« The pundits were wrong ... | Main | We need less security trade shows »

November 08, 2006

Purpose built NAC

I was recently asked by Dana Hendrickson from Secureaccesscentral.com if the purpose built NAC message we use in regard to Safe Access was marketing fluff or was there some real advantages behind it.  I posted a short answer on the message board that is a new part of the site (if you get a chance you should check out the site). So not wanting to be accused of putting out pure marketing fluff, let me list what I think are the major advantages of a purpose built NAC solution versus the re-purposed vulnerability scanners and IDS currently used for NAC.

1. Generally faster testing times than traditional vulnerability scanners, which allow for complete testing before access is granted (guilty until proven innocent).I know the new closed source version of Nessus is faster than the older open source version.  But no one that I am aware of is licensed to use Nessus in their NAC solution.

2. Ability to test for NAC specific policies versus vulnerabilities (testing for the presense of an application or security setting versus a "SANS top 20 scan).  This is huge and goes to the heart of it all.  I don't think NAC policies are just taking vulnerability scans and calling them NAC. I want to know about devices complying with my policies.  I don't want certain P2P stuff running.  I want to know what the security settings are at.  Is there a personal firewall installed and running. When was the last time an anti-spyware scan was run.  These types of tests are very different that testing for known vulnerabilities.

3. None of the potential legal liabilities from repurposing someones else's scan technology (nessus is not open source)

4. IDS/IPS technology is not going to give you pre-connect testing generally. Also, whether we call it IDS/IPS or post-connect NAC, it still suffers from the same problems. False positives and false negatives are a problem. Handling the volume without introducing latency is another. Also, generally the IDS/IPS has to be a bump in the wire or inline to be effective and this presents scalability issues and increased costs.

I think all of these are important reasons to choose a NAC product that was purpose built for the job.  I would be interested in your take on it.

Posted at 10:03 PM in NAC, vulnerability management |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d8356d2c3169e2

Listed below are links to weblogs that reference Purpose built NAC:

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About