While walking the floor at Interop in NYC this week, I stopped to chat with the guys at the Cyberoam booth. Cyberoam provides a security appliance that provides identity-based Unified Threat Management (UTM). Similar to most Network Access Control (NAC) devices, the solution grants and denies access to systems and resources based on the IP+port destination address. Typically, this is done at the network layer by enforcing policies based on the requesting machine's MAC address (laptop X is allowed to access application Y on server Z).
Cyberoam's messaging is that they are identity-based. This means that the appliance (the red box below) doesn't enforce policies strictly based on MAC address (the user's hardware). It is identity-aware in that it knows who is logged onto the desktop, verifies policies and access rights against the network directory (Microsoft's Active Directory, for example) and grants access to the user rather than to the machine. This is a level of protection and intelligence above purely hardware-driven NAC solutions.
If access to systems and assets across the network is based on data held within Active Directory, then you better be able to monitor changes to that data and get immediate alerts if there's a policy breach. If it's true that 88% of IT admins would steal from their employers or snoop around the network, then an environment that puts the keys to the kingdoms in the hands of the Active Directory administrators needs a comprehensive ability to audit and monitor administrative activity.
So, if you are a Cyberoam customer or if you have a similar NAC or UTM solution that relies heavily on the network directory, please let me know. Even if you're not interested in finding a monitoring solution, I'll buy you a cup of coffee and maybe lunch if you're willing to tell me about your environment, the business challenges, how it's going, what risks you see, etc..