The knock on NAC

Three years ago, network access control was the big buzzword in security.

NAC’s goal was to ensure PCs and other devices knocking on the network door had the latest patches, antivirus and spyware upgrades before allowing entry, thus blocking dangerous malware.

Call it the firewall behind the firewall. Some even thought NAC was the way to unify all endpoint security. It hasn’t turned out that way.

“It’s a slow uptake,” acknowledges James Quin, a senior research analyst at Info-Tech Research of London, Ont., who specializes in security. “I wouldn’t say there are a large number of organizations that are implementing NAC. They’re certainly not implementing it with any fervour.”

NAC proved to be a lot harder to implement than network technicians realized for a number of reasons, says Phil Hochmuth, a senior analyst with the Yankee Group.

“The issues of how do you protect all the different types of machines that can plug into a corporate network — IP phones, printers, non-Windows-based machines, Macs — made things more complicated.”

A lack of standards has hurt — there’s versions from Cisco, Juniper, Microsoft, the Trusted Computing Group and one in the works from the IEEE. And there were reliability problems, such as false positives, which inhibited rather than increased productivity of users knocked offline.

A recent study by Hochmuth of three early appliance-based NAC adopters found two of them praising the technology for policing access to secured segments within the enterprise, but less enthusiastic about using it for blocking questionable devices. Yet Forrester Research found that only four per cent of enterprises it surveyed that had started NAC projects actually finished them.

Network managers and vendors haven’t given up on NAC, but its problems demonstrate the ever-changing landscape of endpoint security.

NAC has ended up being swallowed by some of the leading endpoint protection names as part of a new generation of security platforms.

It’s not hard to see why. According to Gartner, even the best malware signature databases can miss threats as much as 10 per cent of the time, and most have less than a 50 per cent chance of catching completely new threats. Then two years ago, McAfee Total Security emerged, unifying these and other weapons under its ePolicy Orchestrator console. Other security firms

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now