Network Access Control (NAC) is an approach to computer security attempting to unify endpoint security technology, user or system authentication and network security enforcement.

It uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process into the network systems, allowing the network infrastructure (such as routers, switches and firewalls) to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.

Forget your past experience of Network Access Control (NAC) solutions that were complex and required a series of binding actions: installation of 802.1X software on your endpoints, changes and/or upgrades to your switch infrastructure, etc.

In such a constraining context, IT managers can be reluctant to purchase or change their NAC solution, even when it appears as an urgent necessity for the company to protect network resources and sensitive data against malicious attacks coming from hackers.

At Nellsoft, we are aware of this situation and we are committed to offer high-performance, yet pragmatic and non-binding IT solutions. With Forescout CounterACT, our clients benefit from an easy-to-deploy NAC solution providing fast and reliable results.

• Mitigation of non-zero-day attacks: this is the main benefit of NAC solutions. It prevents end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
• Policy enforcement: NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network and enforce them in switches, routers, and network middleboxes.
• Identity and access management: where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.