Since March 1997 when the first big IE-3 bug prompted Microsoft to set the impotent ‘Security Response Team’, and through the Melissa, Bubble-boy, Love letter and especially after the all mighty 2003 Blaster, the media was full of headlines about the ‘New and Improved Security Solutions’. These solutions were developed and introduced by the security vendors as the ‘cure of all ills’ and titled as “The Network Admission Control” – NAC for short. 

It’s now the end of 2008, and we have this Critical Update from the House of Microsoft landing on our desktop. (For further details about this alert please visit - http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx). This update like all its brothers in the past alerts us again of a similar problem as existed in 2003.

Don’t you get this ‘deja vu’ feeling of having been here and done that before? Most Security Experts who were made aware of the clear and present danger alerted us for the next ‘Zero Day Attack’. And so it was, 48 hours later the exploit had been released to infect the net. It has been over 6 (six) years of expensive NAC preparation and anxious anticipation since it has been released to cause the feared havoc.

As of today we are several weeks after ‘the event’ and there is no cry from the reporting or the professional media. There is neither sign nor report of any organization to have been, as predicted – stopped in its tracks.  Could all those Security Experts just be crying wolf or, are they simply wrong?

In spite of all the threats of danger and of havoc to have happened, fact is that it was easily predictable that nothing major like happened at 2003 will happen.

1. The operating Systems and their sensitivities are no longer what they were six years ago.
2. The components of Information Security including the Anti-Virus Systems provide advanced protection from such threats.
3. Security components such as personal firewalls are operating as default in almost every workstation and most do a good job.
4. An updates’ policy is enforced by each and every respectable network. Updates are implemented even on ‘individual’ devices which are not an integral part of a typical organization.
5. Last but not least, are the Virus and Worm ‘authors’. These folks are no longer ‘hot’ on spending their time on creating such, unless of course they are being paid for it.

Bottom line as viewed through this reality check above is that the extravagant and costly mass productions of Network Admission Control systems (NAC), are neither realistic nor necessary.  In addition, it is a fact that the idea of integration of efforts among various security vendors, infrastructure concerns and the application designers is virtually unattainable and even fictitious. Yet, even in the ‘make belief world’ where such an optimal cooperation were possible, their solution would be totally irrelevant to solving the problem at hand which is denying the foreign or unauthorized device from entering the organizational network.

So, in the light of the information above the core question remains:
How can we, in real time recognize whether the connecting device is a legitimate organizational IP device or, a foreign (or) unauthorized device?  

It is a proven fact that the installation and integration of portnox™ in the organizational network provides the organization with an immediate, seamless and complete answer to the question of whether it is a legitimate organizational IP device or, a foreign (or) unauthorized device.

All other subsequent questions are secondary, tertiary or, even unnecessary.To get more information, have your questions answered and your doubts eliminated contact one of our partners.