NAC used for something other than what it was designed for

Few customers of use it for what it was intended, preferring instead to deploy the security technology to keep guests and contractors away from corporate production networks, according to a new report.

In 80% of deployments, businesses use NAC to to users who have legitimate reasons to connect to the network but who aren't full-time employees who warrant full network access, according to a report by Gartner. (.)

Establishing that endpoints meet a baseline profile -- the reason NAC was invented -- runs a distant second, with only 15% of deployments restricting network access based on endpoint posture as determined by NAC tests, according to the report, Network Access Control in 2009 and Beyond.

"The initial driver for NAC, the danger of an infected PC connecting to the network and spreading a worm, has dropped off considerably because Sasser (2003) and Blaster (2004) are distant memories," according to the report, written by Gartner analysts Lawrence Orans and John Pescatore.

Businesses have two other main reasons for buying NAC, Gartner says. First is to promote identity-aware networking by pairing users' IP addresses with the individual identities in order to better track what they are up to. The second is to contain the outbreak of worms and other malware as they start to exhibit suspicious behavior.

Generally, buying NAC for one reason leads to expanding its use, Gartner says. The goal of businesses should be to have a clear understanding of why they are buying NAC, but they should be aware of its other possibilities and leave open the option to adopt them, too, the report says.