Friday Sep 22
Mar
05/10
NAC, Endpoint Security and Revelations from the RSA P2P
Updated on Saturday, 28 January 2012 06:37
Share

I’m not going to recount what was said during the session; RSA’s Peer 2 Peer sessions are gracefully excused from the promiscuous ears of the media. I do, however, want to share a few thoughts, revelations and take aways I have from the session.

Were you in the session? Before I launch into my opinions, I’m most interested in hearing from anyone that was in the Peer 2 Peer. As the facilitator, I get a different kind of value from these peer sessions. The real question is: did you? Feel free to post comments (anonymous is fine) or email me directly using the contact form.

First, NAC is not dead. Wednesday’s full room was proof of that; I think we had only a couple of seats open of the 25 maximum available. I will share with you that these P2P attendees were a little disappointed that the industry events were not giving NAC the attention they did just a couple of years ago. Everyone understands why, but their comments resonated with me. They feel abandoned by the vendors and the industry; left to fend for themselves and work out the many major kinks of a security technology that’s not as ready for prime time as we’d hoped. We lamented over the decrease in industry’s willingness to help us in our efforts and the obvious lack of NAC sessions on the schedules of major conferences, such as RSA and the upcoming INTEROP.

Second, people do want NAC. The interest seems to be completely in line with my personal observations that port security and authentication are still highest on the list of requested features, with a strong desire for endpoint integrity sliding in as a solid second or third. These are the features being touted by the primary remaining vendors in the NAC and endpoint security space and there IS a demand for them.

Third, the consumers are happy to compromise. Instead of selecting from a menu of over-zealous vendors pitching their fix-all solutions, the consumers want more reasonable expectations, more manageable deployments and a sustainable maintenance plan – and they don’t mind giving up a few features to reach those goals. The stories I heard were ones of heartache, headache and hopelessness, riveted with frustrations, mostly stemming from the use of the wrong technology in the wrong environment. Although there were vendor-specific tribulations mentioned by the group, I steered clear of that part of the discussion, realizing that the failure wasn’t in the product as much as it was in the processes created by poorly made technical decisions. Unfortunately, these people are at the mercy of the vendor to help them with the process and many times the vendor’s sales force (and even at times, the engineering team) doesn’t understand enough about the environment and their own product to make recommendations for a successful rollout.

As promised, I did distribute the Universal NAC Feature Model document to the group (well, until I ran out of printed copies). I’ll make that document available here as well this weekend. Now available.

With the confinement of a short 50-minute, session, we certainly couldn’t solve the evils of the NAC world, but it got everyone talking and it got me thinking – again. We can do this. We just need to make it affordable, efficacious and reasonable to integrate. It is possible, and the session reinforced my support for the groups working to create frameworks and standards that will help these consumers of the technology (and all others) find the right product for them and integrate it in a much less painful way.

# # #


1 Comment
  1. CommentsPaul   |  Friday, 05 March 2010 at 9:50 pm

    There was a panel discussion on NAC led by Lawrence Orans from Gartner. A couple of vendors (Cisco & Microsoft) and a couple of customers – Bank of Mellon (Forescout solution) and Cadence Design Systems (Avenda Systems solution) were panel members. It was a good discussion. Lots of questions about 802.1X, etc., from the audience.


Leave a Reply