Too good to be true

Too good to be trueThe original promise of NAC was a panacea to troubles faced by IT administrators everywhere
Network access control (NAC) has long been talked up as a cure-all for most
security woes. Deployment challenges and holes in NAC’s ability to provide security for the whole network have altered this
perception and some have begun to ask what answers the technology really has.
NAC is used worldwide to automate
policy enforcement and ensure security measures help, rather than hinder. It can also enable automated path management enforcement. A policy can be created to check for the patch level of every
connecting device to ensure they have received the patch.
For those that do not comply,
enforcement mechanisms can be enabled to guide the update process. Through automating this process, we have seen our customers experience a dramatic drop in the time it takes to roll out all patches.
Access control technology can only enforce policies on the devices they see. If
a device is able to get onto the network
undetected, the NAC technology has failed its primary job. A clientless system will
provide the ability to see all devices with an IP connection and provide total network
coverage. However, sometimes a client is needed, so it is best to make sure both options are available. Flexible policy
creation and a full spectrum of
enforcement actions, ranging from simple alerts to restrictive access to full blocking, are also required for the full value of NAC to be realised. Enforcement should protect the corporate network, but keep the user
productive.
NAC has become a tool that will improve the security posture of the
network ­ ensuring all devices connecting to the network are compliant with corporate
security policies, no matter how or where they connect.
In this evolving world, NAC moves beyond security administration to security orchestration.
It is essential for resellers to look at how this technology will integrate with these ancillary systems. NAC becomes an vehicle to make all security and remediation
systems more helpful to the enterprise and becomes a key component of promoting safe, effective business processes.
It should also be a requirement for all NAC technology to provide remediation or integration into available remediation
services. Making the most of investments in patching, anti-virus and anti-spyware services allows NAC technology to add another layer of value to ensure all devices are made to comply with security policies.
But to realise the full value of this
control, various ancillary technologies and infrastructures can be engaged to provide a stronger, unified security front.