I moderate a number of panels for the SecureWorld Expo folks. I enjoy it, and I think the attendees get a lot out of it (I try to follow Guy Kawasaki’s advice when I do moderate). One of the panels I have been moderating a few times is on Network Access Control and quarantining. The model I work with involves enumerating all of the techniques available within this ecosystem to perform five functions:
- Identification of the endpoint on the trusted/protected network.
- Interrogation of the endpoint and/or its activity to determine "bad" state.
- Quarantine of the endpoint to keep it from infecting others.
- Remediation of the endpoint to fix the problem.
- Recovery to "good" state and back in action on the wire.
I find this to be a useful way to evaluate NAC solutions because there are a number of techniques available within each of these functional areas and they each have different strengths and weaknesses. Also note that it takes at least two and usually three or more products to perform all of them in concert, which is why it is useful to think of NAC as an ecosystem and not a product per se.