Knock Knock
What's there?
We recently commissioned a survey of IT staff on network security concerns generally and NAC adoption plans specifically. What we found, interestingly enough, was that 86% of the respondents had controlling network access as a priority, but 45% of them were not sure what was connecting to their networks at any given time. I feel a bit like a political spin machine on this, since the basic visibility components of NAC implementation has often been a topic for me, but it seems to just keep coming up in its own right. 802.1x can help authenticate the endpoints in your network (and that seems to be on peoples' list, at least according to Gartner), and may help judge the posture of devices as we move forward. However, failing back to MAC based authentication for MAC addresses you know little to nothing about seems too circular to be useful. Any meaningful policy springs from at least basic knowledge of what you have connecting today.
I think this is a particular challenge for NAC vendors, since (a) it's basic blocking-and-tackling of NAC implementation so it needs to work; and (b) it's not really a huge business bang for your NAC buck. However, there has to be opportunity here as well, since it appears none of the current tools in the IT toolbox is stepping up to do a satisfactory job at this.
You can read the full study here.
Comments