Catching the Unicorn: A technical exploration of why NAC is failing

Catching the Unicorn:
A technical exploration of why NAC is failing

Author: Jennifer Jabbusch
White paper, technical and market review of Network Access Control technology
36 pages, PDF format
2009-09-18 First release
Copyright Carolina Advanced Digital, Inc., all rights reserved

Executive Summary
Network access control (NAC) solutions have been failing as a technology in the IT security market, a truth punctuated by numerous NAC vendors closing their doors and an abundance of failed implementations in the past two years. The failure of NAC is detrimental to manufacturers of the technology, integrators offering the solutions and most importantly, to the countless organizations with security challenges that NAC will solve.

This document provides a unique perspective into the NAC market and a comprehensive dive into the technical difficulties that are inhibiting NAC technologies from seeing widespread adoption. Beyond explaining the issues of NAC adoption, this effort reveals a detailed plan to remedy the current situation – with explicit calls to action for manufacturers, consumers and the industry as a whole.

Catching the Unicorn is vendor neutral and presents issues from several angles, making it relevant to all NAC vendors and those interested in NAC technologies.

Included in the first two sections are background information and a brief overview of the technology market as it relates to NAC. This information lays the foundation for understanding the larger underlying issues that need to be addressed for the market to be successful. In the third section Mapping NAC Functions, basic concepts of the feature component set of NAC are identified and explained. Part four Reducing Cost and Complexity for Widespread Adoption begins the exploration f primary technical complications of NAC and outlines ways to streamline each feature component as a means to simplify the solutions enough for widespread adoption. Throughout the paper, several key concepts of security, network security and access security around which NAC was developed are discussed. Part five concludes with specific recommendations for vendors and consumers alike on what must happen to turn NAC into a viable solution.

Key findings
-NAC will not succeed as a niche market.
-NAC will be a feature set, not a product.
-Much confusion of NAC stems from ambiguous terminology, a result of NAC’s evolution from other products.
-The hindrances in adoption of NAC are due to technical challenges.
-There are four feature components of NAC: Authentication, Access Rights, Endpoint Integrity and Behavior
Monitoring.
-There are frameworks and standards in place that will help NAC reach widespread adoption.

Key recommendations
-Vendors should focus on standards of interoperability in order to succeed.
-NAC solutions should be renamed, based on the feature components they offer.
-Consumers of NAC technology must demand standards and roadmaps from vendors.a way to make it work.

Document Keywords
NAC; network access control; failure of NAC; NAP; complexity of NAC; IEEE; 802.1X; 802.1X-REV; TNC; TCG; IF-MAP; IETF NEA; Juniper; Cisco; Symantec; Microsoft; ForeScout; StillSecure

Document

Catching the Unicorn: A technical exploration of why NAC is failing, PDF, First Release 2009-09-18