Necessity is the mother of invention
Taking a page out of the necessity is the mother of invention book, Tim Greene has a follow up to his article last week that detailed a few users who were using NAC without any pre-connect posture or health checks. Now Tim says that NAC customers can do posture and health checks, but not every time you log on the network. You can just check them sporadically. Tim says once a month is sufficient for most people. I don't think checking an endpoint managed or not, monthly is sufficient at all and is in fact a huge security risk. I think this bastardized version of sporadic checking grows out of the inability of most NAC solutions to check endpoints in a timely and efficient manner.
I look at what this has led to, as well as some of the other recent "innovations" in NAC and begin to realize how product shortcomings and poor design lead to compromises on functionality. What I am amazed at though is how the spin goes making it like that was the plan all along. When we designed Safe Access, our NAC solution we immediately recognized the testing issue and so designed our product to incorporate rigorous testing guidelines that would ensure the ability to test every device as they come on the network in a fast and efficient manner. It never occurred to us to tell people to compromise their security by only checking sporadically. Now we read about this compromise in Tim's article and he makes it like it is a godsend. I call BS on that! If the NAC product was designed right from the get go, you wouldn't need to make that compromise and open yourself up this security risk.
To think that most of these NAC products only check for AV dat file and hotfix and still can't do it in time and the media condones that and makes excuses for them is just crazy.
Comments