Get the right NAC, and then get NAC right

Network access control has more than its fair share of vendors, from network appliance manufacturers such as Cisco Systems to security software providers such as Symantec. How do you choose the right product?

The field may be broadly defined, but when shopping for a NAC vendor, there are some obvious things to consider, said Phil Hochmuth, a senior research analyst at the Yankee Group.

'The first step is probably to assess what you have on the network that could actually be an element of a larger NAC framework,' he said. 'If you're a Cisco shop, that means taking a look at Cisco's architecture for NAC'and their Clean Access appliance.'

On the other hand, if your biggest problems are with malware, a more client-centric approach such as Symantec's might do, Hochmuth said. Or 'if you're a large open-type network with lots of machines getting on and causing issues, the appliance approach' could work better, he added.

Remember what you're after, agreed Glenn Haar, an information technology resource manager for the Idaho Tax Commission. 'Don't listen to the vendors until you've figured out what your goals are,' he said. 'I've seen this happen a lot [where IT shops would] invest resources trying to figure out the company's product and then to figure out if it meets [their] service requirements. Let's figure out our service requirements and then make the vendor invest their time in whether or not they can address it.'

Also, keep in mind that purchasing the product is only the beginning of the commitment.

'Any NAC solution you're going to put in place is going to require testing, deployment and support,' Hochmuth said. 'You're not just going to throw the switch and have NAC.' His recommendation? 'Start small and get the kinks out.'

Training also will be something to consider.

'Your NAC is only going to be as good as the people installing it,' Hochmuth said. 'Right now, there are certifications for different types of network security technologies ' but for NAC, there's nothing like that now. People are still trying to define what NAC is. That's something the industry is going to have to think about down the line.'

Because NAC is important, it's also important to allocate enough resources to get it properly installed and keep it running. 'These things can be done. [The question is] just to what extent do you have the resources to do it,' Hochmuth said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above