One of the biggest problems with security is not necessarily the volume of attacks, but rather the complexity of our defenses. Because there are so many security appliances that need to be managed, the odds of making a mistake when configuring these devices go up with addition of each type of appliance added to the network.
That's why it's worth noting a new approach to network access control (NAC) being put forward by Black Box. The Veri-NAC, which just received high praise from SC Magazine, is an appliance that simply keeps track of what devices are on the network using a tagging system, as opposed to trying to deploy agents everywhere. It sends an alert when it discovers a device that is not suppose to be on the network, and unless directed otherwise, will launch what amounts to a denial of service (DoS) attack against that device to prevent it from accessing the network.
According to Jim Schriver, director of new technologies for Black Box, the price point for this NAC appliance starts at about $30,000, which compares favorably with more complicated NAC solutions that are not only more expensive, but also come with whole lot of configuration challenges that usually result in additional money being spent on consulting services.
Black Box is targeting the Veri-NAC for small to medium-sized business environments, but that fact remains that enterprise organizations of all sizes are struggling with NAC. Obviously, the Veri-NAC might not do everything that other NAC solutions can accomplish, but when you think about it that's the point. The more complex a security solution is, the less likely it is to work. So maybe the time has come to focus more on simplicity in the hopes that what we deploy will actually work, as opposed to spending all our time configuring rules that at the end of the day seem to do more harm than good.