I saw a post on my FaceBook last night by Jennifer Jabbusch who writes Security Uncorked. Jennifer is one of the leading industry experts on Network Access Control (NAC). She was making a call out for people to participate in the survery for Information Week's Mike Fratto: "Is NAC Hot, Or Not". While going through the survery questions, it brough many thoughts to mind regarding the success or lack of success NAC has seen in IT adoption rates.
While at StillSecure, I was pretty emmersed in it. I got to understand NAC pretty well, but most importantly, the true benefits it brings to the business world. Most people view NAC as the "BIG STICK" that will protect their network from unwanted guests and provide the "BUTTON" to cast people off their network who do not comply with the current security policy.
While NAC can be all those things and more, that is not where the true benefit lies. First, and formost, your NAC solution should provide you with a tool to test your end points and evaluate how "Out of Compliance", your end points are. This is probably the most important aspect of a "True" NAC solution, to provide visibility into the end point. Most organizations, have implemented an "Acceptable Use Policy"; however, most have not defined an acceptable user application profile or do not enforce it because they have no means of doing so.
Visibility into the end point is the most important feature of NAC, and the second most valuable feature is the ability to act on the end point should it be in a critical state that might compromise your network.
If you think about it, what was the last cool application that took off like wild fire? Did you know who was using it? What is the most proliferate application not considered or part of the "approved list"? Can you answer those questions? What if a vulnerability came out for iTunes? Would you know who was using iTunes, and had the latest patch to address the vulnerability? For those that were not patched could you act on them to isolate them from your network?
This is an example of the visibility and control you should have over your end points. Not from that standpoint that you are now the traffic cop and will be able to knock whoever you wish off your network whenever you feel like flexing your muscle, but by giving you the status of your network, you can then provide the education to the users where you see shortcomings and work on getting your environment into compliance. You can better understand your security practce and fill in the gaps for your shortcomings. NAC will allow you to know how effective your antivirus updates are in reaching your endpoints, how many people have not patched with the last MS updates, and of course many other ways to profile your IT infrastructure.
This is where the value lies. Of course after you get everyone into posture, you can then take action if necessary, but only after you truly understand what is going on in your environment.
If you are interested in knowing more about your endpoints, StillSecure has a free version of Safe Access that will test up to 250 users called "Safe Access Lite". It goes in simply and will give you a very quick idea of what your end points really look like. BigFix is another solution that will do this for you, but you will have to contact them for a trial.
I could go on and on regarding NAC, however I think the starting point is to understand what value it has to your environment.
Stay tuned!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment