It wasn’t too long ago that network access control (NAC) was a very complex technology. It required authentication, authorization and accounting (AAA), RADIUS and supplicants that are different on each operating system or even missing in the case of devices such as printers.
Besides being hard to implement, NAC 1.0 was very rigid and restrictive: You were either on the network, or you were not. This caused headaches for users and IT departments alike. Employee productivity coming to a halt was not uncommon, resulting in numerous support calls. Luckily, next-generation NAC does not share the same major hurdles as NAC 1.0.
Today’s NAC solutions are capable of providing appropriate access to network resources based on the identity of the device (classification), functionality of the device (clarification) and state of the device (compliance). These solutions also allow for integration with a wide range of third-party security and infrastructure management tools and protocols, such as DNS, DHCP, Active Directory, LDAP, SNMP, MDM, APT detection and more. This integration allows for greater visibility into endpoint devices and control of access.
Enterprises are now challenged with supporting business agility while managing security risks due to greater network, device, access and threat complexity. Exacerbating this situation is BYOD device use as well as increased exposure to rogue devices, non-compliant systems and targeted attacks. To optimize IT resources and responsiveness, organizations require real-time operational insight and efficient means to resolve security problems and contain incidents.
Any device on your network that is not compliant with corporate policies, for instance, is a security risk and, as such, should not be allowed to access sensitive resources. It is important to control the access the device has, without hindering the user. Next-generation NAC allows for appropriate access, allowing the user to stay productive while the device gets “remediated” to a compliant state.
Similarly, devices that are not under IT control are security risks. Devices that guests bring as well as employee-owned devices connecting to the network are not corporate-managed. Next-generation NAC allows for authorized guest access as well as onboarding BYOD devices to provide the appropriate access to network resources.
The integration with other security management systems is another key advantage of modern NAC, allowing various tools to dynamically share information. NAC’s ability to provide visibility of all network users, endpoints and applications in real time, combined with these solutions, enables enterprises to more rapidly respond to a broad range of enterprise security and operational issues.
Next generation NAC solutions such as ForeScout CounterACT eliminate NAC 1.0 complications, are easy to deploy and manage and give IT complete visibility into every endpoint on the network from day one – a true asset in today’s increasingly mobile world. This enhanced visibility is the first step to knowing who and what is on your network.
If you think you know NAC, think again. Learn more about this topic in a new ForeScout e-book, Definitive Guide to Network Access Control.
By Amir Gerges, systems engineer, ForeScout Technologies, Inc.
