The Definition of NAC

What is it that makes defining network access control (NAC) technology a difficult task for many?

Is it the fact that companies with some kind of a “prevention” technology bends the definition of NAC so they can jump the bandwagon? Or is it the fact there is no standardization or a formal definition?

I believe it is both.

According to my definition, at its basis, a network access control solution must ensure that only authorized and compliant devices are allowed to access and operate on the enterprise network.

The technologies that may be used to accomplish this task may vary. They might include element detection, network discovery, quarantine capabilities, compliance assessment, various enforcement methods, etc.

NAC brings control and risk mitigation.

Like other information security technologies, it is not the one silver bullet. It is rather an important piece in the entire security posture of an enterprise. Some may argue NAC is the basis for internal network security.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: