Securing small and midsize businesses
Few SMBs (small and midsize businesses) have the dedicated IT staff and expertise needed to configure complicated and out-of-band approaches such as 802.1x network configurations, and properly troubleshoot network problems when they arise. Also, given resource constraints, these organizations often prefer to focus IT teams on business-growing IT initiatives.
That's exactly what software-based NAC does: It increases security while also reducing the management burden on security and networking teams. In fact, for SMBs, much can be said in defense of agents. For one, a higher level of scrutiny can be achieved on endpoints, which aids security. And the reality is, agents can be the least disruptive solution available, especially when it comes to network traffic because agents run quietly in the background, only sending periodic updates to the policy server. So, if you're an SMB with limited IT resources, the trick is to find the most manageable, cost-effective, software-based NAC or dynamic NAC solution available.
Level of security desired
No matter what size your business or network, you need to balance cost and manageability with the level of security you desire. It's common, because of internal culture, risk tolerance or whether or not one operates in a regulated industry, for organizations to lean toward a high level of security or ease of manageability.
For instance, hardware-based 802.1x (out-of-band) solutions may be the best option if security is the only consideration. While agentless NAC sidesteps the need to install and maintain agents, there's a compromise: The agentless approach doesn't provide a persistent way to evaluate the status of the endpoint thoroughly. Also, because identity is ascertained by examining network traffic, users possibly can fool the system.
Dynamic NAC systems, with only a percentage of systems requiring agents (which continuously look for noncompliance), may provide the right balance between manageability and security.