While 802.1X is an IEEE standard that provides port authentication in LANs, it has largely been adopted only in wireless environments, although it can function perfectly well in wired environments. By focusing on a client-side supplicant, the alliance believes interoperability can be driven from the client side. Extending support from the open-source client to various NAC servers is much less challenging than the reverse. Strong identity is the only way security will keep up with intruders, said Pete Selda, Identity Engines CEO. An open-source, client-side approach helps push interoperability forward. As a result, NAC can be widely adopted without worry.
What about Broader Policy Enforcement?
Vetting users and devices is only half the battle, though. Once NAC has granted certain privileges, how do you go about enforcing enterprise policies on an application-by- application and event-by-event basis? Data leakage, IP theft, insider attacks, and threat response are issues even with NAC in place.
Another security startup at the show, ExaProtect, previewed its security appliance that combines a security event information management solution (SEIM) and a network security policy solution (NSPS). The appliance monitors security events, which is nothing new, but beyond monitoring, it gives IT the ability to make immediate, system-wide changes based on those events even in multi-vendor, heterogeneous networks.
Think of it as security event and system interoperability. According to Jason Holloway, VP of marketing for ExaProtect, many SIEM products view events from a single point on the network, from a firewall perhaps, without correlating that event with, say, an IPS to understand the nature of the event. For security to be effective, IT must understand the context of the event.
A good analogy is a car alarm, Holloway said. If you live in the country and have your car garaged, when the alarm sounds, it is unusual and worth investigating. If you live in the city and have a neighbor whose over-sensitive car alarm goes off every time the wind blows, youll do your best to ignore it. Its the same event, but it requires two very different actions.
With contextual awareness, security managers are freed from spending their time studying event logs. They dont react to each and every alarm, responding only to those that represent a real threat. Not only is the threat understood, but this broad view of the event also enables real-time remediation. Policy and network changes can be made directly through the ExaProtect console, so security staff is further spared the cumbersome task of making changes manually on a device-by-device basis.