NAC is an ever evolving topic in its
definition and understanding. For me, NAC remains a curiosity. Our clients
crave deploying it, but remain stymied by its ever evolving nature. NAC today
is about enforcement, policy, and posture. Adding to the mix of these features
is better identity for your users and asset management for your non-computing
network attached end points. This last issue is actually becoming a real sore
point as more IP enabled devices start to show up on your network. IT managers
are brainstorming ways to track, monitor and manage end point devices such as
printers, faxes, IP phones, badge readers, HVAC systems, wireless access
points, etc. Yet most NAC solutions
today don’t adequately extend access control to these non-computing endpoints.
In fact, many just require you create a white-list and allow these devices to
bypass any authentication and access control framework. 

Role based identity management is crucial for
a well rounded NAC solution, but we’d argue no system is complete without asset
tracking and comprehensive endpoint profiling. Enter Great Bay Software, which
is addressing these issues and partnering with infrastructure-based NAC vendors
such as Cisco and Juniper. If you have deployed NAC from any of these vendors —
or even thinking of jumping on NAC bandwagon — then Great Bay Software is an
operational lifesaver. Its Beacon Endpoint Profiler enables discovery of
network attached endpoints and it includes information about the type and
location of the endpoint. As Beacon crawls the network it will actually build a
central repository of non-computing endpoints. This “fingerprinting” claims to
be extremely accurate and will discover, classify, and allow you to extend
policy to all the devices listed above — which can be upwards of 50% of the
IP-enabled nodes on your network!. Moreover, Beacon handles all non-EAP
devices prior to implementing strong authentication, which means a smooth
onramp to port-based security such as 802.1x.

With the
release of Sponsored Guest Access solution, Great Bay Software is also entering
into the guest user access market. Its SGA solution will enable management, monitoring, and configuration of
guest clients, which is a much needed feature for today’s NAC solution. Overall,
Great Bay Software may not be the most glamorous technology, but we think it
will become a de factor standard for successful, large-scale NAC deployments.
Yep, we truly believe it’s that important.

By Robert Whiteley

Check out Robert’s research