While NAC is most effective when it follows a defined, proprietary security policy that is specific to a particular company, there are some more general considerations that apply to any type of enterprise. These are discussed below.
There are two main challenges when choosing the right NAC for your company. The first stems from the fact that corporate networks today are crammed with so many deployed devices (including IoT devices, but not only) that it can be a major challenge to see all of the devices and to not miss out on any suspect behavior or telltale signs of a potential breach.
The other key challenge is the ability, once a potential threat is detected, to deal with it effectively.
-
- Comprehensive authentication and authorizationAt least 13.9% of workers (4.2 million) in the UK were working from home in 2015, as revealed in the Work from home week. It is estimated that 3.9 million people will telecommute in the USA in 2016. The work from home trend is so prominent that 75% of the jobs in the hiring website skipthedrive.com are with Fortune 500 companies. These numbers illustrate the real challenge of the BYOD era, in which companies need a network admission control solution that is able to secure access and monitor the activities of many users and devices from multiple locations and for various roles.
Comprehensive authentication and authorization functionality to detect users on the company network is critical. You’ll need a solution that can see all of the devices on your network and can deal with the endpoint rapidly once a potential threat is detected, in order to minimize the damage. This includes verifying log-on information, restricting data access for each particular user and implementing security applications such as firewalls, antivirus software, and spyware-detection. It is also essential that your NAC solution monitor, regulate and restrict network subscribers once they are connected to the network activities according to company policy.
Other considerations such as, network compatibility and device deployment are secondary.Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today!
- Comprehensive authentication and authorizationAt least 13.9% of workers (4.2 million) in the UK were working from home in 2015, as revealed in the Work from home week. It is estimated that 3.9 million people will telecommute in the USA in 2016. The work from home trend is so prominent that 75% of the jobs in the hiring website skipthedrive.com are with Fortune 500 companies. These numbers illustrate the real challenge of the BYOD era, in which companies need a network admission control solution that is able to secure access and monitor the activities of many users and devices from multiple locations and for various roles.
- The 802.1X standard – yes or no?Largely speaking, there are two main categories for Network Access Control solutions:
– Based heavily on the 802.1x standard for wired switches and wireless networks
– Those that do not rely on 802.1x but rather perform switch and wireless integration or port mirroringDeciding on the type of authentication mechanism would work best for your company is really important.We believe that 802.1x is problematic because it is very difficult to implement and maintain in the long run. Both network equipment and the endpoints themselves are required to support this protocol and in many cases this is not feasible for a given network. The 802.1X standard also lacks the visibility required for monitoring activity after the device has been allowed onto the network.Your network admission control solution also needs to be adaptable to your company’s cloud computing, VPNs, and BYOD environments. Enterprises considering a NAC solution must look at integration from the standpoint of their end user base. - Compatibility and integration
Can the NAC solution under consideration be easily integrated with your current network topology? Some NAC solutions are placed between access and core switches so that they can enforce policies. Since many data centers often use a mix of switches, this scenario requires any Network Admission Control solution to be compatible with your existing network infrastructure.
As your network requires BYOD access for your user base, your NAC solution needs to either automate or greatly simplify the device enrollment in conjunction with an enterprise mobile device management (MDM) system.
The speed of authorized data throughput will have a major impact on your bottom line and your corporate users’ level of satisfaction.
- What about compliance?
Does your company fall under regulatory or industrial compliance requirements, such as PCI DSS (for credit cards), HIPAA (for patient health records), and Sarbanes-Oxley (for business and financial data)? If so, then the NAC that you select must meet these requirements and be capable of streamlining the compliance auditing process. You’ll thank yourself when auditing time rolls around.
- Don’t skip over support
Support plans should not be overlooked. Consider this: Is support available in your geographic region? How frequently will you need to upgrade the product and when do the free upgrades run out? How much of your own internal support management will be required?
New generation NAC from Portnox, we have it all
At Portnox we have considered all these aspects when developing our NAC solutions. Our software only NAC can be integrated with other security solutions and which traverses all networking layers – Ethernet, wireless, virtual, VPN and even the cloud to illuminate, visualize, analyze and control all connected users and devices. With Portnox you get full visibility of your corporate network to cover both your access control needs and monitoring requirement, so that quick action can be taken when a breach occurs.
Click here to see a demo of how Portnox covers all of these critical issues for its customers.
Try Portnox Cloud for Free Today
Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!