Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Embracing Zero Trust and Moving Beyond Traditional NAC–The Fax Machine of Network Security

By Suresh Katukam, CPO & Co-Founder, Nile

The security landscape has undergone significant changes since the development of traditional Network Access Control (NAC) systems over 20 years ago. NAC systems haven't kept pace with the shift to cloud, Software as a Service and the explosion of device types on enterprise networks. Overly complex, painful to manage and vulnerable to cyberattacks, traditional NAC appliances are now the fax machine or pager of network security. In fact, emerging cyber threats are increasingly targeting and exploiting outdated networks and inadequate NAC implementations. According to Gartner, the NAC market is declining considerably because of its inefficiencies and security deficits.

Why traditional NAC is the Fax Machine of Network Security

Traditional NAC solutions are band-aids applied to underlying networks that were never designed for security. These networks are inherently over-permissive, built on outdated constructs like Virtual Local Area Networks (VLANs) that require expert configuration just to enforce basic access policies. They represent a major security liability- in fact, 60% of cyberattacks take advantage of lateral movement and network-level weaknesses. Once a device is compromised, bad actors can easily discover other assets and spread malware unchecked. Out-of-band NAC only adds complexity; moreover, it doesn't eliminate the fundamental risks baked into the network's foundation.

NAC was originally created for wireless networks and is often too complex and unreliable to use effectively in wired environments. Indeed, the vast majority of organizations outright avoid using NAC for wired environments for these reasons. Traditional NAC solutions try to bolt on control, but it's a broken, fragile stopgap for a fundamentally insecure foundation. Put simply, traditional NAC solutions do not work in today's environments. Likewise, legacy networks cannot meet modern enterprise security needs because of their own inadequacies. It's time to embrace a new campus zero-trust model designed for today's evolving threats, user behavior and cloud-centric application use. 

Core Zero Trust Principles

The zero trust security framework assumes, by default, that no user or device is implicitly trustworthy, regardless of origin-inside or outside the network. Campus zero trust refers to applying this same principle, but within a primary or branch network environment. Other core principles of campus zero trust include:

  • Default Deny: Stop the lateral movement of malware.
  • Identity-Based Access: Authenticate every user and device-wired or wireless.
  • Continuous Authentication: Continuous validation in the background.
  • Least Privilege Access: Granular control with micro-segmentation.

NAC and VLANs do not adhere to zero trust principles. VLANs, for example, allow everyone on the network to talk to each other, enabling bad actors to propagate ransomware and move laterally, which flies in the face of the "Default Deny" principle. VLANs segment by location, not by risk, meaning they cannot stop hackers from spying on intra-VLAN traffic. Moreover, organizations must bolt on traditional NAC rather than building it into the network; as a result, it lacks micro-segmentation capabilities, i.e., the "Least Privilege Access" principle.

Comparing Traditional NAC with Campus Zero Trust

Organizations still relying on legacy NAC solutions are operating with tools built for a different era-akin to using a pager in the age of smartphones. Meanwhile, attackers have leveled up. With AI and automation at their disposal, they can easily pinpoint and exploit unmanaged ports, misconfigured VLANs, overlooked Internet of Things (IoT) devices and gaps in static NAC policies. Organizations must match modern threats with modern solutions, i.e., campus zero trust.

Campus zero trust enhances an organization's ability to secure its networks more so than traditional NAC. For starters, organizations don't need VLANs within a campus zero-trust model. Recall that VLANS only segment by location rather than risk. With campus zero trust, organizations can isolate every device, IoT, OT, enterprise-managed, etc., into a unique segment where all traffic gets inspected. This isolation permits users in campus and branch environments to use these devices without risking the proliferation of malware. Campus zero trust architecture also eliminates the need for on-premise and out-of-band appliances, reducing the attack surface via the removal of discrete hardware that can be misconfigured, bypassed or exploited.

Unlike the patchwork of traditional NAC solutions, organizations can build campus zero trust directly into the network infrastructure. This native approach embeds security and access control at every port, access point, switch and flow-making it inherently more secure and scalable. Campus zero trust solutions are much easier to manage compared to the complexity of configuring underlying networks with VLANs, ACLs and disjointed policy engines. Instead of layering on additional software and tools, organizations get zero trust capabilities without the burden of deploying, managing or monitoring separate systems.

What to look for in an ideal solution?

Email replaced the fax machine as the more modern, cost-effective and efficient alternative. However, campus zero trust isn't a NAC replacement but a complete network transformation. And while campus zero trust is light years ahead of NAC systems, not all campus zero trust solutions are the same.

Some of the key characteristics organizations should look for in a solution include AI automation for IT teams to scale access control and policy enforcement as the network grows. A best-in-class campus zero-trust solution will also account for today's evolving threats and cloud-centric application use. Besides cloud-delivered management and analytics, an ideal solution will provide consistent zero-trust access across the entire campus, both wired and wireless endpoints.

##

ABOUT THE AUTHOR

Suresh Katukam 

Suresh Katukam is the Chief Product Officer and co-founder of Nile. Internally, Suresh is endearingly referred to as the "Chief Disrupter" due to his unending drive to tackle seemingly unsolvable problems. Suresh has infused this attitude into Nile's culture, creating a company-wide obsession to both reimagine and redefine the decades-old field of networking.

Suresh has over 20 years of leadership experience across engineering, product management, business development, and M&A from notable technology leaders including Cisco, Aruba Networks, and AWS. At AWS, Suresh led Artificial Intelligence (AI), Machine Learning, and Internet of Things technology partnerships.

Suresh's innovative mindset is evident in his work. He has co-authored technology standards, published AI research papers, and has 40 patents in networking and security. Suresh has an M.B.A. from the Anderson School of Management, UCLA, an M.S. in C.S. from Arizona State University, and a B.S. in Computer Science from BITS, Pilani, India.

Published Thursday, July 03, 2025 7:30 AM by David Marshall
Filed under:
Get This Featured White Paper: Data Deduplication for Backup Q&A
You may also be interested in this white paper: Innovative AI Strategies Supporting Trusted Data Recovery
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
capacity-europe
APIWorld
DTE2025
CGDC
HAF
IPSF
vExpert
Calendar
<July 2025>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789