Experts Say Dump The NAC Word

Vendors have suggested that a vast range of security problems including worms, malware and employee misbehaviour can be solved by a solution called NAC – but they are oversimplifying the situation and raising false hopes in users, according to experts

“The problem is that security is based on a bad paradigm,” said Jan Guldentopps, analyst at BA Test Labs, speaking in a debate at the NetEvents industry gathering in Barcelona. It is assumed that bad guys are outside and good guys are inside the firewall, he said. The problem NAC is supposed to address is managing access rights to networked resources.” NAC is supposed to give IT managers the ability to identify who is logging in, and also spot undesirable behaviour when it happens, said Rik Moy, president of NSS Labs. It has to work on a wide variety of devices including laptops, desktops and phones.

NAC has been supposedly on the verge of taking off for some years, said Guldentopps, but has not: “Let’s be honest – NAC is a marketing term for Microsoft and Cisco to continue to monopolise their markets. Microsoft’s version is called NAP for network access protection, he said, but both are more to do with marketing than technology.

Now is the time to realise that the problem can’t be solved by throwing money at it, and get back to security basics, said Guldentopps: “There has got to be realism.”

Perhaps surprisingly, the security vendors on the panel agreed NAC is oversold and unable to deliver its promises: “It’s just authentication, period” said Jeff Prince, chief technical officer of Consentry. “It’s not a homogeneous world,” said Brett Eldridge, marketing vice president of Infoblox. “NAC can’t solve that problem.”

The only place that NAC really works is in a single-vendor solution, said Guldentopps. “The big success of BlackBerry is that RIM manages the whole thing. It works perfectly as long as you are on a BlackBerry. Now imagine doing that with all the PDAs on the market!”

“Your satisfaction level is inversely proportional to the size of your enterprise,” said Prince. Large enterprises find it so cumbersome to arrange access control for all their staff, all their devices, and all their services, that “Half way through, you want to slash your wrists.”

Page: 1 2

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

22 mins ago

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago