Network access control (NAC) has come a long way since 2006, when it was all the rage. Back then, there were competing standards from Microsoft, Cisco and the Trusted Computing Group vying for IT managers’ attention. There were dozens of different products, claims and counterclaims that were hard to parse, let alone believe. Products were buggy and difficult to implement without a tremendous amount of cross-vendor integration.

A Look Back

I wrote a cover story for a print magazine in 2008 showcasing four IT managers and their experiences with various NAC products. When I reread this piece, I was struck by how little has changed. Networks are still protected on the macro level by keeping systems updated with the latest patches and satisfying compliance regulations. But I was also interested in how much had changed on a micro level and how homogeneous networks were back then. A network-attached printer was about as odd as things got.

That was then. NAC — and the networks themselves — have come a long way in the past decade or so. The products have improved, and the endpoint and network security landscape has become more complex. We now have lots of devices on our networks that don’t look like PCs, or printers for that matter. That is where NAC can find a new niche.

Discovering a New Purpose for NAC

Over the past decade, access control vendors have been squeezed between mobile device management and intrusion detection products; trying to evolve in that space has been difficult. With all the issues around Internet of Things (IoT) botnet attacks and compromises over network-connected devices that don’t look like traditional endpoints, NAC has found a new purpose. As IT managers look to stem this malware tide, they have rediscovered this well-aged tool.

NAC had its original purpose in hardening network access and filtering which endpoints could connect to the enterprise network. This is still valid, especially in situations where endpoints come in many shapes and sizes, making it difficult to apply protective agents.

Back when I was testing these kinds of products in 2015, I wrote for Network World that “today’s NAC tools use a combination of probes including NMAP, WMI, Radius authentication, remote access to log files via SSH and SNMP queries and other clever ways.” I marveled at how much information these tools could suss out from a mixed bag of endpoints, which is why they are now being considered for protecting networks against IoT-fueled botnets gone wild. It might be time to take a closer look at what NAC protections can provide.

More from Endpoint

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…