How to Choose the Best Network Access Control Solution - Page 4

Costs of NAC

Whether you're a geographically dispersed retailer, manufacturer or financial services firm, managing a NAC appliance at each location can get expensive quickly. Consider that each hardware-based NAC appliance would cost about $20,000. Additionally, that appliance very well could require paying the travel expenses and time of an expert for the initial deployment and configuration. Then there's the burden of continuous maintenance and updating.

And, in some instances, depending on the nature of your architecture, remote management may not be feasible without significant and risky changes to your network configuration. If you want to keep costs down (including ongoing maintenance and management costs), a software-based NAC solution may be a viable option.


Depending on your needs, implementing NAC as part of a comprehensive IT security solution may be the best option. Many large infrastructure vendors have partnered with security vendors to offer their services with best-of-breed security technology.

As you can see, there are many things to consider before you make your move to NAC-and we hope this article helps you to simplify your choice. No matter what type of solution you choose, you eventually will need to pull the trigger and deploy. That's when you'll need a deployment strategy. It's best to deploy in stages. That is, approach your NAC with incremental installs that solve a specific need or secure a certain location or network segment. As you get more familiar with the NAC solution, move the deployment throughout the business. In the beginning, you'll want to plan a reasonable amount of time to monitor how well it's going, and to give administrators the time they need to understand its impact on systems and your network.

Also, before you turn on any policy enforcement capabilities, make sure you have a good remediation strategy in place. Will you block people with noncompliant systems outright? How well are you integrated with patch management software? You'll also want to know, and have established, where you are going to store your remediation files and directions for any systems that are not in compliance.

Despite the fact that NAC currently is facing a level of resistance in the marketplace as a result of some less-than-spectacular deployments, it's more crucial than ever that NAC be examined. Not only have there been recent advances in NAC solutions, but many of the problems with failed solutions have been the result of not thinking NAC through, choosing the wrong solution, rushing too fast into the deployment or attempting to do too much too fast. Now you know how to do it better.

/images/stories/heads/knowledge_center/lum_stacey70x70.jpg Stacey Lum is CEO, CTO and co-founder of InfoExpress, a leading vendor of network access control solutions for enterprise networks. Prior to InfoExpress, Stacey developed network protocols and applications at Proxim and other wireless networking vendors. Stacey is an active speaker and panelist at various industry events, and holds a BS EECS from the University of California at Berkeley. He can be reached at [email protected].