StillSecure Defines NAC

It seems like every vendor has a network access control (NAC) product or framework these days. You might be wondering, "Just what is NAC and what types of products can help me control which clients have access to my network?"

            StillSecure has proposed a definition of "Complete NAC" as "preconnect health checks, post-connect monitoring, identity-based policies, and coverage for Windows and non-Windows OSs. It also includes support and compatibility for major industrywide standards such as Cisco NAC, Microsoft NAP, and the Trusted Computing Group's TNC." StillSecure offers its Safe Access as a "Complete NAC" solution.

            At the RSA Conference last week, Mitchell Ashley, StillSecure CTO and VP of customer experience, told me that 2006 really established NAC as a budgeting item in midsized to large companies. He said that many companies started with NAC by doing a pilot project with contractors, mobile users, or one department. Now these companies are expanding beyond the pilot projects. He also sees 2007 and 2008 as big NAC adoption years for small to midsized businesses.

            Ashley said the big NAC frameworks have enforcement mechanisms, but Microsoft and Cisco don't have policy engines, and Microsoft doesn't support non-Microsoft clients. The frameworks rely on independent NAC products to plug those holes. You can find out more about "Complete NAC" and Safe Access at http://www.stillsecure.com.