What should be considered for Next-Gen Network Access Control (NAC) and Zero Trust Network (ZTN)?

Listen to this Blog

Frost & Sullivan’s “Global Network Access Control Market, Forecast to 2024” indicates that NAC has become an important element in the development of Zero Trust Networks (ZTN) as it provides visibility, monitoring, and control at the network access layer.

Gartner’s May 2020 Market Guide for Network Access Control also points out, “Most organizations interested in NAC are looking to establish the security of devices and users accessing the network, driven primarily by audit findings and to some degree a zero-trust network security strategy.” So NAC works as a foundation for cybersecurity at the access layer. It also provides a segue for zero-trust security.

Indeed, NAC is the critical technology that orchestrates other core technologies to maximize cybersecurity effectiveness while achieving ZTN. To support this outcome, NAC vendors need to provide flexible deployment options based upon strong software capabilities. Even though network infrastructure is evolving quickly, many organizations still maintain legacy or hybrid environments. NAC can be delivered via a physical or virtual appliance or even in a service format.

Which deployment options are available?

The chart by Frost & Sullivan summarizes how each NAC vendor is pursuing the market with different solutions. 

The point of the table is to indicate each vendor’s market focus, but not necessarily market share or leadership. The ratings are indicative of the relative importance specific to a vendor, not in relation to other vendors. If a solution is left blank, the company has no activity in this area.

Genians can Deliver

Genians has delivered enterprise-grade NAC solutions in various formats to 1,600 customers around the world since 2005.

  • Software: Genians’ NAC software comes in an all-in-one format, providing both a Policy Server and a Network Sensor. Network sensor software may be installed individually. It can be installed in any Intel-based virtual or physical machine. The Policy Server distributes established policies to Network Sensors and orchestrates seamlessly with third-party security solutions. The Network Sensor monitors wired, wireless, and virtual networks and provides complete control over endpoint device traffic via ARP, TCP, UDP, SSID etc. by eliminating the need for complex configurations and network changes. The software can be freely downloaded from Genians’ website. Up to 300 devices can be monitored without a license or trial period.
  • Physical appliance: Genians provides an out of band NAC solution powered by its Network Sensor. Should a higher level of security be required by keeping all NAC components within the network, this option should be considered. Indeed, Genians’ customers in government, military, and financial institutions primarily use this option. Genians’ NAC policy server comes with 3 major built-in services (DHCP, RADIUS, Syslog), allowing it to cover 802.1x networks effectively.
  • Virtual appliance: Genians NAC can be also installed on a virtual machine. Support is provided for various hypervisors, such as VMWare, VirtualBox, and XenServer.
    Managed NAC: Genians’ Policy Server can be operated in the Genians Cloud on AWS, or on other public cloud services such as Azure or GCP. MSSP and professional service providers can easily manage their customers’ policy services in a central location by plugging Genians NAC into their respective cybersecurity stacks. They also have the option of using their own equipment as Network Sensors.
  • NAC as a Service: Genians’ Policy Server supports multi-tenancy environments (e.g. Docker containers) while the Network Sensor can support universal customer premises equipment (uCPE). Genians’ comprehensive management service encompasses:
    • Management one-stop service (sites, users, licenses, subscriptions, billing)
    • Virtual domain support
    • Centralized dashboard and reporting
    • Zero config provisioning
    • White label service

Multiple deployment scenarios can therefore be supported by Genians’ Next-Gen NAC.

What are the essential features required?

To cover heterogeneous and evolving networking environments, we need to look at how NAC has evolved based on business requirements such as Wireless, BYOD, and IoT.
Frost & Sullivan Addressed Genians Addressed
NAC 1.0 A complex technology that was difficult to implement:
  • Required AAA, RADIUS, and supplicants that were different on each OS, or none in the case of devices such as printers.
  • Required strict authentication practices and aggressive pre-connect device checks, which become too intrusive and restrictive to be a viable option for most customers.
This adversely impacted employee productivity and resulted in numerous support calls.
802.1X-based NAC: This approach allowed or denied access at the level of the switch port or the wireless access point. The method was extremely difficult to implement and maintain due to networking device compatibility issues. Network visibility was difficult to achieve because the network needed to be configured properly to support 802.1x.
  • Genians non-disruptive Layer 2 based network sensing technology provides real-time visibility. Visibility first approach allows for easier deployment of .1x if desired.
SNMP-based NAC: This method provided dynamic VLAN assignment (VLAN steering) to quarantine or remediate any compromised devices. However, many touch points in switching devices cause implementation and maintenance issues.
  • Without integrating Switching/Wireless devices, Genain NAC provides complete visibility and does the switch port-level access control.
Agent-based NAC: Involved an Agent installed on endpoint devices (permanently or temporarily) that performed pre/post admissions control at the endpoint. This approach often caused endpoint system performance issues (e.g. bluescreens) by consuming too much CPU and memory. It also proved difficult to deploy into BYOD/CYOD/Guest devices.
  • Genians Agent standardizes the configuration of corporate-owned/BYOD devices automatically and controls them remotely without having any performance issues since it runs application layer.
NAC 2.0 Overall, it provides greater visibility, mobility enablement, guest access, and support for BYOD.
  • Appropriate network access based on device identity (classification), device functionality, and state of the device (compliance).
  • Integration with third-party security tools, infrastructure management tools, and protocols that include DNS, DHCP, Active Directory, LDAP, SNMP, mobile device management (MDM), and advanced persistent threat detection.
Requires non-disruptive network sensing technology, dynamic policy enforcement, interoperability, and flexible deployment options:
  • Network visibility: Network sensing technology powered by Device Platform Intelligence (DPI) discovers and presents all detected devices’ business contextual and risk-related information along with their technical information without disturbing existing network infrastructure.
  • Network Access Control: Layer 2 based dynamic policy enforcement to complete control over endpoint device traffic over TCP and UDP by eliminating the need for complex configurations and network changes. Provides the essential cybersecurity features needed to manage IP/MAC, SSID, Users, Endpoint Configuration, and Logs & Alerts to ensure secure connections end-to-end.
  • Network Automation: Vendor agnostic architecture integrates a wide range of IT security and business solutions (e.g. Firewall, VPN, IDS/IPS, VM, MDM, SIEM, APT, DLP, CRM, ERP) via native protocols

As can be seen above, Genians does not rely on a single visibility or control method; rather, it provides multi-layered Access Control by utilizing the benefits provided by each of the following:

  • Layer 2: ARP Enforcement (using Network Sensor)
  • Layer 3: TCP reset (using Mirror/SPAN Sensor)
  • Layer 3: Inline Enforcement (Dual-homed Gateway)
  • Agent: NIC/Power Control, Alert Popup
  • Integration: Firewall, Switch port shutdown (SNMP, Webhook)
  • Built-in Services: DHCP, RADIUS, Syslog

In short, you can choose one or more of the above options to fortify your network cyber-defense environment based on your requirements and deploy NAC programmatically from visibility, to access control, to automation. Further, Genians DPI and multi-layered access control provides enhanced visibility for IoT/industrial IoT (IIoT) environments by providing for integration with software-defined perimeter (SDP) and other security technologies.

Network Access Control 101

Learn the basic concept of Next-Gen NAC to secure all network access from Core to edge network seamlessly. 

Evolution of NAC

NAC Architecture Comparision

Best NAC Deployment Plan

Why NAC? Why Genians?

Follow Us

Scroll to Top

We use cookies to help improve this website and enhance your browsing experience You can change your cookie settings at any time. • Privacy • Terms