Let the community know what you think. Share your opinions now!
With the advent of IOTs, NAC should be able to identify any device that connects to the network. It may not necessarily be able to identify it, for as long as it holds an IP/MAC address, it should be able to alert admins for proper network classification and identification.
The most important aspect to look for when evaluating Network Access Control (NAC) is the rogue detection/blocking capabilities, a prospective buyer of NAC should be 100% convinced that the NAC solution being evaluated will lock down unauthorized devices accessing their network 100% of the time.
Identification of all devices (wired, wireless, IoT, VM), agentless and the ability to protect the network by blocking untrusted devices
capable of providing threat, vulnerability, or application visibility into the endpoints.
ease of use, vendor neutral, scalability, integration with other Security devices like MDM, Firewall, SIEM, TAC support, Guest, BYOD, Posture Capability, etc
Scales well, ease of deployment, and posture checking capability.
Flexibility. Flexibility of integration options within existing network, flexibility of enforcement options, flexibility of policy implementation. That and visibility to all of the devices on the network. You can't enforce what you can't see.
I agree with Anirudh, the product should be easily deployable and scalable. The next thing I would look for is the visibility the product brings to the table. When working on a NAC project you want to make sure you are securing all your assets and not just the ones that are playing nicely.
The most important aspect to look while evaluating Network Access Control (NAC) is ease of deployment in the network and maximum devices support.
I'm researching these two solutions: Cisco ISE (Identity Services Engine) and Fortinet FortiNAC. And I'm looking for recommendations on which product to choose and why?
Thank you for your help!