Imagine a world without cops or security guards protecting people, buildings and assets. Extend the scenario out into the world of networking and picture a company without proper network access control, without an internal security guard to protect endpoints from nefarious activity, and unknowingly letting the nasties in.
With today's evolving threat landscape, along with the proliferation of fixed and mobile devices, many companies are stranded without proper control over their sprawling network. One technology answering the call is network access control (NAC), which authenticates users, provides complete security of endpoint systems, and applies connectivity controls.
Symantec systems engineering manager, Pacific Region, Paul Lancaster, said NAC protects the network from unauthorised, misconfigured or infected endpoints.
These could include laptops, desktops, servers or a host of mobile devices.
"Companies need help keeping endpoints up-to-date [ensure there are patches], are compliant and have set a security policy, and ensure every user on the network has the right to access it," he said.
The point of NAC is to increase network intelligence by providing products that are flexible and can work across several managed and unmanaged networks.
"If the employee isn't compliant, the technology could still grant access, but put them in a separate domain. A contractor, for example, may need access. The policy will grant limited access, and will stop them from taking unwarranted data," Lancaster said.
There are some top market drivers for centralised access control.
The mobility or go-anywhere computing obsession is one of the biggest.
"Enterprises are faced with an increasingly mobile collection of end users including employees, business partners, vendors and guests," Juniper Networks regional manager of emerging technologies, Scott Janney, said. "While these users may need different sets of resources within the network, each group requires access to many of the same network functions regardless of their location."
One problem is that connected devices may not be patched against the latest vulnerabilities and can be infected by a virus while the user is at home surfing the Internet, thereby making them vulnerable to a virus or worm outbreak.
"When the infected device is subsequently plugged into a LAN port inside the corporate network, the entire internal network becomes vulnerable to the imported infection," Janney said.
Enterprises are looking to deliver consistent access to networks, resources and applications to users while still protecting devices, networks and applications from un-trusted or ill-managed endpoints, he said.
According to Gartner, NAC technology will prevent corrupted systems from gaining network access, and protect corporate resources from connected systems that become corrupted.
"Think of NAC as another security layer organisations can deploy as part of their overall strategy to minimise the risk of IT-related security breaches," Janney said. "NAC solutions leverage knowledge of a user's identity and the state of the user's device to decide what level of access to grant. The ensuing network enforcement of access granted results in a coordinated and comprehensive network security management solution.
"NAC [technology] has the ability to scan a user's machine before it connects into the network and meets corporate security compliance."
To achieve the maximum benefits from NAC, Gartner suggests enterprises must do more than just check for vulnerable endpoints - they must also be able to detect and quarantine malicious or infected endpoints that can do damage to their network.
Companies also need to get more control over access. At the same time, many are adding IP telephony devices to their LANs. These projects may conflict, especially when using proprietary protocols.
Janney said the most important aspects of a NAC solution were functionality, performance and interoperability. Functionality to support a variety of use cases and deployment scenarios; performance to meet current needs; and future scaling requirements and interoperability to allow broad support for other technologies and ensure the easiest integration into existing IT environments regardless of vendor.
Cisco consulting engineer, Adam Radford, called NAC an insurance policy for the security of networks. He claims the technology will hit the big time this year, driven by growing reliance on untethered devices and the move away from fixed devices. The collision of networking and security is good news for both customers and resellers, in terms of getting access to beefier security and more product stories to take to market.
"In the past we thought of convergence as voice, video and data. The reality is all technology is converging," Radford said. "Data networking and security, in particular, is becoming one and the same, and partners can take that message out to businesses."
There are two compelling selling approaches: resellers can peddle basic hardware appliances that connect the traffic and enable policy decisions, or dish up more integrated solutions with added capabilities.
Radford said the appliance solution was simple and easy to deploy, while integrated solutions which extended NAC functionality were more powerful and needed deeper integration skills. This translated into more consulting work for partners.
"Recognise that customer environments are not the same, and may require different approaches," he said. "A university, for example, may have no control over the software that runs on client devices, while a bank has complete control over its standard operating environment."