|
Industry chatter about NAC technologies has reached a roar. Network security research firm Infonetics has projected that revenues for NAC solutions will soar a staggering 1,100% by 2008.
So what's all the noise about? NAC stands for network admission control or network access control, depending on whom you ask. Either way, most NAC technologies have the same objective: Make certain that only healthy computers connect to the network. NAC seeks to make sure a computer has stuff it needs (updated patches, antivirus software, firewall) and doesn't carry bad stuff (viruses, worms, spyware) before letting it on the network. Most NAC solutions also quarantine unfit computers, limiting them to a certain network segment until they get healthy. Organizations view NAC as a way to prevent the billions of dollars in damages from viruses like Blaster and SQL Slammer.
The stakes have never been higher. The CIO of several Southeastern hospitals told TNT recently about a worm from a compromised laptop that shut down IT operations for an entire hospital. The incident had an obvious business impact, but it also threatened patient care. Lives were at risk, not just data. This troubling example adds to a growing list of similar events affecting organizations of all types and putting people, performance and profitability in jeopardy.
But does NAC cure all network and information security ills? Well, no. NAC authenticates a computer to the network if it has the proper health posture (pre-admission). Most NAC technologies don't know or control where users and computers go or what they do once they on the network (post-admission). Also, NAC solutions often require costly new or upgraded network hardware and software.
So how should business and network managers and executives evaluate evolving NAC technologies? The focus should be on mitigating risk, controlling access and protecting data?and determining which technologies do these things simply and inexpensively. All the technical discussions about standards, networks, firewalls, switches and servers don't alter these core objectives.
With that context, this paper addresses several issues organizations should consider when analyzing the efficacy and costs of NAC solutions:
- The damage compromised endpoints and malicious users cause an organization
- The key objectives for controlling users and endpoints on the network, and the roles and limitations of existing technologies
- The application, benefits, limitations and costs of existing NAC technologies
This paper also looks at a complementary alternative technology based on TNT's Identity, which helps address and overcome some limitations of NAC solutions. Finally, we will discuss an approach for managing endpoints and users, while enabling greater access and enhanced controls throughout the network.
|
