Cisco Cisco Identity Services Engine 1.3 백서
White Paper:
Cisco Systems and the Migration from NAC to EVAS
4
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Table 1. NAC Timeline
Timeframe
Primary Driver
Functionality
Limitations
2003-2004
Internet worms
Basic device (PC)
inspection
Complex technology and a lack of standards.
2005-2006
Guest access,
wireless access
Basic device (PC)
inspection, 802.1X
authentication
Complex technology, high cost, confusing
market landscape, and competing standards
that confused the market.
2007-2008
Device (PC)
authentication
802.1X
authentication for
wired and wireless
access networks
Complex technology, multiple 802.1X
supplicants, and scalability.
2008-2010
Device (PC)
authentication,
guest access,
wireless access
(802.11N)
802.1X
authentication,
common
wired/wireless
policy
management
Global recession impacts funding for NAC
deployment. Some startups failed or were
acquired, causing market confusion. NAC is
ineffective at preventing/detecting APTs,
diminishing its usefulness.
Source: Enterprise Strategy Group, 2014.
2010 and Beyond
: NAC Transforms into EVAS
NAC technology experienced a renaissance of sorts after 2010, driven by advances in Wi-Fi networking, a decrease
in laptop pricing, and the onset of a plethora of alternative devices (i.e., Macintosh PCs, smartphones, tablets, etc.).
Organizations needed control over corporate-owned and personally owned devices, and the ability to enforce
security policies for mobile and cloud-based access as well as critical corporate or compliance-driven application
use. At the same time, new threats like APTs and targeted attacks were regularly circumventing traditional security
defenses, driving the need for greater visibility into who and what was on the network at any given time. Finally, IT
auditors required more detail about endpoint configuration and status to support evolving governance and
compliance needs.
in laptop pricing, and the onset of a plethora of alternative devices (i.e., Macintosh PCs, smartphones, tablets, etc.).
Organizations needed control over corporate-owned and personally owned devices, and the ability to enforce
security policies for mobile and cloud-based access as well as critical corporate or compliance-driven application
use. At the same time, new threats like APTs and targeted attacks were regularly circumventing traditional security
defenses, driving the need for greater visibility into who and what was on the network at any given time. Finally, IT
auditors required more detail about endpoint configuration and status to support evolving governance and
compliance needs.
As these changes occurred, NAC came to occupy a valuable piece of real estate on more extended and open
networks. NAC was in the right position to inspect devices, monitor activities, and enforce endpoint compliance
policies in a growing number of GRC and business use cases such as granular access policy enforcement for specific
users, mobile computing devices, IoT sensors/actuators, etc.
networks. NAC was in the right position to inspect devices, monitor activities, and enforce endpoint compliance
policies in a growing number of GRC and business use cases such as granular access policy enforcement for specific
users, mobile computing devices, IoT sensors/actuators, etc.
Given these changes, NAC has evolved beyond its original limited use case into a new segment called endpoint
visibility, access, and security (EVAS). EVAS is defined as:
visibility, access, and security (EVAS). EVAS is defined as:
Network security technologies that provide policy-based intelligence, enforcement, risk mitigation, and real-time
monitoring of all network device access, configuration, and activities for any node attached to an IP network.
In this way, EVAS gives the security team the right view to be able to visualize its network topology through a
cybersecurity lens and then react immediately with proactive controls.
cybersecurity lens and then react immediately with proactive controls.
As of 2014, EVAS is no longer a concept but rather an established network security technology in the enterprise.
According to ESG research, 40% of enterprise organizations use EVAS extensively while another 44% say they use
EVAS somewhat. When asked to identify the factors driving greater use of network access controls overall,
enterprise security professionals point to EVAS drivers such as addressing IT risk, enabling mobile users and devices,
and aligning network security with the increasing use of Wi-Fi for network access (see Figure 1).
According to ESG research, 40% of enterprise organizations use EVAS extensively while another 44% say they use
EVAS somewhat. When asked to identify the factors driving greater use of network access controls overall,
enterprise security professionals point to EVAS drivers such as addressing IT risk, enabling mobile users and devices,
and aligning network security with the increasing use of Wi-Fi for network access (see Figure 1).
1
1
, August 2014.