How NAC works
Why is it important to have a NAC solution?
As organizations account for the rapid growth of mobile devices accessing their networks and the security risks those devices bring, they need tools that provide the visibility, access control, and compliance capabilities required to strengthen network security.
A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, which keeps insecure nodes from infecting the network.
NAC supports the enforcement model described in NIST SP 800-207 (Zero Trust Architecture), verifying devices and users before granting access. For the underlying standard that governs port-based network access control, NAC commonly relies on IEEE 802.1X.
What are the general capabilities of a NAC solution?
NAC solutions help organizations control access to their networks through the following capabilities:
- Policy lifecycle management. Enforces policies for all operating scenarios without requiring separate products or additional modules.
- Profiling and visibility. Recognizes and profiles users and their devices before malicious code can cause damage.
- Guest networking access. Manages guests through a customizable, self-service portal that includes guest registration, authentication, sponsoring, and a management portal.
- Security posture check. Evaluates security-policy compliance by user type, device type, and operating system.
- Incident response. Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention.
- Bidirectional integration. Integrates with other security and network solutions through an open or RESTful API.