Recently in NAC Category

NAC and Patching

When I was looking at different NAC solutions, I remember one vendor being aghast at my plans for NAC, "NAC isn't patch management" he sputtered. While I agree that no one is looking to supplant their SMS/patchlink whatever with NAC, making sure every computer meets a baseline requirement is an important goal.

We continued looking at vendors and eventually went with Forescout's Counteract. As I've been implementing it, one of the things that struck me was that Microsoft SMS 2003 is even worse that I thought. We used Forescout to run a check for June 2008 Microsoft patches. What I found was 5% of the systems didn't have those patches because their SMS was hosed.

Using NAC to gather vulnerability information has a lot of advantages. Unlike vulnerability scans, in many cases I was not restricted by personal firewalls. The Forescout uses a connector so it can run scans on the local machine with admin credentials. A vulnerability scan runs once per week and not every system may be online. With Forescout I have a more accurate view of the patching in the enterprise because the scan can be set to run as the client comes online.

Forescout NAC has given me insight to the network that I didn't have before. Unfortunately its putting in a 100 watt bulb after you've been using 40 watts. With the sudden brightness, you see the cobwebs and dirt that you hadn't noticed before.

The next steps are to fix the SMS on the 5% systems that are broken. Plans are being drawn up to upgrade to SCCM which uses WSUS for updates. I'm hoping that version will be more robust.


By Roger on July 15, 2008 7:34 PM | | Comments (0) | TrackBacks (0)

Forescout Announces Buyout Program for Orphaned Lockdown Customers

Last week Forescout announced a program to credit Lockdown customers for their orphaned NAC equipment when they make a Forescout CounterACT purchase.

Lockdown is a NAC vendor that announced it was ceasing operations. Forescout is an up and comer in the NAC market. Personally, I think they are the best NAC choice, and when I get some time, I'll have an entry about why I think that.

I think this is a great way for Forescout to get their name out there. At the same time though the death of Lockdown does make me even more wary about using a smaller player. Its a classic trade off. Going with the established name means they probably wont go out of business. At the same time, their feature set may not be as good and they wont have good support or response to enhancement requests. With Forescout, there is a risk they will go out of business or be bought by "XYZ Company you hate". But they will tend to be more responsive and thus have better features.

Different companies have different opinions on the best approach to take. Even if you go with an established "name" company, they may drop your product line when they purchase a smaller named company that has a better product. Its a risk that needs to be considered.

By Roger on March 31, 2008 4:49 PM | | Comments (2) | TrackBacks (0)
« Microsoft | Main Index | Archives | Offtopic »

About this Archive

This page is a archive of recent entries in the NAC category.

Microsoft is the previous category.

Offtopic is the next category.

Find recent content on the main index or look in the archives to find all content.

NAC: Monthly Archives

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can reach me at blog...@infosecblog.org
Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.1

Search