As the Network Access Control (NAC) market continues to expand, we examine the key functions that exist in modern NAC solutions and what organizations should look for when choosing and implementing NAC.
The Network Access Control (NAC) market has continued to expand at an increasing pace as the technologies to support it have finally evolved to live up to the promise of truly useful access control across all device types. According to Gartner, the NAC market grew 36 percent in 2014 and it is estimated that it will continued to grow another 20 percent in 2015. Today we take a look at the key functions that exist in most top level NAC solutions and what they offer to the potential implementing organizations.
The term NAC and what it brings with it has been around for some time. Many have heard it come up in conversation, but the ability for it to offer a complete solutions across all device and user types was often limited to specific hardware and/or software restrictions.
Legacy NAC offered the ability to implement a policy management server, which could dictate the activities that identified users and devices were able to use a specific network, typically using IEEE 802.1X. This included the ability to enforce network restrictions based on organizational policies and procedures as well as meeting requirements put forward in certain governmental regulations. It also offers the ability to restrict devices based on their current operational condition; for example, was it up to date with operating system patches? Did it have an active firewall, virus, and/or malware solution installed? Are any restricted applications installed?
A large restriction of these solutions was that they were typically limited by devices that had specific operating system installed and/or that were capable of installing an included NAC agent. A big limiting factor in this is the design of the IEEE 802.1X standard. IEEE 802.1X requires that the end device have an installed and capable supplicant that was used to communicate with the central authentication server. This solution also required that a bypass mechanism exists for those devices that didn't have an installed and/or supported supplicant including printers and other network peripherals.
Modern NAC appliances greatly extend on the capabilities of their legacy successors. Some of these extended capabilities include:
For example, a user could be assigned a company laptop and a personal mobile phone. Modern NACs have the ability to alter the access of each device regardless of whether the user is the same between the two: the laptop could have access to all internal assets while the phone could be limited to email and Internet access.
It is getting to the time where the technologies of NAC have caught up with the original hype that was generated when it was first discussed. With modern NACs, organizations have the ability to closely monitor each device that connects to their network, control their ability to gain access to the network via a number of different policies, and stop the devices from accessing the network should specific events be seen outside the normal of a user and/or device type. The potential advantages of these types of systems can't be underestimated. Hopefully this article will give you a glimpse of what is possible with these newer systems.