McAfee adds NAC module, appliance for unified policy enforcement

By Neil Roiter, Senior Technology Editor, Information Security magazine 20 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

McAfee's addition of network-based NAC fills a critical gap in its NAC portfolio, strengthening its competitive position in the sometimes confused, always over-hyped world of network access control.

Customers are not extremely sophisticated in NAC policies; they want to put some controls in and scale over time. Robert Whiteley, principal analyst and research director, Forrester Research Inc.

Network appliances address organizations' most pressing need: enforcing policy for unmanaged devices belonging to contractors, partners and customers. This has given hardware solutions from network infrastructures (Cisco Systems, Juniper Networks, etc.) and pure-play NAC vendors (such as Consentry Networks, Nevis Networks, Mirage Networks) a leg up while endpoint security companies like McAfee Inc. and Symantec Corp. provide agent-based controls for managed devices, especially remote laptops.

Analysts say we're reaching the point where companies are beginning to address both scenarios.

"The hyper-focus in the market has been on guest, unknown, and unmanaged machines because that's clearly the highest risk," said Robert Whiteley, a principal analyst and research director at Forrester Research Inc. "Data also shows about three-quarters of the companies deploying NAC are worried about both (managed and unmanaged devices). This favors vendors with broad portfolios."

SearchSecurity radio:

McAfee portfolio got a lot broader with its NAC Module for Network Security Platform intrusion prevention appliance (formerly Intrushield), announced today as part of its Unified Secure Access approach. McAfee also introduced a standalone NAC Appliance for deployments that don't include IPS. This allows McAfee customers to create and enforce unified policies across unmanaged and managed devices when combined with the agent-based Network Access Control, leveraging its popular ePolicy Orchestrator (ePO) management console for both.

"Our customers tell us most of the solutions on the market today have identified the need to integrate both network and endpoint," said Rees Johnson, senior vice president and general manager of McAfee's Network Security Business Unit. "Similar to multilayer protection from malware, having a multilayered NAC solution is critical."

As enterprises look for comprehensive NAC, they can look to single providers like McAfee, which now cover both the network and endpoint, or mix and match solutions, Whiteley said.. For example, as Microsoft NAP becomes ubiquitous, companies can combine it with a network product. The problem, he said, is that you still have to deal with distinct policy stores for network and endpoint.

This may become less of an issue if vendors adopt new standards, such as IF-MAP, introduced by Trusted Computing Group, which created the Trusted Network Connect (TNC) initiative, supported heavily by Juniper and other vendorss. IF-MAP is a standard for collecting and storing network device, application and user information in a database to promote interoperability and common policy creation, monitoring and enforcement.

Whiteley also said that McAfee's NAC solution is tightly tied to its audit capabilities, which will appeal to organizations whose primary NAC focus is on compliance, rather than operations.

While a basic yes-no device assessment is sufficient for pre-admission access control, organizations with more mature security programs are increasingly concerned with post-connect monitoring -- the ability to continuously monitor device status behavior on the network. IPS is well-positioned for this since it performs close inspection of inbound, outbound and internal network traffic.

While most early NAC deployments focus on simple pre-connect access control policies --"health assessments" based on things like up-to-date antimalware and patching -- over time we'll increasingly see enterprises design and enforce complex role and context-based policies. At the heart of McAfee's NAC package is what it calls Adaptive Policy Control, which not only provides granular policy creation for both unmanaged and managed devices but also allows McAfee NAC users to modify policy to specific scenarios based on the ability to monitor activity on the network.

"Customers are not extremely sophisticated in NAC policies; they want to put some controls in and scale over time," said Whiteley. "McAfee will be more behavioral and learn what is happening in environment. It fills a need a lot of customers aren't asking for, but it's critical as they ratchet up so companies are not dedicating three or four professionals to run NAC."

Tags: Client security,  Network Access Control Basics,  UTM Appliances and Strategies,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Client security InZero Systems launches hardware-based security gateway DLP technology challenges security costs Endpoint protection best practices manual: Combating issues, problems Kaspersky update for SMBs in wake of free Microsoft Security Essentials Microsoft makes free antivirus software widely available Security best practices in hotels Best Antimalware Products Perimeter defense in the era of the perimeterless network Microsoft Security Essentials (MSE) shows no vision, expert says Smart tactics for antivirus and antispyware Network Access Control Basics Security vendors can learn from ConSentry Networks demise Best Network Access Control Products Perimeter defense in the era of the perimeterless network Network access control technology: Over-hyped or underused? Symantec offers endpoint protection management, monitoring services Configuring access control lists What is the difference between a VPN and remote control? Quiz: Endpoint security on a budget Opinion: Gartner gets NAC wrong, again What security software should be installed on Internet café computers? UTM Appliances and Strategies Best Unified Threat Management Products Unified threat management products gaining midmarket, enterprise foothold Virtual appliances boost flexibility, improve security Enterprise UTM security: The best threat management solution? Microsoft Threat Management Gateway has some drawbacks The case against UTM: Is there a better alternative? Rising Profile Check Point to acquire Nokia security appliance business IBM announcements mark two years of ISS marriage Fortinet acquires database vulnerability scanner from IPLocks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary brute force cracking  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) Crash Course: Spyware  (SearchSecurity.com) email spoofing  (SearchSecurity.com) phishing  (SearchSecurity.com) rootkit  (SearchMidmarketSecurity.com) social engineering  (SearchSecurity.com) Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary