StillSecure has expanded its NAC offering to include its intrusion-detection and -prevention gear.

With the addition of StrataGuard IDS/IPS technology to the company’s Safe Access NAC offering, the product now supports both pre-admission and post-admission NAC.

Pre-admission NAC is the checking of endpoints for adequate security posture before they gain network access. Post-admission NAC is making sure devices behave in accordance with security policies after they are admitted.

It’s important to note the distinction and the value of each. While pre-admission NAC was initially devised as a way to protect against viruses and Trojans by ensuring computer defenses are up to snuff, it doesn’t guarantee that a machine is not infected. For instance, a new virus for which no signature has been found could be installed on a PC that also meets pre-admission requirements.

Post-admission NAC can backstop pre-admission NAC in these cases. When the virus goes to work within a network protected this way, the NAC gear will discover suspect behavior and isolate the offending machine until it can be cleaned or until its suspicious activity is found to be legitimate.

In combination, these two forms of NAC are not foolproof, but they are formidable and fit well into anybody’s multilayered security scheme.

StillSecure gives this combination its own name - Complete NAC - but the idea isn’t unique to StillSecure. In fact most NAC vendors are leaning in this direction, either by developing their own technology or teaming up with other vendors, and as a customer, it’s important to look for both.

Tim Greene is senior editor at Network World.