Being a NAC Slacker Costs Big Bucks
A new report finds that if you don't do NAC right, your network will still be full of costly holes.If you don't do Network Access Control right, not only will your network still be full of holes, but you'll wind up paying more than the company down the road that did it right and has shrunk unauthorized network access to zilch. Doing NAC wrong combines insult and injury in one ratty little package, according to a report from Aberdeen Group released on Nov. 8. The report, titled "Who's Got the NAC? Best Practices in Protecting Network Access," found that out of 384 companies surveyed, those deemed NAC "laggards" are paying on average $229,327 for NAC hardware and $187,000 for NAC software. That compares to the outfits that Aberdeen has deemed "best in class," which are paying on average only $102,206 for NAC hardware and $123,881 for NAC software. And by "laggards," Aberdeen doesn't mean late adopters. Rather, it means lackadaisical adaptersthose who have some type of NAC infrastructure but aren't necessarily authenticating users entering the network, enforcing network security policies, defining groups of network users for specific policy enforcement, monitoring user behavior and stopping inappropriate activity after users have been admitted onto the network. Those are the attributes of best-in-class NAC adopters, according to the report.
The difference between being best in class or a NAC slacker is stark. Out of the best companies, which formed 20 percent of Aberdeen's group, 100 percent reported that successful network breaches have decreased or stayed the same over the past two years. Those same best-in-class NAC adopters report zero incidents of unauthorized network attacks and zero incidents of network downtime related to network attacks in the past year.
- Prevents unauthorized users from accessing the network
- Causes minimal operational impact on users, help desk and network performance
- Supports/enforces policies specific to different user groups
- Logs all network access events for auditing
- Prevents unauthorized devices from accessing the network
- Centrally records all events
- Can be installed without directly impacting network performance
- Is transparent to the user
- Supports enforcement for remote users
- Can quarantine unhealthy machines without cross-infection
- Assesses endpoint security status