NAC to Transform into EVAS to Address BYOD Challenges
Driven by mobility and BYOD within the enterprise, the Network Access Control (NAC) market has enjoyed a recent resurgence. Now the NAC space may be set to evolve into a bigger, more mainstream new category, according to the Enterprise Strategy Group (ESG): Endpoint Visibility, Access and Security (EVAS).
The difference between NAC and EVAS
The ESG describes EVAS as the logical evolution of the once-niche NAC market. EVAS goes beyond access control to encompass several other vital enterprise network security functions: real-time visibility and monitoring of all endpoints, including personal mobile devices; granular control of network access; and enhanced security capabilities, including policy enforcement and threat remediation.
NAC market leader ForeScout welcomes the new category. "NAC was a major use case for us, but never the only one. EVAS is a better description of what we've been doing for years," Gil Friedrich, ForeScout's VP of technology, told me recently. ForeScout also offers mobile and BYOD security solutions, for one thing, including a Mobile Device Management (MDM) platform and an MDM module that integrates with the vendor's CounterACT NAC solution.
MDM limitations and how EVAS can help
ForeScout recognizes the limitations of MDMs, however. When it comes to endpoint visibility in BYOD environments, "the problem with MDMs is that they can only see into where they've been installed," Friedrich said. And IT-approved, MDM-cleared devices might not be the only ones employees bring to the office.
"The first question we encourage our customers to ask is how many mobile devices are actually on your network right now. This is a question an MDM solution can't answer," he said.
Friedrich cited a new ForeScout customer, a bank that had originally estimated about 1.2 million endpoints on its network. ForeScout deployment revealed about 1.6 million endpoints, a significant difference that represents a significant risk to the bank network's security. Solutions that provide agentless endpoint assessment and visibility and continuous, real-time monitoring help mitigate the risk of security threats from unmanaged devices.
For those enterprises experiencing a proliferation of mobile devices on their networks, automation of security operations is the other key to a successful EVAS deployment.
"With the change rate of mobile devices and the number of people bringing other devices online, controlling endpoints can be never-ending work. Instead of investing time into touching each device manually, enterprises need to figure out an automated way to push their policies onto the devices," Friedrich said. Automation of security policies in EVAS solutions may also assist in maintaining regulatory compliance, such as that demanded of the health care and financial services verticals.
EVAS in the cloud and beyond
Beyond these key tenets, Friedrich also sees EVAS as useful to the cloud-based services gaining popularity within the enterprise. Providing authentication and enforcement operations to employees using noncorporate networks to connect to corporate cloud services "is the future for us," he said.
The vendor is also examining use cases in software defined networks."We have multiple customers running SDN labs to see how our solutions will work in that environment. They want to see all the visibility, control, and access they expect from us, and these are the functions we will provide," Friedrich noted.
BYOD and mobility may enhance productivity, but they also pose challenges to network security. Will those challenges propel EVAS into the mainstream? Only time will tell, but the needs EVAS can address are critical enough for enterprises to take notice.
Jude Chao is executive editor of Enterprise Networking Planet. Follow her on Twitter @judechao.