A next-generation NAC solution should be able to meet the following criteria:
A modern NAC solution should be able to see and evaluate all devices when they try to connect to the network. It should also be able to automatically discover and categorize users associated with specific devices before granting network access—for example, what devices they have registered with the network and the time and location of the connection request. In addition, a NAC’s visibility and risk assessment duties should continuously scan for erratic user behavior or signs of endpoint compromise post-connection.
Granular control policies
In addition to regulating where devices and users can go within the network, and which resources they can access, NAC solutions today should also support intent-based network segmentation. This ensures that users and devices can only reach the applications and files that are relevant to their defined business needs.
NAC should seamlessly integrate with other solutions across the broader security architecture—including third-party products—to actively share relevant information about potential threats and enforce controls across the extended organization. This is a critical capability for protecting multi-vendor networks.
Automated real-time threat responses
A NAC solution must facilitate automated, real-time threat responses to immediately contain suspect devices before major damage or infection can occur. The ability for security solutions to send and receive real-time threat intelligence for coordinated actions across the entire organization is the “holy grail” of a connected security architecture.
Anomalous device or user behavior should instantly trigger a unified containment response across the security architecture. This might include automatic termination of a connection, restrictions placed on network access, quarantine isolation, and/or a range of security operations center (SOC) notification actions. These sorts of automated threat responses can reduce containment time from days to seconds, while at the same time supporting compliance with increasingly strict regulations and data privacy laws