Network Access Management

5 Reasons to Move your NAC to the Cloud

By | Network Access Management | No Comments

Have you ever thought about migrating your network access control (NAC) to the Cloud? Are you apprehensive about taking this step? Traditional NAC solutions were built to address a premise-based infrastructure. A new next generation NAC approach is required to protect companies in today’s BYOD, cloud-based, IoT world.

Enterprises will need to change their security procedures and postures to function in cloud-based IT environments. Classic, on-premise infrastructure-based NAC is ineffective against modern applications and these days security threats that are not part of the IT infrastructure such as, mobile phones and cloud-based applications. Today’s enterprise users are not constrained by enterprise network perimeters as they regularly use mobile devices and cloud-based applications. They often sign up for cloud services for HR or marketing departments, for example, without even notifying IT that they are doing this.

The following five prevalent trends in the enterprise marketplace highlight why a cloud-based next generation NAC is essential to any organization.

    1. Disruption – The Corporate Network Goes GlobalEnterprises have been going through a process of de-perimeterization. Traditional perimeters have been torn down by employees’ adoption of BYOD, telecommuting and cloud computing. You can no longer look at the network as a defined infrastructure within a physical firewall. The network is a global network without boundaries. Most workers nowadays are road warriors who spend 50% or less of their time in an office. Companies need to distribute materials, goods, and services to these employees in their offices and on the road all over the world.According to a poll conducted by Gallop News Service in 2015, thirty-seven percent of U.S. workers have telecommuted for work. This is up slightly by 30% from the last decade but four times greater than the 9% found in 1995. The average worker telecommutes two days per month and is just as productive as other employees who work in the office.
      “Borderless” companies need the kind of continuous risk assessment and mitigation that is only possible through the Cloud. There is no reversing these trends.
    2. Flexibility – Supporting Any Type of Business Size InfrastructureCompanies are constantly undergoing changes: reorganizations, M&As, opening branches globally, etc. Only the cloud can deliver the flexibility to support operations for the distributed enterprise. Traditional NAC is too rigid and inflexible and only works in small rigid corporate environments. In larger environments, like a university with its multiple departments, NAC deployment becomes impractical.

Demo CLEAR today!


  • Speed – Rapid Service Delivery Required


Enterprises of all sizes need rapid deployment of security measures, rapid adoption of NAC policies and procedures, and immediate expansion around the world. One of the key strengths of application delivery in the cloud is its ability to rapidly deploy and implement services on demand. A NAC implementation on the cloud can adjust and adapt along with developing policies and requirements of the organization.

  • Agility, Scalability and Affordability – Enabling Business Growth


Enterprises need agility not only in their software programming but in all facets of their businesses. Scalability is important to support rapid growth. As we continue to recover from recent economic crises, affordability is more important than ever. Cloud computing excels at helping companies become more agile and scalable. It enables companies to pay only for the services that they use, when and where they use them. This “pay-as-you-go” model is much more affordable to businesses than standard software and hardware licenses.

Cloud-based NAC is ideal for organizations with limited resources and limited in-house experts who need to provide convenient and secure network access for personal mobile devices. Cloud-based next generation NAC can be provided without having to worry about the time, costs, or resources associated with installing and maintaining hardware and software and keeping everything up to date.

Demo CLEAR today!


  • Machine Learning – Making the Most of NAC


Machine learning takes NAC knowledge and experience from other organizations and applies that learning to your organization. This sharing of compliance and other valuable data and experience can be accomplished most efficiently and affordably in the cloud. Companies no longer have to reinvent the wheel themselves. Machine learning services make many advanced services much more accessible to SMBs at an affordable price.

Next Generation Cloud NAC

This blog was written by Portnox. Portnox is the manufacturer of Next Generation Network Access Control (NG-NAC), that can assist you in protecting your network in general and your IoT devices specifically.

Today, NAC solutions must go well beyond just permitting access to devices and individuals. Portnox CLEAR cloud NAC solution is able to provide both full control of access permissions to the network and full visibility of activities within the network and who conducts them. Furthermore, cloud NAC separates BOYD and mobile devices from the core servers of the company, ensuring network security in the world of IoT. It does so by enabling continuous risk assessment of all components of the network, no matter where they are located.

Today’s enterprises are clearly going through a period of de-perimeterization and they will suffer great losses if they are not prepared for this. With next generation NAC in the cloud from Portnox, network administrators in SMBs can be sure they are provided with all the levels of network security they require.

NAC solutions for business can now offer simplified 802.1X industry standard security without all the complications. The goal is to keep NAC simple.

By | Network Access Management | No Comments

Network Access Control adoption is making a comeback and one of the causes for the is the rapid adoption of IoT (Internet of Things). Past waves of NAC adoption included the increase in guest, contractor and BYOD access requirements, resulting in the understanding that the network is no longer composed of securely managed devices and that the traditional perimeter of a business has been replaced with a virtual one.

Network Access Control  is quickly becoming a must-have technology for organizations of all sizes. NAC isn’t used just as an authentication mechanism for endpoints and users, but as a method to gain visibility of all connected network components and where they connect. Whether viewing the wired or the wireless network, it is the only available prevention technology that can handle the many risks associated with bringing IoT (Internet of Things) devices onto the network.

There are currently two prevalent NAC standards, the first is based on using the 802.1X protocol and the other option, a commercially available SNMP-based Next-Generation NAC solution . They are both great standards of service that can be implemented with simplicity, but first, let’s clear up some of the confusion between the two different methods, point out the challenges with implementing 802.1X and help you decide which solution is the best fit for your business.

Challenges with the Implementation of IEEE 802.1X Solutions

In September 2003 the 802.1X usage guidelines were introduced by IEEE in RFC 3580 and were later transformed to become the leading standard for authenticating endpoints on a network. These guidelines are also in use to define the required components for an 802.1X implementation, which includes not only the network switch but also a supplicant on the endpoint, authentication server or radius server at least. Thus, making the standard rely on a lot of moving parts.

  1. MAC Address Managers

For most of the NAC solutions that are 802.1X-based to work well, you need a supplicant on the endpoint and an agent to implement the client side of the protocol. Unfortunately, most vendors of digital equipment do not embed such software in their offering. You will find multiple endpoints on your network that are non-managed devices, such as IoT devices, including time attendance controllers, IP security cameras, temperature controllers, or IP phones that do not support 802.1X at all. In fact, it is estimated that in many organizations more than 50% of endpoints are IoT devices.

The solution, for connecting these devices is one of two: either to exclude that specific port on the switch level, or authorize that device by its MAC address. However, oftentimes managing MAC addresses is cumbersome and not secure. They are easily forged and are available at the bottom of each physical port – effectively making your network password public and available to all.

  1. BYOD Trend

The ‘Bring Your Own Device’ (BYOD) trend is making the life of network and security admins a nightmare. How can you control or secure a device that is not under your control? The easiest solution is to create a clear separation between your managed devices and unmanaged BYOD. With on-prem 802.1X NAC solutions this is typically problematic as users can connect devices to the network by using their username and password. So if you do not roll out certificates to all of your managed devices, you cannot use 802.1X NAC solutions without the risk that your network will become an IT jungle.

  1. Health State – Risk Score

In order to comply with both regulations and security best practices, you should have security posture assessments carried out on the device and allow access to the network, not only with a “password” but based on the posture assessment as well. For that you need to implement a commercial product, usually implement another agent on each device and integrate all of these together.

  1. Level of Expertise

For on-premises 802.1X implementation, the level of expertise required from a network engineer is very high. They would be required to know about RADIUS, 802.1X, EAP, different switch configurations, endpoint configurations (Windows / MAC OSX) and be able to point out where the root of an issue is when a problem arises. This includes any endpoint, network equipment, configuration or hardware issue. The number one problem in IT in general, and in security specifically, is the shortage of skilled professionals. Without a skilled professional, an 802.1X implementation would fail and the maintenance would be a nightmare, unless you are using a simplified 802.1X solution (see below).

On-prem 802.1X NAC solutions include a lot of other issues that must be taken care of, such as connecting two devices behind the same port, bypassing 802.1X with a hub, high availability and how to implement “monitor mode” in existing networks. All of these items and more need to be taken into consideration when implementing on-prem 802.1X NAC. But using this industry standard protocol does not have to be so complicated any more. Simplified solutions are now available.

Read the details on some of the issues that come up when implementing 802.1X standard and how the whole process can be simplified in the following whitepaper.

Other Approaches:

Next-Gen SNMP-based NAC and SaaS (Cloud-Delivered) NAC

There are two routes to solve or rather to simplify the 802.1X NAC issues.  The first is to go for a cloud-delivered 802.1X NAC solution that can simplify the entire deployment into a few minutes of work. The second option is to use next-gen SNMP-based NAC solution that is agentless, centralized and vendor agnostic. SNMP-based solutions operate differently yet achieve the same desired results.

