Here’s a question: are Network Access Controls (NACs) dead?

Recent industry-wide data from Forrester has shown that not only are NACs not dead, but they’re making a comeback of sorts because the technology is evolving.

In its recent Trends Report, “Take NAC Out of the Box” published during the fall by analyst Carlos Rivera, Forrester has found that despite three years of leveled growth NACs—Cisco Identity Service Engine (ISE) is an example of this technology—are beginning to experience a resurgence. The independent research firm said that because of a variety of reasons it took more than a few years for NACs to get a foothold in the industry. But once it did, many network admins saw what has made the technology so appealing and began investing in NACs.

In addition to the evolution of the NAC, the pandemic receding further into the rearview mirror has helped. Forrester says remote workers are coming back to the office and many security admins remember why NACs were so useful.

“[NACs] properly gate their laptops (and only other sanctioned, uninfected devices) on the local network!”

This realization comes at a great time because NACs are beginning to connect with solutions that take a larger role in network security; namely:

  • Integrating network and identity-based security solutions
  • Stronger resource access without VPN
  • BYOD posture checks

What separates today’s NAC from yesterday’s solutions—and the primary reason why Forrester is seeing NAC’s profile rise—is that the solution is taking the next step in its evolution. What this specifically means is that NACs now have a cloud-delivered centralized management at its core.

It’s not just hybrid work that has increased the solution’s profile as the IoT explosion has helped NAC regain its foothold among network admins. Unmanaged IoT devices can become a big headache for network admins as they can provide a “back door” into corporate infrastructure. Without the extensive security features offered by NAC solutions such as Cisco ISE; bad actors looking to deploy malware, distributed denial of service (DDoS), application disruption or engaging in data theft and general snooping have a surefire way into the network.

Network admins know that control of their IoT devices begins with a NAC solution.

And smart network admins understand that when it comes to a cloud-forward centralized management solution, Cisco ISE is a natural because Cisco ISE is a complete NAC solution. Without Cisco ISE, networks can show cracks which can be exploited by bad actors putting data and business in a compromising position.

Head in the Clouds

As the industry leader, Cisco ISE allows for flexibility and choice with a hybrid multi-cloud NAC that provides secure network access anywhere and everywhere. This is done through:

  • Security Resilience: Rapidly deploy Network Access Control workloads across multiple clouds and achieve security resilience for the self-managed infrastructure.
  • Automate zero trust controls: Accelerate and unify network access policy across the distributed network to support lean branch deployments and limit risk from the cloud.
  • Site Survivability: Gain flexibility to maintain critical functions on-prem while centralizing administration in the cloud.
  • Flexibility and choice: Tether network access control workloads to multiple clouds to maintain business continuity through uncertainty.
  • Simplified lifecycle management: Enable access and management from anywhere and within any console through APIs.

In addition to spotlighting how a centralized management needs to be cloud-delivered, the Forrester report also discusses how NACs work glove-in-hand with Zero Trust Architectural strategies. It is imperative for a NAC to support interoperability and strategic integrations, Forrester said. And in order for that to happen, cooperation between all of the security teams need to be reached in order to make this a reality.

The recently released Cisco ISE 3.3 is a great example of how NACs are constantly evolving. Networks are now provided with operational flexibility, increased security and efficiency via intelligent insights. Packed with new time-saving software features that will undoubtedly strengthen the network, Cisco ISE 3.3 allows the network admin more time to take care of other—more pressing—job responsibilities.

Among the time-saving features are:

  • Split Upgrades make the update process less complex and more predictable as files are downloaded before upgrades and prechecks are done.
  • Ciphers Control provides customers the ability to edit a list of ciphers that can be disabled so that they can be compliant with the latest security standards.
  • Controlled Application Restart gives customers the flexibility to control the replacement of the ISE administrative certificate allowing them the ability to plan for maintenance once their current certificate expires.
  • Cisco ISE customers who employ AI/ML Profiling and multi-factor classification will be able to use a cloud-based ML engine to analyze their endpoints and identify identical unknown devices.

Zeroing in on Zero Trust

Cisco ISE is an integral part of the Zero Trust Architecture (ZTA) solution. It provides full session security with integrated intelligence with a platform approach to activate visibility and automate threat containment.

Here is what Cisco ISE ZTA offers:

  • Fully mature zero trust with integrated intelligence from across your stack into policy enforcement points throughout the network.
  • Integration with cloud native SaaS solutions to increase security intelligence into your policy decision and enforcement points and to automate threat containment with pxGrid Cloud.
  • Automated threat containment: Don’t just block threats, remove them with integrated intelligence into enforcement points within the network.

To find out more about Cisco’s NAC solution, read all about Cisco ISE at: https://www.cisco.com/site/us/en/products/security/identity-services-engine/index.html

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Byron Magrane

Product Manager, Marketing