IT Connection Product Assessment reports provide in-depth analysis of more than 200 products and services. Each Product Assessment report includes expert analyst advice and recommendations on what to look for when making buying decisions. Click here to view sample reports.
Cisco NAC Appliance
Cisco has introduced a set of new appliances, chiefly with the goal of introducing FIPS compliance. This provides a broader, more secure set of deployment options for Cisco NAC customers. (3/31/2010)
Juniper Networks Unified Access Control
Juniper UAC has not had a significant product revision in the last six months. The product, however, remains competitive in the space. (3/31/2010)
StillSecure SafeAccess
StillSecure is a popular technology partner with network equipment vendors looking to jump start their NAC stories. The company did not significantly update its Safe Access product in the last six months. (3/31/2010)
Symantec NAC
Symantec continues to work to better integrate its NAC solution with its broader suite of security and systems management products. The product has not had a significant upgrade in the last six months. (3/31/2010)
Ability to determine the security state, or health, of each device as it attempts to authentication to the network. Typical software checks would include presence of updated AV software and OS patches. Configuration checks might include confirmation that AV and firewall software is turned on. Solutions should be able to create, manage and confirm compliance with policy on a per user or group level.
Non-compliant Host Quarantine and Remediation
Ability to place non-compliant devices into a restricted subnet where typically the only available resources are remediation servers and/or Internet access if additional third party remediation resources are also required. Solutions do not need to include patch management functionality but should integrate with existing patch management products.
Identity Awareness
Ability to capture authentication information and to link user identity to network traffic. NAC solutions are NOT expected to perform network authentication, rather they are expected to help enforce authentication by leveraging existing AAA and directory services and redirecting unmanaged devices (e.g., using captive portals) where identity information can be collected. Identity information can also provide an important overlay to network traffic data for audit and reporting capabilities. Ability to deliver policy driven access to network resources based on user identity. Solutions should be able to extract role data from existing identity databases and support role-based provisioning and access management based on corporate or regulatory access policy.
Post-connection Threat Detection and Containment
Ability to continuously monitor network traffic and react to threats in real time by leveraging NAC quarantine enforcement. Solutions typically employ behavioral anomaly techniques to detect unknown threats to the network. Enforcement and remediation are done through the same infrastructure that supports pre-admission NAC.
Cost and Ease of Use
Network access control is a complex, immature, and evolving concept. Ease of deployment and the associated issue of scalability are important buying criteria. Interoperability with network infrastructure, security products, both host-based and network based, and systems management solutions are also important considerations. And finally, given the scope of NAC deployments, cost is always an important consideration.
Product Landscape Chart