Cloud-Delivered 802.1X Security

With a cloud-delivered 802.1X NAC solution you can solve many of the hurdles mentioned above. There is no need for expertise since all the heavy lifting is already done for you; no need to take care of high availability and no need to worry about the many moving parts. Additionally, this solution supports flexible on-boarding options, so that you can delegate access management and still have workflow-based authorization for devices, thereby making the management of non-802.1X devices possible.

On-Premises Next-Gen SNMP-based NAC

Next-Gen SNMP-based NAC technology is a flexible approach to NAC which takes into account three types of system users – the network team, security team and the systems team. Each one of these groups will benefit from different values that are offered.

Important Features to Look for in On-Premises Next-Gen SNMP-based NAC

  1. Agentless capabilities – the ability to identify and authenticate both managed and unmanaged BYOD and IoT devices.
  2. Flexible enforcement – from monitoring and limiting access all the way down to blocking devices.
  3. Centralized control – maintain a central view of the whole network on a single pane of glass.
  4. Vendor agnostic – your NAC solution must be able to work with any pre-installed equipment you have to keep deployment and management simple and within budget.

These characteristics will make deployment simple, meaning that high levels of technical expertise are not required to be able to use the solution.

Click here for a demo of the Portnox CORE solution [On-Premises Next-Gen SNMP-based NAC]

Click here for a demo of the Portnox CLEAR solution [Cloud-Delivered 802.1X NAC]

Download: Avoid The 802.1X Sting Whitepaper Now

*This post is an updated version of a post previously posted. Some changes were made to clarify a number of points raised.

Is this NAC solution suitable for your business?

By | Network Access Management | No Comments

While NAC is most effective when it follows a defined, proprietary security policy that is specific to a particular company, there are some more general considerations that apply to any type of enterprise. These are discussed below.

There are two main challenges when choosing the right NAC for your company. The first stems from the fact that corporate networks today are crammed with so many deployed devices (including IoT devices, but not only) that it can be a major challenge to see all of the devices and to not miss out on any suspect behavior or telltale signs of a potential breach.

The other key challenge is the ability, once a potential threat is detected, to deal with it effectively.

    1. Comprehensive authentication and authorizationAt least 13.9% of workers (4.2 million) in the UK were working from home in 2015, as revealed in the Work from home week. It is estimated that 3.9 million people will telecommute in the USA in 2016. The work from home trend is so prominent that 75% of the jobs in the hiring website are with Fortune 500 companies. These numbers illustrate the real challenge of the BYOD era, in which companies need a network admission control solution that is able to secure access and monitor the activities of many users and devices from multiple locations and for various roles.
      Comprehensive authentication and authorization functionality to detect users on the company network is critical. You’ll need a solution that can see all of the devices on your network and can deal with the endpoint rapidly once a potential threat is detected, in order to minimize the damage. This includes verifying log-on information, restricting data access for each particular user and implementing security applications such as firewalls, antivirus software, and spyware-detection. It is also essential that your NAC solution monitor, regulate and restrict network subscribers once they are connected to the network activities according to company policy.
      Other considerations such as, network compatibility and device deployment are secondary.Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 


  • The 802.1X standard – yes or no?Largely speaking, there are two main categories for Network Access Control solutions:
    – Based heavily on the 802.1x standard for wired switches and wireless networks
    – Those that do not rely on 802.1x but rather perform switch and wireless integration or port mirroringDeciding on the type of authentication mechanism would work best for your company is really important.We believe that 802.1x is problematic because it is very difficult to implement and maintain in the long run. Both network equipment and the endpoints themselves are required to support this protocol and in many cases this is not feasible for a given network. The 802.1X standard also lacks the visibility required for monitoring activity after the device has been allowed onto the network.Your network admission control solution also needs to be adaptable to your company’s cloud computing, VPNs, and BYOD environments. Enterprises considering a NAC solution must look at integration from the standpoint of their end user base.
  • Compatibility and integration


Can the NAC solution under consideration be easily integrated with your current network topology? Some NAC solutions are placed between access and core switches so that they can enforce policies. Since many data centers often use a mix of switches, this scenario requires any Network Admission Control solution to be compatible with your existing network infrastructure.

As your network requires BYOD access for your user base, your NAC solution needs to either automate or greatly simplify the device enrollment in conjunction with an enterprise mobile device management (MDM) system.
The speed of authorized data throughput will have a major impact on your bottom line and your corporate users’ level of satisfaction.

