NAC offtrack

If you were to believe most vendors in the security industry, network access control or network admission control (NAC) is the next big thing in securing enterprise networks.

"It's a recent phenomenon, two years back people were still talking about it, last year people started looking at NAC as a viable way of conducting end point security, this year they have started evaluating it and next year we will see a huge amount of people buying. So the market for tomorrow is definitely NAC," says Anand Choudha, security product manager at FVC, distributors of Tipping Point products.

"Worldwide, there is a heightened interest in NAC solutions. There is a lot of buzz and a lot of concern about how enterprises can incorporate them because there are a variety of methodologies in the market. I would expect to find more and more organisations adopting some form of NAC soon," says Franchesca Walker, director of enterprise solutions at Foundry Networks.

"The growth in the demand for NAC solutions in the region is there as part of an increased awareness among end users to protect their networks on the inside. This is well in line with the global increase in this market which is expected to average US$ 3.5 billion for the access control and management based on reports by market analysts," says Bashar Bashaireh, Middle East regional manager for Fortinet.

 

That is pretty much the extent to which any vendor who predicts a bright future for NAC solutions is ready to stretch. However, the reality might be a much less rosier picture than what one can hope for. With several products and solutions in the market in multiple forms, in conjunction with new vendors appearing almost every month, along with at least two standards followed by bigger vendors, the truth is that many an enterprise in the region remains confused about NAC, what it can do and whether at all it is necessary in an increasing security spend.

Fixing it up proper

In its simplest form, NAC is about protecting the endpoints of an enterprise and not its perimeter. In other words, it is about protecting an organisation from any possible internal attacks rather than external elements.

"In today's world, the endpoints of an enterprise are becoming more widespread what with increased mobile devices among employees. And then there are the enterprises which entertain a lot of guest users. In all these situations, systems have to be assessed and a thorough health check has to be done before they can be allowed into the network. If not, there is a strong possibility of them bringing in infections," says Choudha.

NAC products and solutions are geared to address the area of endpoint access, that is verifying users and testing the system for vulnerabilities or lack of updates and allowing access, blocking the system or quarantining them as applicable. All this would need to be verified with the backing of a structured security policy.

In more recent times, NAC has evolved to inspecting traffic to and fro systems that connect to the network to track any unconventional or potentially dangerous behaviour.

Currently, NAC can be bought and deployed by enterprises in three different forms - by way of appliances or inline devices, by way of software solutions or by investing money and effort in implementing an all-encompassing framework.

Many vendors, including Fortinet and Tipping Point, offer devices or appliances which integrate NAC as one of the functions on offer.

"Unlike many other NAC devices and solutions, Tipping Point's product checks systems not only during the time of access but also inspects traffic in a continuous stream," says FVC's Choudha.