01:28 PM
Connect Directly
Repost This

Black Hat Presentation To Show Flaws In NAC

An Israeli vendor of monitoring systems plans to demonstrate specific weaknesses associated with a variety of network access control systems.

On Wednesday, an IT security expert will give a speech warning that virtually any network access control system (NAC) may be dangerously flawed.

Ofir Arkin, CTO and co-founder of Insightix, will give his presentation on Wednesday morning at the Black Hat security conference in Las Vegas. The annual show, which started in 1997, is designed to educate IT professionals on the latest security research.

Insightix is an Israel-based developer of agentless, real-time IT infrastructure discovery and monitoring solutions. Arkin's presentation will focus on the "new breed" of NAC software from vendors such as Sygate and Microsoft, and NAC hardware from companies such as Cisco and Vernier Networks.

The emergence of these tools has created a host of different NAC strategies, but Arkin's point is that none of them is as airtight as their vendors, solution providers or customers think they are or would like them to be.

Arkin will use the one-hour session to present specific flaws associated with each type of approach. His aim is not to single out any NAC developers, but to underline the breadth of the problem.

"Vendors do know the limitations of their technology, and some have contacted me to try to find out what I'm presenting," he says. "I'm not making any vendor endorsements or trying to promote Insightix; I'm just trying to make the point that if you don't really understand what's on your network, any NAC solution will have problems."

For example, he says it's common for the IT departments at Insightix's clients to routinely underestimate how many different elements reside on their networks, sometimes drastically.

"For a good number of these systems, the IT department simply doesn't know how many elements they have; they could be off by 150 to 200 in some cases," he says, adding that standard network discovery tools may not always be able to find every element sitting on a network.

Arkin says it's crucial that IT organizations take a closer look at their systems to get a complete picture of what security battles they need to be fighting.

"People need to understand that NAC is not bulletproof and that's it's something important that needs to be taken care of," he says. "They might already have the right solution to handle their NAC issues, but they need to understand where to apply it."

The full presentation will be available for download from and from shortly after the session.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.