  • What about compliance?


Does your company fall under regulatory or industrial compliance requirements, such as PCI DSS (for credit cards), HIPAA (for patient health records), and Sarbanes-Oxley (for business and financial data)? If so, then the NAC that you select must meet these requirements and be capable of streamlining the compliance auditing process. You’ll thank yourself when auditing time rolls around.

  • Don’t skip over support
    Support plans should not be overlooked. Consider this: Is support available in your geographic region? How frequently will you need to upgrade the product and when do the free upgrades run out? How much of your own internal support management will be required?


New generation NAC from Portnox, we have it all

At Portnox we have considered all these aspects when developing our NAC solutions. Our software only NAC can be integrated with other security solutions and which traverses all networking layers – Ethernet, wireless, virtual, VPN and even the cloud to illuminate, visualize, analyze and control all connected users and devices. With Portnox you get full visibility of your corporate network to cover both your access control needs and monitoring requirement, so that quick action can be taken when a breach occurs.

Click here to see a demo of how Portnox covers all of these critical issues for its customers.

The New Normal: Today’s Anytime, Anywhere, Means Companies Need a Different Kind of NAC Solution

By | Network Access Management | No Comments

Data security – it’s been in the news all summer, mixed up with the upcoming U.S. presidential elections. High profile stories included the infiltration of Hilary Clinton’s campaign, as well as a cyber attack on the computer systems of Donald Trump and Republican Party organizations.

And while politically motivated hacks may receive the most attention, data breaches have become the status quo across sectors and industries, with hackers continuing to find ways to infiltrate networks and steal confidential information.

Enter Next-Gen NAC (Network Access Control, also called Network Admission Control) – designed to meet today’s security needs.

A Look at Some of This Year’s Top Hacks

This article on Forbes illustrates the scope of the problem with its list of notable hacks in 2015 that includes companies like Experian and T-Mobile, the infiltration of the U.S. Office of Personnel Management (OPM), and the breach of dating site Ashley Madison. Health insurer Anthem is the largest incident on their list – with a whopping 80 million patient and employee records that were compromised.

Part of the reason for the magnitude of these breaches is that network boundaries today are ever more porous, extended by mobile apps and cloud environments. As described in one of our earlier posts, BYOD (Bring Your Own Device), together with the rapid growth of IoT (the Internet of Things), has led to real changes in the nature of network security, with a renewed focus on visibility and control from the inside-out vs. traditional outside-in focus.

Download: The 802.1x Sting Whitepaper Now!

Because any device connected to your network can function, potentially, as a gateway into your infrastructure, the need for comprehensive, real-time visibility and control is increasingly important.

A sign of the times is the growing adoption of cyber security insurance. A Wells Fargo report from September 2015 states that, “Most companies purchase cyber security and data privacy insurance to protect against financial loss.” According to the report, nearly half of companies with this insurance have had to file a claim.

And the high rate of claim filers comes as no surprise – especially as, according to the 2016 Verizon Data Breach Investigations Report, “There’s a 77% gap between time to compromise and time to discovery. While attackers accomplish their goals in days, detection is slower.”

The Growing Need for NAC

NAC certainly is not new. Infrastructure vendor solutions, 802.1x and other pure-play solutions have been available for years. NAC enables you to check whether a device meets a configuration check before it is allowed on the network, or helps you restrict access rights when a machine violates policies after it is admitted.

But today’s NACs must go much further, providing real-time device awareness and automated controls for all devices across all access layers.

Given the increasing complexity of IT challenges, you need to be able to see all users, devices, and applications attempting to access or operate on your network, including:

  • Employees and visitors
  • Remote and local
  • Wired and wireless
  • Virtual and embedded
  • PC and mobile
  • Corporate and personal
  • Authorized and unsanctioned


But – Why Should Your NAC Stop There?

If a NAC solution is so “aware” of your network and connected devices, shouldn’t it be capable of providing operational values beyond traditional NAC?

The answer is a resounding yes. Next-Gen NAC solutions are evolving to bring more to your enterprise than the traditional NAC feature set.

When considering a NAC solution, don’t ignore operational values and benefits the solution can provide – features and capabilities that can help you respond to events and resolve device issues, connectivity issues, VoIP issues, and application issues.

Explore the degree to which a NAC solution can help make your daily network and security operations more effective, efficient, and responsive.

