If you haven’t kept an eye on the Gartner Magic Quadrant reports, then you probably didn’t see The Magic Quadrant for Network Access Control. Pity. ForeScout has been the leader in 4 consecutive Gartner Magic Quadrants for Network Access Control (NAC) prior to and including 2014.
According to the last Gartner MQ for Network Access Control, most NAC vendors provide good support for the Bring Your Own Device (BYOD) use case. However, the market is evolving to address other use cases, where NAC policy servers act as “warehouses of context” and share contextual data with firewalls and other security components to enable fine-grained policy enforcement. In essence, devices that used to simply control access to the network are now becoming a key component of what Gartner refers to as “automated response platforms” for other IT security products. And with an estimated 30 billion internet connected devices by the year 2020*, being able to effectively identify and control access at a granular level is more important than ever.
So now is the time to focus on how to expand the capabilities of traditional NAC. And the best way to do that is to integrate the isolated security systems already in place to build an integrated security infrastructure. This has a couple of very significant benefits. First, it begins to break down the silos that typically exist in corporate America between departments that control the various security systems already installed. And second, and more importantly, it allows your security infrastructure to make INFORMED decisions, based upon the threat level or compliance readiness, of the device that is trying to access your network.
And how should this security infrastructure operate? Well, when a device attempts to access your network, your security infrastructure immediately recognizes that a device is attempting to access the network, scans it and identifies what processes are running, and shares the contextual information to the other security systems. If the other systems in the security infrastructure decide that the device should not be allowed on the network, then the device is isolated on a network segment until the issue can be remediated. Once this issue is remediated, the device is again scanned and if compliant, is granted access to the network.
But for your security infrastructure to be able to make informed decisions about network access, it has to see the device when it connects. Not when the next scan is scheduled, or worse, after that device sets off an alarm that it contains an Indicator of Compromise (IOC). It MUST happen at the time the device connects to the network.
So NAC, as we know it, is changing, dramatically. And some vendors are embracing the new use cases more than others. But in time, what you will see is an integrated, intelligent, informed security infrastructure rather than a bunch of disconnected, disparate security products. And based on the expanded use cases where NAC is being used by IT teams as a core component for their IT security infrastructure, one wonders, should we still be calling it NAC?
In future blogs, I’ll talk in more detail about the various types of integration that is happening and how they impact your ability to keep your network safe.
Until next time, cheers.
*ABI Research – technology market intelligence