This is cache of http://feeds.feedburner.com/~r/StillsecureAfterAllTheseYears/~3/250768190/agents---cant-l.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Agents - Can't live with them, can't live with them
2008-03-13 08:44:40 by HASH0x8b520ec in StillSecure, After All These Years
 

Actually someone once told me the same thing about women and I am sure women say the same thing about men. But Tim Greene has an epiphany in a recent article about bad news for NAC vendors who rely on agents.

I think we all know that the last thing most enterprises want is another agent on their machines.  Heck, not just enterprises either, no one wants yet another agent.  The reasons for this are many and Tim lays them all out.  For me personally the biggest reason is that too many of these agents (and not NAC agents necessarily) are pigs.  They slow down your machine more than some of the widgets I used to use slowed down my blog page loading.

But Tim offers agentless NAC as a panacea. That it is not. In some cases agentless NAC works great, in others it severely limits what you can test for when and how fast.  Personal firewalls and other such technologies can wreak  havoc on agentless NAC.  You may still need credentials to get any useful information.  Over the years here at StillSecure, we have come to realize that in most real life situations, you need both agent, agentless and even web delivered methods of NAC testing, if you are going to be able to perform NAC against the entire spectrum of devices logging on to the network.  There is no one perfect way to do NAC. If there was, everyone would do it that way.  A good NAC solution should be flexible enough to offer multiple methods of testing.

One other thing I noticed was in the comments to Tim's article Dan Clark from over at Lockdown tried to make a comment and refer back to the Lockdown blog for his further commentary on this. The next comment though from Robert B I thought was priceless. It isn't that long, so let me just paste it in here:

Does anyone else find vendor blogs like nactalk.lockdownnetworks.com a little troubling? They appear as a neutral blog discussing a topic, except they only contain the vendor's point of view.

While they seem to allow comments, the one time I registered and tried to comment, it was never approved. I'm assuming that since none of their other "vendor patting themselves on the back" articles have comments, I am not the only one.

Hey Robert I agree with you. The Lockdown Blog is a pretty thinly veiled attempt at a cheap marketing outlet. A review shows they put up an article a month and never have any comments as Robert points out. That is not a blog, the same way many vendors who claim to offer NAC don't really have a NAC solution. However, I would hope that not all vendors who blog are painted with that same brush.  Besides myself, there are several excellent blogs authored by people who are also working for vendors. Not to say we are not biased, but I think there is a clear distinction there.

 
Tags: nac solution, nac, offer nac, perform nac, agentless nac, nac agents necessarily, blog page, blog, agents
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia