ZENworks Network Access Control

Network access control (NAC) has become an essential component of any effective security infrastructure. Without NAC, it’s difficult or impossible to keep networks clean, efficient and compliant. However, in recent years a spate of new technologies and different approaches to NAC has added a great deal of confusion and complexity to the marketplace. Buzzwords like pre-connect, post-connect, identity access control, 802.1x and many others have become common, but many organizations are struggling to make sense of them and find the best possible NAC solution.

Network access control (NAC) is currently receiving a great deal of attention in the network security arena. Organizations are deploying NAC solutions in increasing numbers, with manufacturer revenue for NAC enforcement expected to more than double between 2008 and 2011, from US$1.8 billion to $3.8 billion.1 To bring a degree of control and interoperability to this dynamic and rapidly evolving market, a number of high-profile players are developing and promoting various NAC standards.

Network access control (NAC) has become a hot topic in the IT security arena for a number of reasons. Endpoints have become a primary target for security attacks and malicious activity, but there is still a fair amount of confusion in the marketplace about which NAC solutions and approaches make the most sense. New technologies have made it challenging to understand the NAC landscape and make sound decisions. To complicate matters even further, several new software companies have joined the fray and attempted to redefine the space, making it difficult to even find an accurate working definition for NAC. As a result, solutions marketed under the NAC banner can include everything from repurposed personal firewalls and dressed up vulnerability scanners to purpose-built solutions that are designed from the ground up to solve network access control challenges. To make sound network access control decisions, it’s important to demystify this often cluttered and confusing space. This involves examining the core security problems that gave rise to NAC technology, outlining the specific factors you should consider when evaluating NAC solutions and discussing the enforcement methods available for keeping noncompliant devices from accessing the network.

In recent years, new technologies and different approaches to network access control (NAC) have made it more difficult to understand this market and make sound decisions. To make matters even more complicated, several new software companies have joined the fray and attempted to redefine the space, making it difficult to even find an accurate working definition for NAC. At the most basic level, network access control is a class of technologies that force users and endpoint devices to prove their identities and confirm their health before they can gain access to a network and its resources. NAC provides network security beyond logins and passwords—by testing and enforcing endpoint policy before users obtain an IP address, before their ports begin forwarding traffic and before they gain access to resources on a network. In other words, true NAC solutions provide policy enforcement at the network level, rather than at the endpoint or software level.