It’s Not Your Father’s NAC: Next-generation NAC
It wasn’t too long ago that network access control (NAC) was a very complex technology. It required authentication, authorization and accounting (AAA), RADIUS and supplicants that are different on each operating system or even missing in the case of devices such as printers. Besides being hard to implement, NAC 1.0 was very rigid and restrictive: You were either on the network, or you were not. This caused headaches for users and IT departments alike. Employee productivity coming to a halt was not uncommon, resulting in numerous support calls. Luckily next-generation NAC does not share the same major hurdles as NAC 1.0.
Today’s NAC solutions are capable of providing appropriate access to network resources based on the identity of the device (classification), functionality of the device (clarification) and state of the device (compliance). These solutions also allow for integration with a wide range of third-party security and infrastructure management tools and protocols, such as DNS, DHCP, Active Directory, LDAP, SNMP, MDM, APT detection and more. This integration allows for greater visibility into endpoint devices and control of access.
Any device on your network that is not compliant with corporate policies is a security risk, and as such it should not be allowed to access sensitive resources. It is important to control the access the device has, without hindering the user. Next-generation NAC allows for appropriate access, allowing the user to stay productive while the device gets “remediated” to a compliant state.
Similarly, devices that are not under IT control are security risks. Devices that guests bring as well as employee owned devices (BYOD) are not corporate managed. Next-generation NAC allows for authorized guest access as well as onboarding BYO Devices to provide the appropriate access to network resources.
Next generation NAC solutions such as CounterACT eliminate NAC 1.0 complications, are easy to deploy and manage and give IT complete visibility into every endpoint on the network from day one – a true asset in today’s increasingly mobile world. This enhanced visibility is the first step to knowing, who and what is on your network.