According to Steve Hanna, a distinguished engineer at Juniper Networks and the de facto spokesman for the network access control (NAC) industry, the device authentication technology is failing to deliver on its promise.
Companies like Juniper, Cisco, and a long list of point providers may have already sold thousands of NAC systems to enterprise customers looking to shore up their network defenses, Hanna said, but that doesn't change the fact that the technology hasn't lived up to its original expectations.
NAC was supposed to become a comprehensive method for both inspecting the health of any device that attempts to log onto a network and for keeping electronic eyes trained on those machines to help manage their access to internal resources and prevent potential attacks after they've been granted admittance, said Hanna.
Instead, Hanna said, having been confused by contradictory marketing messages about a sea of different technologies that have been labeled as some form of NAC, many of which do not work together, most customers have relied on the technology merely to grant network access to guest users and remote workers -- it's most basic form of functionality.
If NAC is to survive and flourish as a widely used technology amid the growing range of security and authentication tools on the market today, he said, it must quickly mature and move beyond such a narrow model of usage.
"Right now NAC systems are still a bunch of silos. You have network access tools, applications layer security tools, intrusion detection systems, and firewalls, but they're just pieces," said Hanna. "The components haven't been adequately put together, and that's what's stopped NAC from moving forward; hopefully it can grow from here into something more, because if NAC can't provide greater benefits in short order, it won't be adopted."
Unsurprisingly, Juniper's latest addition to its own Unified Access Control platform, the firm's flagship NAC product line, boasts new points of integration with firewalls and intrusion detection systems (IDS).
However, as the co-chair of the Trusted Computing Group's Trusted Network Connect work group, a NAC industry standards effort, Hanna has long maintained that in addition to improving their own products, vendors must work to get their tools to work together to advance the whole market.
That remains one of NAC's biggest stumbling points, he said.
Another major issue is that companies including Cisco continue to market less expansive NAC systems that are aimed primarily at helping users address the guest access problem, which he said might be further confusing customers and lowering expectations of the entire technology itself.
Cisco, which for the record defines NAC as "network admission control," has abandoned its initial "framework" approach to the technology, which more closely resembled Hanna's broad vision for the tools, in favor of selling appliances and software to help businesses give access to network visitors, he said.
By lowering expectations and limiting the understanding of NAC, he said, such efforts may be hurting its potential in the long run. As a result, Hanna is calling for the network security industry to move to "NAC 2.0."