Top Network Access Control (NAC) Solutions for 2021

Network access control (NAC) has always been important. However, with so many people working remotely, its profile has risen sharply in the enterprise. Essentially, NAC helps enterprises implement policies for controlling device and user access to their networks regardless of their location. The goal is to bring order to the chaos of connections, whether they are internal or external. Those connections might be from in-house personnel, a remote workforce, customers, consultants, contractors, and guests.

 Each of these groups require access, although the kind of access varies sharply from one person or group to another. Administrators require a different tier of control to lower-level workers, and groups such as guests or contractors are given limited access rights.

Basic Features of NAC

The features of NAC platforms vary from one vendor to another. But most of the following basic capabilities should be present in any NAC product:

  • Dedicated policy management that can define and administer security configuration requirements
  • The ability to specify the access control actions for compliant and noncompliant endpoints.
  • Ability to block, quarantine, or grant varying degrees of access.
  • Management of guest access.
  • A profiling engine that can discover, identify, and monitor endpoints.
  • Easy integration with other security applications and components.
  • Operation from the edge to the cloud as the same policies that apply to traditional perimeter network access should apply for access to the cloud.
  • Support for Zero Trust and SASE security frameworks where identity, not the method of connection, dictates what a user or device can access.
  • NAC must operate in a multi-vendor environment, across wired, wireless and WAN connections and integrate with the rest of the security ecosystem.
  • Continuous monitoring of devices to assess their security posture, risk and compliance, and network behavior.
  • Least privilege network access enforcement based on user identity, device identity and ownership, device security posture and risk profile. 

Also read: Best Network Automation Tools for 2021

Primary Use Cases for NAC

The primary used cases of NAC are:  

  • Device visibility
  • Asset inventory
  • Endpoint compliance 
  • Network segmentation 
  •  IoT and OT security
  • Zero Trust security
  • Return to office risk mitigation.

Top NAC Vendors

Enterprise Networking Planet reviewed the various NAC platforms and tools on the market. Here are some of the top vendors in this field, in no particular order:

Aruba ClearPass Aruba logoAruba logo

Aruba, a Hewlett Packard Enterprise company, offers ClearPass. It applies policy and granular security controls, such as where and how the associated traffic can navigate the network, to ensure that proper access is granted to those connected to both wired and wireless enterprise networks. The ClearPass family comprises ClearPass Device Insight, which uses AI to discover and profile IoT devices; ClearPass Policy Manager, which enables security teams to define business-level access policies; ClearPass OnGuard for agentless endpoint security assessment; and ClearPass OnBoard, which streamlines BYOD connectivity. 

Key Differentiators

  • Agentless policy control and automated application: ClearPass Policy Manager allows IT staff to implement policies for how users and devices connect and what corporate data they can access
  • Built-in enforcement of access privileges for segmented traffic: Aruba Policy Enforcement Firewall dynamically segments traffic across wired, wireless and WAN connections with the same policies and access rights.
  • Secure access for guests, corporate devices, and BYOD: Simplified access for authorized users using role-based policy and identity to authenticate users.
  • ClearPass is designated Cyber Catalyst by Marsh. This program, operated by eight of the largest cyber insurers, evaluates security products.
  • Automatically eliminates blind spots by finding and fingerprinting IoT devices with AI-based, cloud-delivered discovery and profiling.
  • Integrates with over 170 security and IT management solutions and can act as a clearing house for attack alerts.
  • Can propagate access policies for other vendors, including Cisco.
  • Supports authentication protocols including Radius, LDAP, AD.
  • Common Criteria certified.

Forescout NAC Forescout logoForescout logo

The Forescout NAC platform is built around licenses for Forescout eyeSight, eyeControl, eyeSegment, and eyeExtend). It gives security and IT operations teams real-time visibility of all IP-connected devices when accessing the network. Users can choose from more than 20 active and passive discovery and profiling methods to match to the business environment and ensure continuous network availability. More than 12 million device fingerprints in the Forescout Device Cloud offer device classification capabilities to determine device function, OS, vendor and model.  

Key Differentiators

  • Coverage across all locations, networks and device types, without blind spots, with or without 802.1X authentication.
  • Agentless assessment of security posture, risk and compliance; automated policy-based remediation workflows; assessing and mitigating risk from device decay as employees return to office.
  • Network Segmentation: Baselining of existing network communications between devices and non-disruptive implementation of segmentation policies.
  • Access Enforcement: Block rogue and unauthorized devices, enforce least privilege access across networks.
  • Single platform for all managed, unmanaged and unagentable devices – IT, IoT, IoMT, ICS/OT and virtual/cloud instances.
  • 20+ passive and active visibility techniques with passive-only options.
  • Agentless assessment for Windows, macOS, Linux and IoT devices.
  • Unified policy engine for automating posture assessment, remediation, incident response and network access workflows.

Portnox Portnox logoPortnox logo

Portnox Core is an on-premise network access control solution that provides actionable network and device visibility, as well as automating enforcement actions. This agentless, software-based, and vendor-agnostic product provides device intelligence, full network view, and full customization of remediation and action scripts.

Key Differentiators

  • No network prep work required, no appliance installations or infrastructure changes.
  • Web based UI with smart workflows, onboarding, and automated response actions.
  • No need to replace appliances when increasing the number of devices, clusters and backups done via software.
  • Visibility into VoIP, IoT, and BYOD.
  • Portnox Clear is a managed service that provides network visibility, continuous risk monitoring, and remediation of endpoints across all access layers.
  • Enhance remote access security for VPN, VDI, and enterprise cloud applications with continuous endpoint risk monitoring and device remediation.
  • Secure WiFi access in the cloud no matter location or device type through the use of identity-based authentication that leverages personal credentials or digital certificates.

InfoExpress NAC InfoExpress logoInfoExpress logo

InfoExpress offers a family of appliances to meet different NAC requirements. They support enforcement that secures access for mobile, desktop, and IoT devices without network changes. The enterprise version is the CGX server. It can be deployed as a VM or appliance that provides a full suite of network access control applications to create a flexible and custom NAC solution.

Key Differentiators

  • Optionally install agents to provide granular policy compliance and to deploy Dynamic NAC to control access.
  • Detect and enforce unknown devices on the network.
  • Limit guests to needed resources.
  • Support access for personal employee devices. 
  • Manage compliance for corporate devices.
  • A policy builder can create custom rule sets using information about the user, directory membership, device, location, time and more.
  • Policies can invoke operations such as flagging devices, sending alerts, and restricting access.
  • Selective network access is provided based on the results of policy rules.
  • In-band enforcement is supported as part of the…

Read More:Top Network Access Control (NAC) Solutions for 2021