Sophos NAC client adapts to virtual environments

Sophos will be coming out with software that adapts its NAC technology to virtual environments. The problem the company is trying to address is that in virtual environments, a physical machine that hosts virtual machines already has access to the network, says Richard Jacobs, the CTO of Sophos. The switch port that the host machine connects to cannot be used as a NAC policy enforcement point because the host machine's status would determine the NAC policy for itself and for all the virtual machines running on it.
That single policy would then have to apply to all the virtual machines running on the host, regardless of the status of the individual virtual machines, he says. A non-compliant virtual machine that tries to come onto the network could change the NAC status of the host, and enforcing that new status would block all the other virtual machines, even if they are compliant, he says.

When one more virtual machine on a physical machine wants to access the network, there is no other place than a control agent on the physical machine itself to enforce NAC policy, Jacobs says. The agent would act as a NAC gateway for all the virtual machines

The agent would become part of Sophos's NAC client software so that customers would deploy the same client to both physical and virtual machines to make deployment simpler. The gateway agent would come into play on the virtual machines and on the hosts. (Compare NAC products)

Jacobs says the company doesn't have a name yet for this enforcement agent, nor does it have a date when it will become available as a product. Stay tuned.

RELATED INFO:
Hacker writes rootkit for Cisco\'s routers

Source:

http://www.networkworld.com