Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
Word Wall Black Red
SECURE NETWORK ACCESS

George WilkesNovember 15, 2017

Why Network Access Control Risk is Failing Security Professionals

Most organizations still rely on old network technologies

Share


Current best practices recommend a laundry list of security technologies: VPNs, VLANs, NAC, Next Generation Firewalls, Privileged Access Management (PAM) solutions, and so on.

But too much technology results in ‘spend in depth’, and not necessarily improved security. And if you’re still using the same principles you were using ten or twenty years ago, you might have the strongest network perimeter in the world, but no ability to respond to internal threats.

Today, let’s consider network access control (NAC).

NAC Defined


Network access control (NAC) is a method of bolstering network security by restricting the availability of network resources to endpoint devices that comply with a defined security policy. A traditional network access control server performs authentication and authorization functions for potential users by verifying client device profiles (such as the presence of antivirus software and spyware-detection programs) before permitting access to the network.

Through a combination of client agents and network server components, NAC systems enforce policies about which network segments users can access. NAC (which often follows the 802.1X protocol), uses client profile and authentication information to make these policy decisions. Based on these policy decisions, the NAC permits access to network segments or VLANs. NAC systems may also require or perform remedy actions on non-compliant devices (such as enabling a client firewall).

NACs do incorporate some (limited) client profile information to make network access decisions, and can (in some ways) remediate non-compliant clients. And they integrate into existing network infrastructure components such as VLANs.

Why NAC Solutions Fall Short


Ultimately though, NAC solutions fall short for several reasons:

  • Most importantly, they cannot provide fine-grained control of which network resource users can access. They rely on existing (and separately managed) network segments, firewalls, or VLANs.
  • Due to the management issues around adding devices and firewall rules, enterprises have expressed doubt about the practicality of NAC deployment in networks with large numbers of diverse users and devices, the nature of which constantly change.
  • They typically have limited ability to make access decisions based on user context.
  • NACs do not provide secure, encrypted communications between clients and services.
  • NAC customers must use another solution (such as a VPN), which adds more cost, complexity, and management effort.


Learn about an alternative to legacy NAC solutions, called the Software-Defined Perimeter.

Receive News and Updates From Appgate