Providing Comprehensive, Real-Time Visibility and Access Control

Next-Gen NAC has become a game changer in the world of information security, allowing you to answer a host of daily, operational questions that arise such as:

  • Which devices in my environment are running application X, which has known security issues?
  • Do I have any devices without the latest hotfix or critical hotfix applied?
  • What actual port is VoIP extension x5012 connected to?
  • Which ports and access points is user John Smith currently connected to?
  • Do I have any XP systems in my environment?
  • Does the environment detect and react to rogue access points?
  • Can the environment detect and react to unauthorized hubs?
  • Can I obtain a detailed port history and device history?Can I obtain a detailed port history and device history


With a Next-Gen NAC solution like Portnox that is truly aware of your network and devices, you can have the answer to these types of questions at your fingertips at any time. Portnox audits your network and gives you real-time information – assuring full visibility and easy-to-manage compliant access controls of devices reaching out to the network.

Bottom line: It’s time to expect more from your NAC!

Download: The 802.1x Sting Whitepaper Now!one of our earlier posts

How to Set up a Successful NAC Project

By | Network Access Management | No Comments

If you can’t beat them, join them. At least when it comes to employees bringing their own device onto the network or IoT (Internet Of Things) devices on the network. In this piece we detail six typical generic steps network administrators can take to ensure a fast and effective installation of their NAC (Network Admission Control or Network Access Control) project. However, the order of these steps will depend on the individual project, so remember to adjust your process accordingly.

    1. Server installation and initial configuration with switching and networking infrastructureImplementing a Network Admission Control project involves the initial installation and configuration of the server. This is usually installed in two tiers with a separate database layer. Before installing the server, you should double check that the hardware and network requirements are met. The entire networking infrastructure that the NAC system monitors will then be defined and configured. This is based on the characteristics of the network topology and architecture and the type and spread of the devices and endpoints. In many cases the customer network will have several different geographical sites which requires additional planning and administration delegation capabilities which can be achieve by  by categorizing into different groups (though this excludes backbone switches and servers).

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 


  • Defining basic profiling and authentication rules


Here, the profiling and authentication rules for all the devices monitored by the NAC server are defined. This step typically starts with the largest population of devices in the NAC project and works its way down the list:

      • Desktops and laptops are inspected for a domain membership of the appropriate VLAN association
      • Printers and VoIP devices are defined using SNMP or TCP/IP fingerprint for each type of device. VoIP devices have an additional verification with the IP/PBX
      • Resident Definition: Devices that do not fall into any of the above categories are remembered by the NAC according to their location and identity
      • IoT ( Internet Of Things) devices and endpoints: Create a unique fingerprint for those devices and when possible, use a third party source to validate the device identity such as management server or database.
      • Try to avoid MAC address based authentication wherever possible, this is the weakest potential authentication  profile

This is a crucial part of the implementation – plan ahead and make sure you recognize all devices you configure authentication rules for, so that you will not have unsecured devices on your network right from the beginning.


  • Defining inspection and compliance policies


This step involves defining a compliance inspection policy (posture assessment) for all devices that connect to the network, which follows these guidelines to determine the appropriate action for each device. For instance, Windows client devices that are verified with domain membership are inspected for various compliance aspects such as verification that both Symantec Antivirus SEP11 and Checkpoint PointSec are installed and running. This process can be adapted to suit MacOS, Linux and other platforms.


  • Testing and fine tuning of rules and policies


After defining policies, it is important to check whether they are valid for the majority of clients on the network. On an ever changing network, especially when BYOD and IoT are becoming a crucial part – being able to monitor the network and adjust policy quickly is crucial. Testing the environment also enables network administrators to handle exceptions and fine tune the rules to accommodate every type of device in their workplace. By enabling more switches, the NAC server will discover additional devices, such as desktops, that are not associated with any specific domain or that do not adhere to standard NAC policies. The security officer  will have to  redefine NAC policies so that any specific device’s MAC address is tied to a specific port or location and they are allowed access to the network.


