Yearning for the good old days of NAC
As Tim Greene points out in his NAC column this week, the Conficker worm has many a NAC vendor clicking their heels with glee. After all this is exactly why NAC was developed, to stop a quickly propagating worm from invading your network. Unfortunately we haven’t seen a blaster type of worm outbreak for some time. In fact many including myself doubt if we will ever see a mass market worm like that again. But whether you think we may see one again or not, I think everyone agrees that we won’t see anything near the frequencies of these worms like we did in the past. So logically you have to ask yourself, is it worth the expense of a NAC type of solution to defend against the remote possibility of a mass worm attack or if every few years there is one, what is the cost of recovering from that versus the cost of maintaining a NAC solution. So as much as I hate to disappoint my fellow NAC vendors, I just don’t believe that worm outbreaks are a valid reason for NAC anymore.
Just like the underlying technology powering several NAC solutions were originally designed as worm-catching IPSes (like Mirage and Forescout) that failed because of a lack of mission and became NACs instead, NAC for worm catching just doesn’t cut it anymore either.
But hey don’t believe me. After all I have an axe to grind as a NAC vendor. So lets look at Tim Greene’s other article today that talks about Lawrence Oran’s Gartner report on NAC. Lawrence the G-mens point man on NAC has even changed the definition of NAC (like that has never been done before). The new definition according to the article is:
“A process that evaluates the security state of an endpoint as it connects to the network; monitors the security state of endpoints that are already connected; and implements network access policies based on the state of the endpoint, the threat environment and user identity.”
Now this has to do with not only NAC taking on different missions, but also the realization that quarantine in except the most extreme circumstances is just not a great option.
What does all this mean? Is there a place for NAC? Of course there is! NAC has a bigger, more relevant mission than it ever did before. Read the Gartner report and you begin to see this. Here at StillSecure we have recognized this for a long time. For three years now our concept of complete NAC has encompassed much more than just worm catching and quarantine. Check out the site and read some of our papers to see what I mean.
In the future you will use NAC, but what you use if for may surprise you.