Soliton - Blog

Back to the Future: why revisit Network Access Control?

Written by Hans-Peter Ponten | Mar 6, 2019 4:00:00 AM

Imagine a little pesky piece of malware. There it is trying to get into your system. It can come in from anywhere; an employee bringing their own device, from the need to share Big Data, from connecting IoT machines or from contractors and freelancers needing to access your network. Changes in and around your business emphasise the need for flexible access, but this flexible access inevitably brings more risks. In their search for a security solution to reduce these risks, IT managers often skip Network Access Control. NAC is nothing new, so how could it ever withstand todays security threats? The truth is, that its value is more relevant than ever. In this article, were breaking down how NAC works, what it secures and how its renewed version can help you reduce risks.

How does Network Access Control work?

Lets come back to our little piece of malware. It cant get in on his own, meaning it needs to ride along with something or someone. But as this something (e.g. a printer) or someone (e.g. an employee) tries to come into the network, it first comes up against a Network Access Control solution. This means that it runs into a virtual customs that uses pre-defined rules to check whether the user and his device comply with corporate security policies. It can tell who the user is, whether he uses a laptop, PC or tablet and whether he connects to the company network through cable, Wi-Fi or VPN. Users and devices that are cleared can come in, but only to specific network sections. In bullets, this clearance process looks like this:

  • Identify the user: who it is (is it a known user?), what is he trying to access, where is he located, when is the access request made, and how (cable, Wi-Fi, VPN?)
  • Assign a role: for each type of user its clear what parts of the network they can access, and what parts they can't
  • Enforce the policy: let the user access the pre-defined network areas, or deny access

The great thing is, that this all happens before any connection is made between the device and the network. Its why this type of Network Access Control (called port-based NAC) is so effective in managing users and devices in and around your company walls. And it gets even better: todays NAC solutions are often automated too.

But...what does it do?

NAC solutions dont scan incoming devices for malware. Instead, they simply decrease the chance of malware and other bad things coming into the network by only giving access to cleared devices and users. The more the device is governed by IT, the more rights its user will have. This means that company owned PCs are allowed to enter special parts of the network where they can access critical business applications, whereas a privately-owned device is quarantined and only gets access to e-mail. So, even if that little piece of malware could make it into the company network, it wouldnt be able to do much damage as it cant spread.

This puts you in control without having the extra labour or needing to fix problems- as its not very likely they will happen. In other words, Network Access Control relieves a lot of access worry without complexity and hassle. Whether an HR intern is accessing the network from their smartphone, a freelance web designer is connected to the system on their own laptop, or the CFO is doing a deep dive into the company cash flow: correct BYOD and employee versus non-employee access is ensured. Security breaches are minimised and if that piece of malware could somehow find a way to get in, youd instantly know it travelled through the 3rd-floor IoT printer. Because at the end of that day, it would still be there, feeling powerless and isolated.

What Network Access Control solution do I need?

Having said that, not all NAC solutions are created equally. And as the point of Network Access Control is to make your life easier, you probably dont want to start implementing a so-called solution only to find it adding an extra layer of burden to your work and stress load. Thats why weve broken it down into two main areas you can keep in mind when considering a NAC provider. First, make sure you evaluate a provider on whether theyve avoided high complexity and ensured user-friendliness. Like we said, NAC isnt a new idea in IT, but it can be made very complicated, and it shouldnt be. Next to keep in mind is whether the vendor is operating based on the old proprietary system model, which could lead to a technical or financial lock-in. Lock-ins sabotage agility and keep your organisation from responding quickly to changing internal and external demands. And thats the point. The security demands that technology is making on your system are the result of the need for a free-flow of people, devices and data, not silos and static solutions.

Ready to dive into the flexibility and freedom of the new style of Network Access Control? Download our free white paper below.