Endpoint

2/5/2014
03:22 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

NAC Comes Back

BYOD and advanced malware help resuscitate network access control

Network access control (NAC) was declared dead and buried a few years back, but the endpoint security policy enforcement technology is now enjoying a comeback of sorts -- thanks to the explosion of BYOD in the enterprise and disillusionment with traditional endpoint security solutions like antivirus.

A new report published today by research and marketing firm CyberEdge Group shows that 77 percent of security decision-makers and practitioners plan to deploy NAC as part of their mobile security or already do, and it's one of the top security technologies they plan to buy in the next 12 months, behind next-generation firewalls, network behavioral analysis, big data security analytics, and SIEM. About one-fifth of the 750 respondents from North America and Europe plan to purchase NAC products, and 64 percent already have them in place, according to Cyberedge's Cyberthreat Defense Report.

"I remember at RSA [Conference] five years ago, every second or third vendor was about NAC. Then there was disillusion ... and now it's risen from the dead and is a mainstream must-have," says Steve Piper, CEO of CyberEdge, which wrote the report commissioned by Palo Alto Networks, Bluecoat Systems, ForeScout Technologies, NetIQ, Tenable Network Security, Trend Micro, Cylance, General Dynamics Fidelis Cybersecurity Solutions, and Webroot.

Piper says three findings in the report demonstrate that NAC is back: NAC was the No. 1 technology cited by respondents as most effective in the defense of threats; it was the most popular technology for identifying misconfigured host security; and it was also the No. 1 technology used to identify vulnerabilities with mobile and laptop devices.

"The big reason for this [change] is the old legacy NAC solutions were just very static, and the solution was pass or fail. They required an agent built into them," Piper says. "These days, that's completely changed: Now the next-generation NAC is agentless, and any device can be evaluated. You also now have the choice of quarantining the device."

The mobile threat is the main driver for this resurgence of interest in NAC, he says.

Gartner late last year pointed out how BYOD has injected new life into NAC. "While the original driver for NAC was the need to enforce access policies for Windows PCs, the primary driver now is controlling the access of personally owned devices," said Gartner analyst Lawrence Orans in the researcher's December report on the NAC market. "NAC policies dictate which devices are granted full network access, which are blocked from the network, and which ones are granted limited network access. Partnerships with mobile device management (MDM) vendors have become an important factor in the NAC market, as NAC solutions rely on input from MDM solutions for information about the status and configuration of mobile devices."

But not everyone agrees that NAC is making a real comeback in the enterprise. Forrester Research's Rick Holland says he's not seeing much interest in NAC among his firm's enterprise clients. "I get zero inquiries from customers on deploying NAC -- it isn't on their radar. Same story when I do consulting with enterprises," says Holland, principal analyst for security and risk management at Forrester. Even so, about half of organizations have NAC deployed, according to Forrester's annual security survey, he says.

"NAC is a four-letter word for most companies. They struggled so hard to implement" the early NAC products, he says.

Where NAC shows real promise is in automatic containment of client devices that don't fit NAC policies, he says, something that ForeScout offers in its NAC product. "When something bad happens, go ahead and do containment. I like that use case, but I'm not seeing it with customers yet," he says.

[Mobile's inevitable return to the network flock. See A NAC Is a NAC, Alack Alack.]

Meanwhile, the CyberEdge report also highlighted the hack epidemic. More than 80 percent of the respondents say their organizations were compromised five times or less in the past year. But half say those compromises did not result in successful attacks on their networks. Less than 10 percent say their organizations were successfully breached 10 or more times in the past year.

Overall, more than 60 percent say they were hit by a successful attack last year, and less than 40 percent expect to get victimized again this year.

The endpoint is one of their biggest nightmares: Fifty-six percent say they are evaluating new endpoint protection solutions, 34 percent of which will do so to augment what they have in place, and 22 percent to replace their existing endpoint security products.

The full report is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
2/6/2014 | 3:18:32 PM
re: NAC Comes Back
Not really sure what's different this time around. If trying to enforce policies on a single platform (Windows) was such a hassle, is it somehow going to be less of a problem now that you're dealing with a bunch of Android variants on top of iOS and a smattering of Windows phones?
JJx
50%
50%
JJx,
User Rank: Apprentice
2/6/2014 | 2:16:11 PM
re: NAC Comes Back
NAC isn't back, y'all; it never left! :)
-jj
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...