Network access control technologies have been touted as a one stop answer for network security. However, NAC, while vast in potential, has its limitations. Here we look at how network access control offers many answers to regulatory compliance requirements, but asks more questions of its own.
Network access control: Compliance enabler or detractor?
One of the hottest spaces in the security space is network access control (NAC), and predictably all of the vendors are positioning the compliance "virtues" of the technology. But is there any truth to their claims? Should customers be looking at NAC to solve their compliance woes?
NAC is about ensuring only the right people get access to the right resources. It works by performing "pre-admission" scans to ensure devices are both authorized and not contaminated with malware when joining the network. Once on the network, NAC solutions then switch into "post-admission" control mode where they are making sure that each endpoint is accessing authorized resources and don't start behaving erratically. Of course, we're still early in the adoption of NAC and the vision is not yet the reality – but that's the idea.
Learn more about network access control's effectiveness as a compliance manager.
About the author
Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics. Keep track of Mike's musings via The Daily Incite newsletter.