Network Access Control (NAC): Securing Networks by Device
Who should gain access to your network? What devices do you allow, and when should you worry about intruders? Answer these questions with a network access control (NAC) program.
Network access involves more than setting policy. Software can deploy the rules you create. Those tools can also help you fix hidden problems (such as unguarded routers). And you can craft reports to prove that you’re doing all you can to keep your servers safe.
NAC capabilities
Plenty of organisations compete in the NAC space. In 2014, experts said the market was worth about $551 million. Every product is different, but they may share core functions.
Most NAC software solutions can:
- Integrate. Your NAC should notch into your software solution set without a great deal of additional programming.
- Address. Incident response modules should address urgent risks even if you're not there to manage the problem.
- Monitor. Security checks, run at both the user and the system level, ensure that all is functioning properly.
- Manage. The system should tackle both known users and guests regardless of the device or operating system they use.
While NAC solutions are powerful, they should be somewhat self-automated. You program the system with your rules and regulations, and you allow it to do the work while reporting to you.
How does NAC work?
Gartner defines NAC solutions as those that can control access by both devices and users. Administrators set policies, but the software does the work. Companies tackle these tasks in different ways.
An NAC provider makes decisions about:
- Inspection. Should the software look over users before they’re allowed on the network? Or should the software watch how people behave on the network and take them off as needed?
- Automation. Does the software include scanning capabilities? Or will it integrate within existing systems to watch how traffic behaves?
- Reporting. Does the software reuse existing infrastructure, or does it include everything required to handle traffic and keep users informed?
Some NAC systems are standalone products that you can turn on, program, and let loose. Others require integration, as they only work when they can tap into the structures and systems you’ve already set up.
Pros and cons to both options exist. For example, if you run a