  • Defining alerts and reports


Report and alerting features are a critical part of a successful NAC project. These facilitate early problem detection and faster turnaround for an increased uptime. Alerts and reporting settings are defined so organizations can reduce false-positives. The NAC server delivers alerts and reports in different formats including SMS, email, SOC integration and SNMP traps based on customer infrastructure settings and preferences.
A successful NAC project will consist of well defined alerting configuration to allow a quick detection of a security incident while avoiding overflowing the administrators.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 


  • Graduating to ‘enforcement’ mode


Graduating the deployment to an enforcement mode is a big step in the NAC installation process. This is where the system automatically makes decisions to block or quarantine new devices or users or apply actions on existing devices users based on the chosen policies. Graduating to this enforcement mode is normally done when all the previous steps have been reviewed and verified. The most extreme policy this enforcement mode possesses is for the server to lock down a port in response to any breach attempt: at even the slightest whisper of a threat, the port will shut down immediately. A more typical configuration would be to switch devices to a different VLAN based on their characteristics and allow automatic or manual remediation.

While there are a number of alternatives available, we particularly love Portnox Network Access Control (Network Admission Control), which  is unlike other NAC products in that it doesn’t come with heavy-handed controls. It is agentless, software only, flexible and easy to use and especially suitable for an heterogeneous network with IOT (Internet Of Things) devices. It traverses across all layers, including physical, virtual and the Cloud, to provide a secure and reliable virtual representation of the network for organizations of all sizes. Portnox NAC project is easy to deploy on both corporate and operational networks.

Contact us to learn more about how Portnox NAC can help your organization secure its network.

Can Your NAC Solution Protect Operational Healthcare Technology?

By | Network Access Management | No Comments

Despite increased awareness of the need to secure electronic health records, cybercriminals are still finding a way to access sensitive patient records.

Look no further than a breach of several U.S. healthcare institutions in May, when hackers stole at least 600,000 patient records and then tried to sell more than three terabytes worth of that confidential patient data on the Dark Web.

The security firm InfoArmor discovered the breach, and told the National Healthcare and Public Health Information Sharing and Analysis Center that these kind of cyberattacks aren’t limited to hospitals. Private clinics and the vendors and suppliers of medical equipment are also at risk because they share the same digital information with hospitals and healthcare organizations. In other words, the entire healthcare industry needs to be wary of cybercrime and to take precautions.

Healthcare Needs to Better Control Devices

A hacker needs to access only one system to gain access to personally identifiable information (PII) and other medical data. Because just about every system in healthcare connects to another system and a host of devices are accessing all of those systems, healthcare data is available to many parties. Add to that long list of exposure smartphones and tablets of patients and doctors who access WiFi networks at hospitals and it’s no wonder why healthcare data is not sufficiently protected.

Download: The 802.1x Sting Whitepaper Now!

And it’s not just computers and smartphones that put data at risk. Connected medical devices were involved in the attacks that InfoArmor discovered. Attackers were able to gain access to devices and then “backdoor” them. They extracted data from network segments that have connections with compromised medical devices and other networks where health care institutions stored the received patient data and other PII. In some of the healthcare facilities that were hacked, patient data was stored in Microsoft Access desktop databases, without any special user access segregation in place.

In January 2016, the U.S. Food and Drug Administration released cybersecurity recommendations for medical device manufacturers. The recommendations include the call for manufacturers to implement a structured and systemic cybersecurity risk management program and to respond in a timely fashion to identified vulnerabilities. It’s good advice, and should be followed by the entire healthcare industry.

Solid NAC Shines a Bright Light on Devices

Hospitals, doctor offices and clinics need a centrally-located solution that provides real-time network visibility and easy management of the wide variety of corporate-issued, personal and medical devices that access their networks. They can’t afford to have unknown devices gaining access to PII.

With devices constantly changing, it’s difficult for a traditional 802.1X-based NAC solution to make heads or tails of the complex network environment. Health care providers need a single solution that can provide 100% accurate visibility of their networks.

Portnox’s Network Access Control solution shines a light on each and every device that knocks on the network door. Going a step further, Portnox NAC has a unique device signature and fingerprint capability that lets healthcare organizations easily on-board, authenticate and validate  networked medical devices. It scans and creates unique actionable signatures for even the most scan-sensitive medical devices. It assures full visibility and easy-to-manage compliant access controls of the many corporate-issued and personal devices reaching out to the network.  Healthcare Organizations such as Southwestern Vermont Health Care are already enjoying the protection that Portnox NAC offers.

If doctors disabled the wireless capabilities of the pacemaker of former U.S. Vice President Dick Cheney to prevent possible assassination attempts, then it’s clear that any and all devices can pose a threat to health care organizations. A NAC solution such as Portnox can let hospitals and clinics focus on healthcare by helping them easily manage and control network access in a complex network environment that won’t change anytime soon.

Top network management tools: How many of them are you using?

