Jun 14

2017

When NAC Deployment Projects Fail

By Great Bay Software

Deploying a network access control (NAC) solution is one approach to reduce your risk of a network breach. At the same time, it’s accepted wisdom that not all NAC projects are successful. A scrapped deployment is costly; with lost investments in equipment purchases, software, service licenses, resources and time. NAC implementations are complex and, if canceled mid-stream, the risk of a crippling breach still remains. When any new project goes awry, the team responsible may lose the confidence of company leadership, project sponsors and users.


Risks and Rewards

Originally designed for network policy management, user access control and guest services, NAC systems typically rely on agent software to perform deep inspection and remediation at the expense of additional software on the endpoint. Most solutions also include “agentless” functionality; however, this brings potential risks:

  • Agentless NAC may be easier to deploy, but generally offers less control and fewer inspection capabilities
  • Some agentless deployments are configured with domain and read/write credentials in such a way that a single system has the power to log into almost every networked device

Most NAC systems use an agentless option only as a fallback. However, with the dramatic growth of IoT we find most security teams have limited or no visibility to tens of thousands of network devices. If a majority of your networked connected device are unknown, fallback is not an option.

 

The Devil is in the Detail

  • An effective NAC deployment depends on successful integration with your current and future security tools such NGFW, EMM, ATD, SIEM and others. This leads to big configuration and deployment challenges. These applications have different access functions, unique management consoles, and may apply separate controls to the network and connected devices.
  • Some NAC solutions require the licensing and deployment of add-on modules to support third-party systems. This not only leads to increased costs, it complicates acquiring and maintaining the appropriate licenses as your network evolves. For example, how might an NGFW upgrade or replacement impact your NAC deployment?
  • Keeping device agents current for multiple operating systems is extremely resource intensive. The highly publicized “Wannacry” attack highlights this challenge. Although a Microsoft update that protected Windows PCs was available, many organizations chose not to or were unable to install the update because of outdated operating systems, compatibility risks, network interruptions and potential downtime.

These challenges and their inherent risks are why we see security teams rethink their NAC deployments. This is especially true in IoT-dependent industries such as healthcare, finance and manufacturing.

 

Weigh the Costs and Risks of a Scrapped NAC Deployment

NAC Investments Cyberattack costs
1. Vendor and product evaluation 1. Client records recovery
2. Project proof-of-concept 2. Hit to reputation and market competitiveness
3. Equipment, software and service costs 3. Legal costs
4. Personnel training 4. Disruption of business operations
5. System deployment and integration 5. Cost of IT resources to find and fix
6. On-going maintenance, management and support 6. Loss of business

 

Security budgets are tight. Risks are high. Measure the true costs, time and resources to get a NAC system up and running. Agentless as a fallback for non-computing devices is not ideal. Any organization with IoT-critical applications should consider solutions that don’t depend on agents for effective device control. Overlay systems that use multiple data sources for discovery, profiling and control are far easier to deploy. This enables you to more effectively respond to attacks and protect your network, devices and data.

Check out our post about the Top 5 Reasons Why NAC Deployments Fail. To learn how Great Bay Software tackles these challenges visit www.greatbaysoftware.com.

Webinar | How to Decrease Cyber Risk at Your Credit Union

NCUA Audit Compliance Whitepaper

Comments

Related Posts

Oct 19

2017

Did You Miss it? Highlights from the CUNA Tech Council Conference

We had a great time at the CUNA Conference at the beautiful Arizona Biltmore Hotel in Phoenix earlier this month. The opportunity to meet with credit union IT and Security professionals and show off...

Sep 26

2017

Embrace Your IoT Initiatives with Confidence

IoT applications are growing exponentially. Add to this the mounting sophistication and malice of Cybercrime and we’re talking big risks. Recently, we partnered with SC Magazine to present an...

Mar 07

2017

Struggling with 802.1X roll-out? You are not alone.

I recently returned from a road trip where I met several customers who have decided to abandon 802.1X roll-outs after battling one challenge after another over multiple years.  The primary challenges...

Subscribe to Blog Updates