Network access control tools that used to manage only desktops and laptops are evolving into systems for protecting...
networks from new security threats brought on by the increasing number of Internet of Things endpoints and employees using their own mobile devices for work.
With the variety of devices connecting to networks expanding, network access control (NAC) technology is becoming a new category called endpoint visibility, access and security (EVAS), Cisco said in its recently released Annual Security Report.
The evolution has reenergized the NAC market, which has been stagnant for years. In 2014, NAC sales rose to $552 million from $399 million in 2013, according to analyst firm Frost and Sullivan. The increase is due to the advantages EVAS tools bring to enterprises.
How EVAS works
The improvements include dropping the installation of code snippets, or agents, that establish communications between traditional NAC systems and each endpoint. This makes EVAS tools better suited for emerging trends like the Internet of Things (IoT), which will expand the assortment of endpoints to include any Internet-enabled device, such as printers, sensors and even medical monitoring systems.
"Any device that interacts with your network has the potential to cause harm or have malicious capabilities,” said John Pironti, president of consulting firm IP Architects LLC.
EVAS tools from companies like ForeScout Technologies, Aruba Networks and Cisco gather endpoint data from multiple sources, including switches, active directory, and endpoint security systems in a single appliance. This approach gives enterprises more visibility into devices on the network. It lets companies gather contextual data and spot anomalies that could indicate malware or an unauthorized person trying to log in, experts said. In addition, EVAS systems profile data traffic at a granular level in real-time to monitor whether device activity is within corporate policies.
"A device could have malware injected onto it after it's already connected to the network, and it wouldn't be reevaluated [in traditional NAC] until it disconnects and tries to reconnect to the network," Pironti said. "Now, NAC is about more granularity and constant monitoring."
EVAS tools are particularly useful to enterprises that need to monitor much more than traditional PCs and mobile devices. Unlike traditional NAC tools, EVAS technology is not dependent on the operating system running on the endpoint. As a result, the systems can be used to monitor traffic from manufacturing equipment and industrial control systems, network engineer and blogger Nick Buraglio said.
Along with the improvements they bring to endpoint security, EVAS tools also carry weaknesses. They lack a core universal feature set that experts say should include asset management, role-based access and secure guest-network access.
The tools should also include features to help companies monitor compliance with legal mandates and government regulations, said Joe Schumacher, senior security consultant at Neohapsis Inc., a security consulting company now owned by Cisco.
In recent years, vendors like Cisco, Aruba and Aerohive have scooped up NAC players, integrating their technology into wireless portfolios. While this has left enterprises with fewer standalone NAC vendors to choose from, the market consolidation has made it easier to work with only one vendor for deploying and maintaining the technology.
"Most enterprises are going to start with [EVAS] for wireless devices anyway, and then they can migrate over to wired [endpoints]," Pironti said.
Context is everything for secure network access
Integrating NAC with network security tools
Using NAC tools and policies