There are now a number of free and open source network access control (NAC) products available. How do they typically...
differ from what would be offered in a commercial product? Should companies use them to get a sense of whether they would benefit from buying a commercial product?
There's nothing wrong with open source products. However, I'd be wary about using them as a stepping-stone product choice.
First, let's look at open source products and how they differ from their commercial counterparts. There are two major players in the open source NAC market right now: PacketFence's Zero Effort NAC (ZEN) and Swisscom's FreeNAC. Both of these products have rapidly growing feature sets and appeal to those trying to implement NAC on a shoestring budget. They offer enterprise-class features, such as integration with Active Directory, virtual machine support and reporting/monitoring. What they don't offer is the slick user interfaces and advanced support available from a commercial vendor. They do offer some limited integration with products like McAfee Inc.'s Epo, but neither product boasts the wide range of third-party vendor support available from a commercial product.
Both Zero Effort NAC and FreeNAC have professional support available, but it's not free. PacketFence will provide a quote if you wish non-standard support or product customization, while FreeNAC requires that you purchase their enterprise edition that begins at $5,000 along with Gold Support at $8-$12 per device per year.
Second, you should think carefully about whether a "stepping stone" approach is really in your best interests. Deploying NAC is a resource-intensive process that often requires a high degree of user involvement. Are you willing to go through that twice? If you feel that NAC is appropriate for your environment, you'd probably be better off carefully selecting the right product (rather than a "starter" product) and deploying it in a careful, methodical manner. If you want to float a trial balloon, I'd suggest considering a small-scale pilot with a carefully defined group of users.
- Peter Giannoulis explains how to test drive NAC products without busting the budget.
- Learn more about the network access control basics.
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.