next big thing in information security just a couple of years back, has struggled to take root in the market because the technology is regarded as complex and expensive for the benefit it provides.
The question on everyone's mind is whether this means the technology has been stillborn or whether it is merely suffering through some awkward growing pains.
Delays in product shipments from certain vendors, failed real-world deployments, and over-promising by vendors have all seriously damaged the image of NAC in the eyes of many analysts and end-users. In recent months, a number of smaller NAC vendors have either repositioned themselves or disappeared completely from the landscape.
NAC is a class of security technology that ensures endpoints such as laptops, PDAs, smartphones and other devices that are entering the enterprise comply with security policies and do not pose the risk of introducing malware into the network. The perceived need for the technology came from the growing number of remote and mobile connections that most enterprise networks need to deal with as they open up to mobile workforces and business partners.
In addition, many enterprises and vendors started to believe that traditional anti-malware solutions were not coping well with malware innovation as complex blended and zero-hour threats started to become a danger. But in reality, NAC hasn't really taken off and I don't know of a single live implementation of the technology in SA.
Top issues
The primary problems with NAC solutions are the costs attached to them and the complexity they introduce into the network.
Dean Healy is Trend Micro's product manager at SecureData Security.
The primary problems with NAC solutions are the costs attached to them and the complexity they introduce into the network. They try to handle a host of complex tasks - serving as policy servers, assessing endpoints, acting as network infrastructure - and so add a host of vulnerabilities and complexities into the security environment.
Most NAC tools use the blunt instrument of quarantining a compromised device rather than trying to fix it - one can easily imagine the issues this may cause if the CEO is trying to log on to send an urgent e-mail, or if a salesperson is trying to file an order.
In response to their early failures, many NAC vendors are rethinking their approaches. Some are creating lower-cost NAC appliances that provide basic authentication and access features, rather than trying to conduct complex health checks across multi-vendor endpoints.
Policy enforcement and other complex functionality are increasingly being moved into endpoint protection suites and management tools. It seems likely that in future, we'll see an NAC functionality incorporated into operating systems such as Windows, endpoint protection platform (EPP) suites, or into network management tools from vendors such as Cisco. For now, end-users can sit tight and wait to see what unfolds, or begin with simple NAC deployments to address their immediate security needs.
* Dean Healy is Trend Micro's product manager at SecureData Security.
Share