7 Reasons NAC Solutions are Failing to Protect Enterprise Networks

April 27, 2017 |
The Number 7

NAC was designed to work inside the perimeter. Build a perimeter around the internal network, verify who users say they are, and once in the door users gain full access to the network or at least a large portion of the network.

Yet enterprise technology and work habits have changed. The network perimeter has dissolved. In our changing world, NAC fails to protect enterprises from cyber threats for seven reasons.

1. NAC doesn’t extend to cloud

Enterprises need another security solution for the cloud. And that adds another layer of network security.

2. NAC relies on VLANs, which are complicated to manage

Defining VLAN segments – Creating them can be easy…keeping them relative and accurate as your environment changes is the real challenge. So most enterprises only have a limited number of VLAN segments defined.

3. NAC doesn’t encrypt traffic

If social networks like WhatsApp, Facebook Messenger and Snapchat can encrypt traffic, why not corporate networks?

4. NAC isn’t fine-grained

It can’t provide fine-grained control of the network resources users can access.

Instead, NAC relies on existing (and separately managed) network segments, firewalls and VLANs.

5. NAC’s remote user support is non-existent

Remote users need yet another solution – like a VPN – requiring yet another set of policies to manage.

6. NAC struggles to support the agile enterprise

NAC is hard to manage because it’s not agile or dynamic – it’s static.
It’s complex for the security team to add firewall rules for thousands of workers and their many devices.

7. NAC doesn’t provide deep, multi-faceted, context-aware access control

It doesn’t check specific attributes such as location, anti-virus or device posture or broader system attributes such as an alert status within a SIEM.

An Alternative to NAC: A Software-Defined Perimeter

A Software-Defined Perimeter eliminates these limitations. A Software-Defined Perimeter is a new network security model that dynamically creates 1:1 network connections between users and the data they access. There are seven main benefits.

Click through to the eBook How to Overcome NAC Limitations: Why a Software-Defined Perimeter delivers better network security for today’s enterprises, to see the seven main benefits of a Software-Defined Perimeter and how it overcomes these limitations.

This eBook is for security, network, IT architect, operations, infrastructure and GRC professionals who want to protect access to physical, virtual and cloud-based IT systems.

Back to Blog Home

Jason Garbis

Vice President of Products, Cryptzone
Jason Garbis is Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.

Leave a Reply

Your email address will not be published. Required fields are marked *