Which is the best choice of Zero Trust Network Access (ZTNA)?

NAC is critical for your business in monitoring your devices and users — both authorized and unauthorized — that might be trying to access the network. Having network access control will help you block out cybercriminals, hackers and data thieves. If that’s not enough to convince you, here are some other reasons why NAC is important: It secures user devices: Implementing a NAC solution will strengthen network security by denying network access to non-compliant user devices. With a lot of companies promoting remote work, it is more likely that employees will be logging in using unknown devices. NAC will ensure all their devices can connect securely, without compromising your network. In addition, the remediation and quarantine systems of a NAC provide a stable line of defense to keep non-compliant devices that can compromise your systems off of the network, offering extra protection. Visibility: Cyber attackers focus on user devices and endpoints as vulnerable entry points. WIth a NAC solution in place, you will be able to have a detailed view of all devices connected to your networks, and you will also be able to see the security posture of each device. Having this extra visibility gives you the upper hand in managing potential network security risks, since it provides actionable insights. Automated policy enforcement: A NAC solution is designed to automatically execute NAC policies, since they are built into your network infrastructure. The solution’s automation also reduces administrative overhead. Access controls: A NAC is a good way to embed access control and endpoint security policies into your network infrastructure, which gives you an additional level of protection. Drastically improve network performance: Another reason why NAC is important is because it can improve the performance of your network. It is not uncommon for companies that don’t have a NAC solution to add multiple SSIDs. While adding SSIDs may be a workaround, and can get the job done on a very basic level, having a NAC offers much more granularity. Using an SSID also takes up bandwidth, and every time you give out a different password for a different end-user on your network, you damage the performance. By implementing a NAC solution, you gain back bandwidth used by SSIDs. Safeguard your data and other sensitive information: Having a NAC solution can prevent unauthorized access to company-sensitive data by employees. In this way, an employee that needs to access the corporate intranet won’t get access to sensitive customer data unless their role warrants it and they have been approved for that access. Save money and time: Typically, most organizations try to tackle network security in pieces, by using a firewall and/or an antivirus solution in addition. However, the use of completely separate systems for managing access permissions can create mass disorganization and a lot of administration overhead. Implementing a NAC solution can benefit your company, saving you the money you would be spending on multiple solutions that can be accomplished by just using one, and it will save you time as well.

NAC it's particularly important for access to resources in your organization. Example: If the device is enrolled and compliant with your MDM solution, e.g. Microsoft Intune, the NAC solution should allow the device access to corporate resources. Users can be allowed or denied access when trying to access corporate Wi-Fi or VPN resources. Feature behaviors: Devices that are actively synchronizing to Intune can't move from Compliant / Noncompliant to Not Synced (or Unknown). The Unknown state is reserved for newly enrolled devices that haven't been evaluated for compliance yet. For devices that are blocked from access to resources, the blocking service should redirect all users to the management portal to determine why the device is blocked. If the users visit this page, their devices are synchronously reevaluated for compliance. NAC and Conditional Access: NAC works with Conditional Access to provide access control decisions. For all the mentioned before, NAC is very essential.

Aruba ClearPass in my experience is the most complete and useful solution on the market.

With such a big range of network access control software applications available on the market, choosing the right one can be challenging. Here are the top 2 suggestions that I would highly recommend: 1. Cisco ISE (Identity Services Engine): This solution is powerful, giving IT administrators the flexibility they need to control who, what, when, where, and how endpoints are allowed on the network. ISE uses Cisco TrustSec software-defined segmentation and other technologies to enforce security policies, including BYOD policies. In addition, ISE integrates well with other Cisco products, which makes it a natural fit for Cisco infrastructure network environments. Some of its best features and capabilities include built-in AAA services and support for multiple identity and directory services, such as Active Directory, LDAP, RADIUS, RSA, OTP, etc., centralized policy management and role-based access control, integrated BYOD, mobility, and guest lifecycle management, customizable mobile and desktop guest portals, and device profiling and endpoint posture service.There are several advantages of using Cisco ISE, including: context-based access, better network visibility, comprehensive policy enforcement, self-service device onboarding, and consistent guest experiences. You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements. And Cisco ISE has four primary licenses.Here’s the catch: Cisco ISE is best suited for companies that have invested in Cisco hardware. If your network infrastructure is made up of equipment from different vendors, you may want to consider a NAC solution that is more suitable for your environment. 2. Forescout Platform: Forescout is a highly flexible and robust product that offers agentless detection and management of network devices ranging from IT to IoT and even operational technology (OT) devices. What’s really good about the solution is that it integrates well with most network security applications, such as vulnerability assessment and SIEM tools. Forescout also places emphasis on device visibility, and can seamlessly identify a variety of device profiles. And through its security policy engine, it is able to provide network access control, segmentation, and even automatic incident response. The features I like most about this solution are that its user management is very easy, and the ability to actively identify the client without a certificate, which allows you to control every device on your network regardless of the make, model, and software running, which also allows for end-to-end security. And the actions that the agentless visibility allows you to perform on the endpoint are amazing. Moreover, it is very granular and has rock-solid stability. In contrast to Cisco ISE, Forescout platform is a better choice for companies that have network equipment from different vendors, as it can easily gather information, and control different products from the same pane of glass. It is also worth noting that Forescout is more suitable for large organizations, due to its support for the most variety of devices and compliance modules.

very good and valuable information

This is based on the user's feedback. A link for Gartner report should also be available.

As a user of Cisco ISE, I am completely not trusting this review. Cisco ISE is a buggy immature solution.