Network admission control servers (“NAC servers”) typically base their determination of whether to allow a client to join a network on whether the client is up-to-date with patches and security definitions. In some cases, NAC servers may also require authentication, such as by requiring a user to enter in a username and password before being granted access to a network. If the client is not up-to-date, the NAC may require the client to join a remediation network where the appropriate patches and definitions can be applied. Once the client is up-to-date, the client is admitted to the network.
Once admitted to the network, however, the client's security posture (e.g., factors upon which admission was granted) may change. Actions taken by a user, such as downloading and installing software, modifying the registry, and so on, may put a system admitted previously to the network into a state in which admission would have been denied. There are also many forms of malicious software/code, sometimes referred to as “malware,” that exploit unknown vulnerabilities, system misconfigurations, third party software, and so on, which may make changes to an admitted system. In each of these cases, a client may be admitted to the enterprise network by a typical network admission control server, and remain admitted once circumstances have changed, despite the significant risk that the client potentially poses by virtue of changes on the client subsequent to its being admitted to the network.
Therefore, it would be desirable to have a better way to make and reassess network admission decisions.