tgreene
Executive Editor

NAC remediation options

Opinion
Mar 19, 20092 mins

* Many NAC vendors offer a spectrum of remediation options from none to fully automated

When NAC was conceived, it had everything to do with finding out if endpoints met security checks, but not so much about what to do about it.

In those early days when a device failed it might be denied access and the user would have to hunt down an administrator to find out what to do about it. In the best case today, the NAC policy test finds out what’s lacking and the system fixes it for the end user.

There is wide range of options in between. Users can be sent to portals where they can’t get out until they remediate whatever is lacking. These portals typically include instructions on where to remediate or actual buttons to click on that bring users to sites where they can get what they need. Some portals themselves have direct links to the needed upgrades.

Some NAC platforms integrate with other vendors’ patch management and version-control tools to help automate the remediation.

Or the portal might give the user instructions on what third-party sites they might go to for the fixes they need. This method, called self-remediation, might include going to the Web site of an antivirus vendor to download current virus signatures.

Many NAC vendors offer a spectrum of remediation options from none to fully automated, making these offerings more flexible.

The key is for customers to know which option they want and make sure the NAC vendor supports it. This includes considering what platforms might already be part of the customer’s network and whether the NAC products can integrate with them.