By | Network Access Management | No Comments

A network administrator can only be as strong as her toolbox. Every day, an admin faces a myriad of network problems, big and small. To efficiently solve a problem, an admin needs a “toolbox” of network management tools, programs and solutions that can time and time again handle troubleshooting, monitoring, passwords glitches, IP allocations and any situation that can slow employee progress.

We’d like to share a list of the go-to tools for network admins that get us out of jams. If you’re not already using any of these offerings, maybe you’ll consider adding them to your toolbox.

    1. Network Monitoring
      It may be hard to believe, but there’s a high-grade networking solution that monitors up to 20 servers and devices for free. Paessler’s PRTG network monitor is free for up to 100 sensors. It keeps track of LANs, WANs, servers, websites, URLs and more. We found PRTG to be a comprehensive network admin tool, and with the free version, you can use all the features, remote probes and updates available on the paid version.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 


  • Terminal Emulation
    Looking for an efficient, secure remote access tool? SecureCRT for Windows, Mac and Linux provides “rock-solid” terminal emulation. It’s known for its advanced session management capabilities and how it secures business applications running on UNIX, Linux and VMS. Everyone in your organization will have secure remote access and can transfer files between network devices. Network administrators can also automate repetitive tasks and save precious time by running scripts.



  • Remote Access
    Airconsole Enterprise Server is an inexpensive but effective console server. Simultaneously run multiple web terminals from a single browser and cut and paste between them. Your browser will do; no downloads are necessary. It can also aggregate both roaming field engineers who are connecting to field devices from their iPads and iPhones and fixed Airconsole and Airconsole TS serial-over-IP adaptors into a single web dashboard.



  • Packet Analysis
    When Wireshark isn’t enough, Steel Center Packet Analyzer offers an expansive graphical display that will let you quickly sort through terabytes of packet data to identify the source of network anomalies and application performance issues. If you integrate this “personal edition” with Riverbed AirPcap adapters, you can analyze and troubleshoot 802.11 wireless networks.
  • Syslog for Troubleshooting
    Kiwi receives, logs, displays, alerts on, and forwards syslog, SNMP trap, and Windows event log messages from routers, switches, firewalls, Linux and UNIX hosts, and Windows machines. If that’s a mouthful, consider that it deploys quickly, monitors real-time logs, troubleshoots, responds to messages and complies with regulations.
  • Text Editing
    A network admin should know Vim, the modal text editor based on the older model vi editor. Vim is the text editor that will be used on most any *nix system. Keep in mind that Vim comes without tutorials; you have to learn this tool on your own. But it will make text editing efficient, and it can be configured to work like a notepad.
  • Creating Configurations
    There’s a way to quickly and accurately configure many similar devices: create a template and then use a Word feature called Mail Merge to create the actual configurations. Mail Merge can be linked to an Excel spreadsheet to pull in data. Excel is a great tool for network configuration once you get formulas down. For more insight, check out this detailed guide.


Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 


  • WiFi Analyzer
    All you need is an Android device to download this free app. It shows all WiFi networks within range of your device, and will help you find the one with the least amount of traffic and strongest signal.
  • Network Access Control


Just as the eight tools above are Network Admin tools that you can’t work without, the same holds true for a tool we know well: Portnox CLEAR. Network administration is a lot easier with CLEAR: You’ll be alerted of the dangers that wired, wireless or VPN endpoints pose before they join and while they are on your network. CLEAR easily adds or removes devices, and it constantly changes risk profiles so that access is accommodating to employees but also imposing to those who don’t belong. Schedule a demo to find out how Portnox CLEAR can be your favorite network admin tool.

Choosing The right NAC Solution – How to lasso your devices

By | Network Access Management | No Comments

It’s no fun herding cats. They are difficult to control, and it’s nearly impossible to tell one cat from another when they’re scattered all over the place.

Network administrators undoubtedly can relate. Controlling their company’s network access essentially amounts to “herding” numerous independent devices that are sometimes unpredictable (they’re not all safe) and hard to distinguish.

Many administrators have all but thrown their hands in the air. They’ve tried a network access control (NAC) solution — maybe several of them — and found it difficult to deploy or maintain. Or their current solution is in dire need of updating but they’re unsure if a new offering is worth trying.

