It takes more than NAC to block malware

Clarifying issues surrounding this emerging security architecture

Of businesses that already use NAC in combination with antivirus software, more than a third suffer malware attacks anyway, according to a survey funded by Symantec.

Based on results of questioning 300 people who attended InfoSecurity 2007, 82% said they use NAC in combination with antivirus software, and 36% said their networks became infected with malware anyway.

This result indicates what is commonly accepted about NAC, that it isn’t the only security networks need to block malware. It is a risk-mitigation measure because it can identify machines less likely to be infected and allow only those onto the network. But as the result shows, that doesn’t mean they aren’t infected.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Of businesses that already use NAC in combination with antivirus software, more than a third suffer malware attacks anyway, according to a survey funded by Symantec.

Based on results of questioning 300 people who attended InfoSecurity 2007, 82% said they use NAC in combination with antivirus software, and 36% said their networks became infected with malware anyway.

This result indicates what is commonly accepted about NAC, that it isn’t the only security networks need to block malware. It is a risk-mitigation measure because it can identify machines less likely to be infected and allow only those onto the network. But as the result shows, that doesn’t mean they aren’t infected.

Those who had implemented NAC were asked the main reasons for doing so, and were allowed to respond to more than one choice. The top three chosen were preventing unauthorized users from getting on the network (80%); preventing data loss (66%); and enforcing security and access policies (61%).

More than half (55%) of the respondents already have NAC of some sort installed in their networks, and 31% say they are not interested in NAC.

These NAC users were also asked what other technologies they required to interoperate with NAC, and 98% chose other security software. Three other technologies mentioned were virtual desktops (53%); printers and peripherals (51%); and mobile gear (47%).

The top three reasons businesses hadn’t deployed NAC were that it cost too much (35%); it was incompatible with the network or operating systems (27%); and it was too disruptive to the network and to the organization as a whole (20%).

Asked where they thought NAC was best enforced, 63% said on the network; and 37% said on the endpoint. Each choice included a qualifying statement. Part of the network question said, “It’s better to rely on the network’s own security features to prevent attacks and damage.” The endpoint choice included, “It’s better to evaluate and remediate devices before they connect to the network.”

When asked “what frustrations, if any, have you had in implementing or managing” NAC, an astounding 86% said “none.” Based on reports about product testing done by professionals and on anecdotes from NAC customers, it’s hard to believe so many found no frustrations.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.