Endpoint
2/5/2014
03:22 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

NAC Comes Back

BYOD and advanced malware help resuscitate network access control

Network access control (NAC) was declared dead and buried a few years back, but the endpoint security policy enforcement technology is now enjoying a comeback of sorts -- thanks to the explosion of BYOD in the enterprise and disillusionment with traditional endpoint security solutions like antivirus.

A new report published today by research and marketing firm CyberEdge Group shows that 77 percent of security decision-makers and practitioners plan to deploy NAC as part of their mobile security or already do, and it's one of the top security technologies they plan to buy in the next 12 months, behind next-generation firewalls, network behavioral analysis, big data security analytics, and SIEM. About one-fifth of the 750 respondents from North America and Europe plan to purchase NAC products, and 64 percent already have them in place, according to Cyberedge's Cyberthreat Defense Report.

"I remember at RSA [Conference] five years ago, every second or third vendor was about NAC. Then there was disillusion ... and now it's risen from the dead and is a mainstream must-have," says Steve Piper, CEO of CyberEdge, which wrote the report commissioned by Palo Alto Networks, Bluecoat Systems, ForeScout Technologies, NetIQ, Tenable Network Security, Trend Micro, Cylance, General Dynamics Fidelis Cybersecurity Solutions, and Webroot.

Piper says three findings in the report demonstrate that NAC is back: NAC was the No. 1 technology cited by respondents as most effective in the defense of threats; it was the most popular technology for identifying misconfigured host security; and it was also the No. 1 technology used to identify vulnerabilities with mobile and laptop devices.

"The big reason for this [change] is the old legacy NAC solutions were just very static, and the solution was pass or fail. They required an agent built into them," Piper says. "These days, that's completely changed: Now the next-generation NAC is agentless, and any device can be evaluated. You also now have the choice of quarantining the device."

The mobile threat is the main driver for this resurgence of interest in NAC, he says.

Gartner late last year pointed out how BYOD has injected new life into NAC. "While the original driver for NAC was the need to enforce access policies for Windows PCs, the primary driver now is controlling the access of personally owned devices," said Gartner analyst Lawrence Orans in the researcher's December report on the NAC market. "NAC policies dictate which devices are granted full network access, which are blocked from the network, and which ones are granted limited network access. Partnerships with mobile device management (MDM) vendors have become an important factor in the NAC market, as NAC solutions rely on input from MDM solutions for information about the status and configuration of mobile devices."

But not everyone agrees that NAC is making a real comeback in the enterprise. Forrester Research's Rick Holland says he's not seeing much interest in NAC among his firm's enterprise clients. "I get zero inquiries from customers on deploying NAC -- it isn't on their radar. Same story when I do consulting with enterprises," says Holland, principal analyst for security and risk management at Forrester. Even so, about half of organizations have NAC deployed, according to Forrester's annual security survey, he says.

"NAC is a four-letter word for most companies. They struggled so hard to implement" the early NAC products, he says.

Where NAC shows real promise is in automatic containment of client devices that don't fit NAC policies, he says, something that ForeScout offers in its NAC product. "When something bad happens, go ahead and do containment. I like that use case, but I'm not seeing it with customers yet," he says.

[Mobile's inevitable return to the network flock. See A NAC Is a NAC, Alack Alack.]

Meanwhile, the CyberEdge report also highlighted the hack epidemic. More than 80 percent of the respondents say their organizations were compromised five times or less in the past year. But half say those compromises did not result in successful attacks on their networks. Less than 10 percent say their organizations were successfully breached 10 or more times in the past year.

Overall, more than 60 percent say they were hit by a successful attack last year, and less than 40 percent expect to get victimized again this year.

The endpoint is one of their biggest nightmares: Fifty-six percent say they are evaluating new endpoint protection solutions, 34 percent of which will do so to augment what they have in place, and 22 percent to replace their existing endpoint security products.

The full report is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
2/6/2014 | 3:18:32 PM
re: NAC Comes Back
Not really sure what's different this time around. If trying to enforce policies on a single platform (Windows) was such a hassle, is it somehow going to be less of a problem now that you're dealing with a bunch of Android variants on top of iOS and a smattering of Windows phones?
JJx
50%
50%
JJx,
User Rank: Apprentice
2/6/2014 | 2:16:11 PM
re: NAC Comes Back
NAC isn't back, y'all; it never left! :)
-jj
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-0965
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

CVE-2014-3022
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.