Endpoint
2/5/2014
03:22 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

NAC Comes Back

BYOD and advanced malware help resuscitate network access control

Network access control (NAC) was declared dead and buried a few years back, but the endpoint security policy enforcement technology is now enjoying a comeback of sorts -- thanks to the explosion of BYOD in the enterprise and disillusionment with traditional endpoint security solutions like antivirus.

A new report published today by research and marketing firm CyberEdge Group shows that 77 percent of security decision-makers and practitioners plan to deploy NAC as part of their mobile security or already do, and it's one of the top security technologies they plan to buy in the next 12 months, behind next-generation firewalls, network behavioral analysis, big data security analytics, and SIEM. About one-fifth of the 750 respondents from North America and Europe plan to purchase NAC products, and 64 percent already have them in place, according to Cyberedge's Cyberthreat Defense Report.

"I remember at RSA [Conference] five years ago, every second or third vendor was about NAC. Then there was disillusion ... and now it's risen from the dead and is a mainstream must-have," says Steve Piper, CEO of CyberEdge, which wrote the report commissioned by Palo Alto Networks, Bluecoat Systems, ForeScout Technologies, NetIQ, Tenable Network Security, Trend Micro, Cylance, General Dynamics Fidelis Cybersecurity Solutions, and Webroot.

Piper says three findings in the report demonstrate that NAC is back: NAC was the No. 1 technology cited by respondents as most effective in the defense of threats; it was the most popular technology for identifying misconfigured host security; and it was also the No. 1 technology used to identify vulnerabilities with mobile and laptop devices.

"The big reason for this [change] is the old legacy NAC solutions were just very static, and the solution was pass or fail. They required an agent built into them," Piper says. "These days, that's completely changed: Now the next-generation NAC is agentless, and any device can be evaluated. You also now have the choice of quarantining the device."

The mobile threat is the main driver for this resurgence of interest in NAC, he says.

Gartner late last year pointed out how BYOD has injected new life into NAC. "While the original driver for NAC was the need to enforce access policies for Windows PCs, the primary driver now is controlling the access of personally owned devices," said Gartner analyst Lawrence Orans in the researcher's December report on the NAC market. "NAC policies dictate which devices are granted full network access, which are blocked from the network, and which ones are granted limited network access. Partnerships with mobile device management (MDM) vendors have become an important factor in the NAC market, as NAC solutions rely on input from MDM solutions for information about the status and configuration of mobile devices."

But not everyone agrees that NAC is making a real comeback in the enterprise. Forrester Research's Rick Holland says he's not seeing much interest in NAC among his firm's enterprise clients. "I get zero inquiries from customers on deploying NAC -- it isn't on their radar. Same story when I do consulting with enterprises," says Holland, principal analyst for security and risk management at Forrester. Even so, about half of organizations have NAC deployed, according to Forrester's annual security survey, he says.

"NAC is a four-letter word for most companies. They struggled so hard to implement" the early NAC products, he says.

Where NAC shows real promise is in automatic containment of client devices that don't fit NAC policies, he says, something that ForeScout offers in its NAC product. "When something bad happens, go ahead and do containment. I like that use case, but I'm not seeing it with customers yet," he says.

[Mobile's inevitable return to the network flock. See A NAC Is a NAC, Alack Alack.]

Meanwhile, the CyberEdge report also highlighted the hack epidemic. More than 80 percent of the respondents say their organizations were compromised five times or less in the past year. But half say those compromises did not result in successful attacks on their networks. Less than 10 percent say their organizations were successfully breached 10 or more times in the past year.

Overall, more than 60 percent say they were hit by a successful attack last year, and less than 40 percent expect to get victimized again this year.

The endpoint is one of their biggest nightmares: Fifty-six percent say they are evaluating new endpoint protection solutions, 34 percent of which will do so to augment what they have in place, and 22 percent to replace their existing endpoint security products.

The full report is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
2/6/2014 | 3:18:32 PM
re: NAC Comes Back
Not really sure what's different this time around. If trying to enforce policies on a single platform (Windows) was such a hassle, is it somehow going to be less of a problem now that you're dealing with a bunch of Android variants on top of iOS and a smattering of Windows phones?
JJx
50%
50%
JJx,
User Rank: Apprentice
2/6/2014 | 2:16:11 PM
re: NAC Comes Back
NAC isn't back, y'all; it never left! :)
-jj
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.