The Ashimmy Blog

"NAC can only be effective when coupled with a program of continuous policy enforcement of managed systems. Quarantining devices should be a last and final line of defense and not the main method to secure an environment; it is a small part of an organization’s overall security program, not the cornerstone."

Couple of hints:

1. His company is in the continuous policy enforcement of managed systems business.
2. He never seems to want to talk about what to do about unmanaged devices, though he acknowledges that at ".. the same time, an increasingly mobile work force, and more outside stakeholders—contractors, suppliers, partners, service providers, etc.—required enterprise network access."
3. He just does not understand that not every single policy violation in NAC results in a "death penalty" of quarantine. You can have grace periods and other remedies for policy violations.  Instead of the binary on/off paradigm he constantly knocks.
4. Thinks that if you "pre-mediate" devices "before they log onto the network" that is not a form of quarantine.
5. He writes a nice article, though it has the tone of an analyst.  Old habits die hard.

If you have not guessed yet.  Have a look here.

BTW, I get that Enterprise Systems publishes bylined articles for content that are little more than marketing pitches, but do they have to classify them under news? Thanks to the sleep deprived Mike Rothman for pointing me to this one.