NAC: It's Time for a Good Idea to Get Good Results

Carl Weinschenk

The number of security technologies is proliferating on an exponential basis, and each, when seen in a vacuum, makes sense. Companies don't get launch products and startups don't get initial or ongoing funding without solid ideas.


So here is a good idea: A technology that makes sure the machines trying to reach into particularly sensitive nooks or crannies of a network are authorized to do so. That describes Sun's new Role Manager. This IT Week story says the new package tracks role changes and automates identity-based controls. The software also checks that the proper segregation of duties is being followed.


Companies are beginning to come to grips with the idea that it is not a good idea for a database administrator to both be able to award access rights to a database and also be able to access the data.


The description of the Role Manager sounds a lot like network access control (NAC). A NAC device controls whether a machine is allowed on the network and precisely where it is allowed to go. Further, if anything is askew with the machine's security, software creates a quarantine until proper updating or other remediative work is done.


The question is whether the NAC category can begin to thrive. That could happen this year, according to a report from The 451 Group. The report, according to this eChannelLine story, says 2008 is a "do or die" year for NAC. To date, there have been an overabundance of architectures and too many approaches and products. The firm says a healthy number of enterprises are for the first time deploying NAC or are expanding trials. Compliance and the need to create an access control platform throughout the business is driving the newfound openness to NAC.


There has been no shortage of NAC news. CRN looks at Symantec's NAC (SNAC), which extends Symantec NAC support to Microsoft, apparently for the first time.


NetClarity also made NAC news recently, with the introduction of EasyNAC. The system doesn't require an agent on end defines and no infrastructure upgrades. The package is meant for small offices and remote corporate sites, this Network World piece says. EasyNAC can send an alert or block traffic when it finds out-of-compliance machines. EasyNAC also has a couple of ways to isolate the offending devices.


What will be determined during the coming months is if these bits of news are adding to the confusion alluded to by The 451 Group, or a sign that the sector finally has fully arrived.

Add Comment      Leave a comment on this blog post
Mar 10, 2008 9:20 AM Gary S. Miliefsky Gary S. Miliefsky  says:
I have a lot of respect for Nick Selby at The451Group, however, on this particular issue, we are at opposite ends of the spectrum. To say that it's do or die, in 2008 for NAC is like saying to Checkpoint in 2000 that it's do or die for Firewall-1. NAC is very new. Although there's been discussions and articles, doing NAC correctly is the issue. I believe that NACwalls will be everywhere, just like firewalls and that NAC infrastructure plays that require agents, infrastructure upgrades and proxy servers will die or not sell but the marketing efforts of those giants is good for the new concept and the industry.Best regards,Gary Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.