Microsoft Takes Aim at Endpoint Security
Microsoft's end-point security tool is starting down the hype cycle. Titled "Network Access Control", Microsoft aims to use this tool as an adjunct to your typical SSL VPN access tools. Though, they intend in the future for this product to eventually replace the need for an SSL VPN.
The difference between NAC and SSL VPN is in the ability to manage and monitor the incoming client (the "end-point"). The NAC can check for preconfigured client health status like updated virus signatures and patch status before allowing that client into the network. Also, a NAC has a much more granular capability to enable or disable access to resources on the internal network (think: can I read the document, or read it and write to it).
Dark Reading has an interesting write-up on Microsoft's NAC solution:
SSL VPNs are the precursors to NAC, Microsoft execs say. "The first place you saw 'NAC' was in remote access gateways," says Mike Schutz, director of product management for Microsoft. "Then threats started literally walking through the door, not just at the gateway."
That's, of course, where NAC comes in. The two will work hand-in-hand, with the SSL VPN gateway throttling down the level of access, Sloss says. "The gateway will dial down the level of access, and NAC/NAP will handle the 'in' or 'out'" policy for a client on the network...
Microsoft envisions the two products as a "single solution" for remote access and NAC policy enforcement. With a combination of the two, "you can manage access... and have application security, and control what the user does" and has access to, he says.
Sloss notes that Whale Communications -- the SSL VPN vendor Microsoft acquired last year and whose product is the basis of IAG -- was originally a Microsoft NAP partner. So integration of the two products won't be a big deal. And IAG -- like Microsoft's NAP -- will be fully integrated with Windows Server 2008, he says.
But some security experts say SSL VPN tools could get marginalized in the NAC age, as more robust NAC boxes sitting behind the SSL VPN gateway will take over some of the security functions of the gateway, such as enforcing compliance of remote clients. Today, SSL VPNs, NAC boxes, and other policy-based devices all work separately, and there can be overlap.
The advantage of running both SSL VPN gateways and NACs, of course, is a system of checks and balances, where the SSL VPN authenticates remote users and devices, and the NAC handles the "posture-checking" of all of the client machines, industry experts say. The NAC would have to clear the client before it hits the VPN gateway, for instance.
Read the full piece at:
http://www.darkreading.com/document.asp?doc_id=124942&f_src=darkreading_section_296
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine