tgreene
Executive Editor

Pressure from regulators motivates NAC purchases

Opinion
Jan 24, 20082 mins

* NAC can be a valuable tool in meeting regulatory requirements

Pressure from regulators continues to be motivation for customers to buy NAC. While the technology is by no means a Band-Aid to handle all the requirements of any particular regulatory agency, it can be a valuable tool. Most effective architectures that address these requirements use a range of technologies from security to recording to auditing to reporting.

Pressure from regulators continues to be motivation for customers to buy NAC. While the technology is by no means a Band-Aid to handle all the requirements of any particular regulatory agency, it can be a valuable tool. Most effective architectures that address these requirements use a range of technologies from security to recording to auditing to reporting (Learn more about NAC products from our Network Access Control Buyer’s Guide) .

NAC can be relied on to meet some of these demands. For instance, it can log and report on what individuals and machines access the network and what access method they use. It can also log the security posture of the machines to demonstrate later that access was granted to appropriate parties using appropriate devices and appropriate connection types.

When users access sensitive information, NAC logs can show that the person was authorized to do so and that controls were in place to keep out unauthorized users.

NAC also supports virtual LANs, which can be used as a way to demonstrably segregate network assets so regulators can clearly see when sensitive data is cordoned off from users that should not have access to it.

Post-admission NAC that adds intrusion prevention capabilities applicable to devices that have already gained network access can also be useful in meeting regulatory demands (Learn more about IPS products Host Intrusion Prevention Systems Buyer’s Guide).

Devices and users that try to reach data they are unauthorized to see can be blocked, and the NAC gear can document that the access was denied.

So when it is woven in with a strong, layered security strategy, NAC and the ancillary recording and reporting tools it can come with become part of a sound regulatory-compliance package.