Network access control evolved

Infonetics Research published a whitepaper discussing the evolution of network access control (NAC) solutions, stating that this technology is now capable of protecting networks from internal attacks and unmanaged devices -- with many enterprises missing out because "they're thinking of 2003 NAC instead of 2009 NAC".

The original intention of NAC was to prevent the spread of malware by preventing infected computers from accessing the network. Unfortunately, the complexity of deployments was deemed more painful than the problem they solved, and may companies found it difficult to justify the investment. In contrast, the latest generation of products are easier to deploy, gather more data, provide more information, and fit more use cases.

Infonetics noted three drivers behind the evolution of NAC products: explosive growth in the complexity of networks, across multiple technologies, multiple user types and multiple locations; increased diversification and sophistication of endpoint devices; and an increasing and mutating threat environment. As networks need to be open to "invisible, unmanaged and unprotected" devices like smartphones, there is a significant role for security solutions such as NAC to protect against breaches.

The latest technologies provide the opportunity for businesses to monitor what is connected to the network in real-time, in order to generate information which can be used to create policies for control, management and compliance. They also provide the opportunity to monitor the applications and operating systems of devices connected to the network, enabling vulnerabilities to be plugged, defences hardened and threats eliminated. NAC can also detect peripheral storage devices, classify them, and depending on policy block them from connecting.

Infonetics' analysis of the benefits of NAC align with some issues which are occurring in the real world, today. Within the last few weeks, malicious code was discovered which compromises the security of Apple's iPhone, which may have proved costly if enterprise devices were affected (enterprise smartphone security is discussed here). And we have already discussed the case when a virus was introduced into a computer network by a rogue USB stick -- not a malicious act, but an accident which ended up costing more than £500,000.

Jeff Wilson, Principal Analyst for Security at Infonetics, said: "Advances in the intelligence of NAC solutions have transformed NAC from a simple tool for preventing the spread of malware to a rich source of knowledge and a powerful security policy enforcement engine".

The whitepaper can be downloaded here.

Anthony Plewes

After a Masters in Computer Science, I decided that I preferred writing about IT rather than programming. My 20-year writing career has taken me to Hong Kong and London where I've edited and written for IT, business and electronics publications. In 2002 I co-founded Futurity Media with Stewart Baines where I continue to write about a range of topics such as unified communications, cloud computing and enterprise applications.