McAfee bolsters network access security
- — 21 October, 2008 08:56
McAfee is making it possible for customers to enforce network access policies on unmanaged devices such as laptops owned by visitors or consultants.
The company is announcing that customers now have the option to enforce NAC policies via McAfee's intrusion-prevention system (IPS) appliance known as Network Security Platform (formerly called IntruShield).
So if an unmanaged device is discovered on the network, the IPS can restrict its network access in accordance with preset policies such as allowing the device to gain Internet access but nothing else. Until now, McAfee NAC policies could be enforced only via software on each endpoint, which meant that devices not managed by businesses could not be held to NAC rules.
In the first quarter of 2009, McAfee will introduce a separate appliance that is dedicated to NAC, so if customers don't want an IPS, they can still enforce NAC policies on unmanaged devices.
That is the biggest benefit of device-based NAC enforcement, says Vinit Duggal, CISO of Intelsat, the US$2.5 billion satellite communications company that was already a customer of McAfee security software. He says that software gives him good visibility into endpoint compliance with NAC rules and also finds rogue devices - unmanaged endpoints - that need to be contained.
These devices could include laptops brought onto the network by consultants and vendors or devices owned and installed by employees, he says. Once discovered by the software, an IPS can enforce NAC policies on these rogue devices.
Duggal likes NAC enforcement on the Network Security Appliance because it can take action directly without requiring intervention from staff. At the same time, McAfee's endpoint NAC agent is also useful for managed devices because it can make sure they pass corporate policy health checks, Duggal says.
The ability to enforce NAC via software and hardware will become a common requirement that businesses will have when buying NAC equipment, says Rob Whiteley, an analyst with Forrester Research. "Unless you have a very narrow need for NAC, then ultimately you're going to need a solution from one vendor or multiple that gives you the flexibility to do either," he says.