NAC solutions have been around seemingly forever — actually for more than a decade — but they are still relevant. The increase in Bring Your Own Devices (BYOD) in the workplace, Internet of Things (IOT) applications, and machine-to-machine networks means there’s more of a need than ever for an effective access control solution. Businesses recognize they can no longer rely on IT administrators who wear too many hats as they frantically attempt to balance productivity – approving authorized and safe devices – with security.

The NAC market is expected to grow by 30.2% yearly over the next six years, according to Grand View Research. A rising demand – a growing clamor, so to speak – for manageable and insightful endpoint intelligence is prompting businesses to seek innovative NAC solutions. Shouldn’t your enterprise be one of the many businesses that invests in a NAC solution that can herd all devices? If you’re debating the value of a new NAC solution, here are three basic reasons why your business should consider investing in an effective one.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

    1. You’ll Be in ControlAs the children’s author Dr. Seuss once said, “Only you can control your future.” If you can’t control the devices on your network, you won’t be able to control your network. An uncontrollable network leads to uncontrollable business losses.A NAC solution that lets you control all of your networks – wired, wireless, VPN, cloud and virtual – and fine-tune access is the type of solution that truly provides control. Your network pro will also thank you for lowering his stress level.


  • You’ll See Everything trying to access your network


We’ve cited this Riverbed survey before but it’s more relevant than ever: 150 network engineers said they were suffering from not having full device and application visibility. And no organization likes to lose money, especially a taxpayer-funded one, but it was alarming to see in that same survey that poor network and app visibility at U.S. federal agencies cost $1 million per hour in lost productivity.

Full network visibility increases productivity. IT teamss can’t keep up with the many devices trying to access their company networks. And it’s not just the devices they know; the larger problem is trying to determine whether they should grant access to the devices of guests or the ones that look legitimate but really aren’t. Any device that connects to a network can find its way to the data, to your crown jewels… And this is what keeps your IT pro stressed – all of the time.

  • You’ll Find it Easy to Use


A NAC solution doesn’t have to be difficult to deploy or manage. Complicated solutions only take away valuable time that should be spent controlling your network. NAC solutions, such as the ones offered by Portnox, are simple to use. Such solutions give administrators the ability to add or remove device access without having to jump through hurdles; and access is bending, accommodating always-changing risk profiles. It’s easy to control control.

TOP 5 MOST COMMON Network Access Control PITFALLS

By | Network Access Management | No Comments

According to, IT executives (not IT professionals) often have misgivings about traditional security platforms such as firewalls and Intrusion Detection and Prevention Systems IDS\IPS. It argues, “That false sense of security can have IT executives not only disconnected with the reality of their security situations, but having a blind spot from what threats are really going on.”

This highlights the importance of network visibility in building any kind of reliable security apparatus. In the world of network security and management, visibility into events as and when they occur allows networking teams to react in real-time and take appropriate action. This can include alerting about or blocking a rogue device, monitoring user or device activity, creating audit and trail reports, trend spotting, forecasting or scanning for threats.

Network Access Control (NAC) is not a new concept. It’s been around for over a decade. It should enable organizations to answer:  “Who is currently accessing my network?” and “Should they be there?” The problem is that many NAC solutions have been too difficult to deploy and both time and resource-consuming. This is why we’ve put together “Top 5 Most Common NAC Pitfalls ” whitepaper which outlines common challenges associated with conventional

NAC deployment available today.

Download Now

In short, they are:

Appliances Everywhere:

    NAC implementations have a tendancy to become overly complex as networks expand and how to mitigate this risk with smart deployments.

Use Agents With Caution:

    Best practices to ensure network visibility remains at an optimum while working with agents, NTLM-based agents and “agentless” deployments.

Be Cautious of 802.1X:

     Looks at 802.1X and discusses its efficacy as a network visibility and endpoint management solution.

The other Kind of MAC:

    Security considerations around basing the security on MAC addresses and how to better manage them.

What You’re Still Not Seeing:

    The importance of end-to-end visibility in complex, multi-layered environments.

The above-mentioned are only a few considerations around the complex issue of network access control in an “always-on” culture.

Download the whitepaper now for the complete picture.Be Cautious of 802.1X:

birds eye view of NAC

Network Access Control: A Bird’s Eye View (Part 1)

By | Network Access Management | No Comments

In the next few blog posts, I’ll outline what Network Access Control (NAC) is and why it is a central element to keeping enterprise environments protected. This post is suitable not only for beginners to the world of network security management, but is also relevant to those more knowledgeable on the topic. We’ll be giving tips, links, and point out some tools out there that can help you get orientated around the subject of network access management. Read More