Juniper Networks is updating its unified access control (UAC) technology in
a new release that expands the capabilities and definition of what network
access control is all about.
Network access control (NAC) ensures network access is only granted
to validated and properly secured endpoints. NAC as a security approach can
do a lot more than just access, though it can be a control point for overall
network security.
“Most enterprises don’t have a NAC budget, but there is a subset that they do
have a budget for, “Karthik Krishna, director of product management for
Juniper, told InternetNews.com. “Overall, enterprises are concerned
about network protection, and NAC is part of that.”
Network protection is what Juniper is aiming to provide with its UAC 2.1
release, which expands on Juniper’s UAC 2.0, released a year ago. UAC is essentially Juniper’s take on NAC.
With UAC 2.1, Krishna explained that Juniper is moving to more dynamically
protect networks with network intelligence. That intelligence comes from a
number of sources, including integration with Juniper’s Intrusion Detection
and Prevention (IDP) platforms to provide coordinated threat control.
The
idea being that with UAC 2.1 and IDP a network administrator can identify
the threat and the user or device that threat is coming from or against and
take action against the specific users or device.
“Coordinated threat control takes application control that is deep in the
network and brings it closer to the edge,” Krishna said. “It leverages
network information for access control.”
Krishna added that in the past, network administrators have had very limited
visibility into who the user actually was. With a coordinated approach, UAC
helps networks respond to threats better by providing richer visibility into
users and the ability to correlate users to applications with a higher level of
detail.
Beyond being just an approach to securing users in a network, UAC 2.1 can
also be used for application layer control.
“Many enterprises are focused on protecting applications and not users,”
Krishna said. “UAC in an overlay mode makes sure that only authorized
users can access applications.”
Using UAC for application access is not intended to compete against
Microsoft Active Directory or other LDAP (define) access technologies.
Krishna sees UAC as being very complementary in that it provides an
additional level of visibility and granular user control. With UAC an
application can grant user access not just on username and password but also
with an eye to ensuring that user is who they say they are and that they
don’t currently represent a risk.
Juniper is also expanding the footprint of what endpoints UAC can actually
manage and recognize. Devices such as printers and VoIP phones that
previously had been difficult to manage are easier to identify and control
with UAC policy.
The move by Juniper to more easily identify and control unmanageable devices
in NAC follows rival Cisco’s similar NAC Profiler product in September.
At that time Cisco also released a NAC module that plugs into its popular
ISR (integrated services router). Cisco considers the pluggable NAC module as something that will help end users more easily deploy NAC.
Juniper, which has a similar pluggable router with its SSG product
family, does not have a pluggable UAC module. “We’re not seeing the demand for integration like that,” Krishna explained.
Juniper supports enforcement of UAC on its SSG, but it still requires a
standalone appliance, Juniper’s Infranet Controller in order to have a fully
UAC solution.
While NAC-type solutions have been hyped by networking vendors big and
small, the biggest challenge for adoption, according to Krishna, revolves
around users not understanding what NAC offers.
“There are legitimate business drivers for NAC adoption, ” Krishna said.
“The challenge for us is helping to tease business problems out of customers
and help them to understand where it can meet those needs.”
This article was first published on InternetNews.com.