Network access control (NAC) has come a long way since 2006, when it was all the rage. Back then, there were competing standards from Microsoft, Cisco and the Trusted Computing Group vying for IT managers’ attention. There were dozens of different products, claims and counterclaims that were hard to parse, let alone believe. Products were buggy and difficult to implement without a tremendous amount of cross-vendor integration.

A Look Back

I wrote a cover story for a print magazine in 2008 showcasing four IT managers and their experiences with various NAC products. When I reread this piece, I was struck by how little has changed. Networks are still protected on the macro level by keeping systems updated with the latest patches and satisfying compliance regulations. But I was also interested in how much had changed on a micro level and how homogeneous networks were back then. A network-attached printer was about as odd as things got.

That was then. NAC — and the networks themselves — have come a long way in the past decade or so. The products have improved, and the endpoint and network security landscape has become more complex. We now have lots of devices on our networks that don’t look like PCs, or printers for that matter. That is where NAC can find a new niche.

Discovering a New Purpose for NAC

Over the past decade, access control vendors have been squeezed between mobile device management and intrusion detection products; trying to evolve in that space has been difficult. With all the issues around Internet of Things (IoT) botnet attacks and compromises over network-connected devices that don’t look like traditional endpoints, NAC has found a new purpose. As IT managers look to stem this malware tide, they have rediscovered this well-aged tool.

NAC had its original purpose in hardening network access and filtering which endpoints could connect to the enterprise network. This is still valid, especially in situations where endpoints come in many shapes and sizes, making it difficult to apply protective agents.

Back when I was testing these kinds of products in 2015, I wrote for Network World that “today’s NAC tools use a combination of probes including NMAP, WMI, Radius authentication, remote access to log files via SSH and SNMP queries and other clever ways.” I marveled at how much information these tools could suss out from a mixed bag of endpoints, which is why they are now being considered for protecting networks against IoT-fueled botnets gone wild. It might be time to take a closer look at what NAC protections can provide.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]