NAC Network Access Control

Network access control (NAC) is a foundational network security defense. The premise of network access control is the security principle that end users/endpoints can be blocked, quarantined, or redirected to different parts of a network if there is an Indication of Compromise (IOC) or vulnerabilities. NAC also provides endpoints visibility after data passes a cybersecurity perimeter but before data is enriched and taken into storage by a security information and event management (SIEM) appliance.

End-user devices and endpoints are ultimately the places where intrusions to networks matter and the last chance to defend or detect a network breach. The increasing level of malware and cyberattacks is also driving further NAC investments. Network visibility is critical. Every device on a network is a potential attack or reconnaissance point that must be discovered and secured. NAC vendors continue to innovate to meet new usage cases—most notably IoT, BYOD and cloud. The result is sustained growth for the NAC market.

The “traditional” focus of NAC has been Authentication, Authorization, and Accounting (AAA). At its core, NAC is all about enabling mobility and dynamic security. However, the enterprise network no longer sits within four secure walls. It extends to wherever employees and data travel. Mobility, digitization, and the IoT are changing the way we live and work. Networks are expanding, resulting in increasing complexity of managing resources and disparate security solutions. Today’s NAC security solutions must deliver profiling, policy enforcement, guest access, BYOD onboarding and more to offer IT-offload, enhanced threat protection and improved user experience.

NAC is evolving to have improved visibility and monitoring of network devices, more security features, orchestration with other security products such as Next-Generation Firewalls (NGFW), SIEM, web content filters, etc. In addition to IEEE 802.1X standard, most NAC vendors are supporting other protocols such as Simple Network Management Protocol (SNMP). NAC is evolving from a physical appliance deployed on-premises. Virtual appliances, software deployment, and NAC as SaaS are growing.

  • NAC is a rapidly growing market. Revenues are expected to grow from 2017–2022 at a 16.9% CAGR, reaching $2.1 billion in 2022.
  • Emerging trends driving NAC demand are the growth of IoT, mobility, BYOD, and cloud. The network enterprise is expanding beyond the “traditional” secure walls.
  • NAC is evolving beyond the “traditional” AAA functionality. Vendors are developing improved visibility, agentless tech, granular policy settings, classification, segmentation, contextual awareness, and more.
  • Security orchestration: Security vendors with broad product portfolios are integrating their solutions with NAC. Standalone NAC vendors integrate with third-party partners.

Pulse Policy Secure

Pulse Policy Secure delivers an easy-to-use BYOD ready granular access control and visibility solution that is context aware for the most complex datacenter and cloud environments. Pulse Policy Secure enables safe, protected network and cloud access for a diverse user audience over a wide range of devices.

The Pulse Policy Secure provides best-in-class performance and scalability while delivering centralized policy management with visibility, access control, and simplifying deployment, administration, and management. Pulse Policy Secure provides visibility into the network by detecting and continuously monitoring the network. It provides visibility for on-site and remote endpoints/users connecting through VPN.

Pulse Policy Secure can be enabled at Layer 2 leveraging 802.1X/RADIUS; at Layer 3 using an overlay deployment; or in a mixed mode using 802.1X for network admission control and a Layer 3 overlay deployment for resource access control. It fully integrates with any vendor’s 802.1X/RADIUS;-enabled wireless access points, such as Cisco, HP/Aruba Wireless, Brocade/ Ruckus Wireless, or any vendor’s 802.1X-enabled switches, such as Juniper Networks EX Series Ethernet Switches, which, when deployed with Pulse Policy Secure, deliver additional, rich policy enforcement capabilities.

Existing 802.1X infrastructure may be leveraged, as well as any Juniper, Palo Alto Networks firewall or Fortinet firewall, for policy enforcement and granular access control. Pulse Policy Secure also supports the Juniper Networks SRX Series branch firewalls, allowing them to configure Pulse Policy