IT Connection Product Assessment reports provide in-depth analysis of more than 275 products and services. Each Product Assessment report includes expert analyst advice and recommendations on what to look for when making buying decisions. Click here to view sample reports.
Cisco NAC Appliance
Cisco has made several enhancements to its NAC solution in the first half of 2009, including a new release of Cisco NAC Guest Server. (8/10/2009)
ConSentry Networks LANShield
ConSentry announced a new senior management team and a new round of funding in early 2009. The company did not, however, announce any significant updates to LANShield in H1 2009. (7/23/2009)
Juniper Networks Unified Access Control 2.1
Juniper has emerged as a thought leader in the NAC market and it continues to mature its Unified Access Control solution rapidly. (7/27/2009)
StillSecure SafeAccess
StillSecure is a popular technology partner with network equipment vendors looking to jumpstart their NAC stories. The company did not significantly update its Safe Access product in H1 2009. (7/23/2009)
Symantec NAC 11.0
Symantec continues to work toward better integration of its NAC solution with its broader suite of security and systems management products. (7/24/2009)
Ability to determine the security state, or health, of each device as it attempts to authentication to the network. Typical software checks would include presence of updated AV software and OS patches. Configuration checks might include confirmation that AV and firewall software is turned on. Solutions should be able to create, manage and confirm compliance with policy on a per user or group level.
Non-compliant Host Quarantine and Remediation
Ability to place non-compliant devices into a restricted subnet where typically the only available resources are remediation servers and/or Internet access if additional third party remediation resources are also required. Solutions do not need to include patch management functionality but should integrate with existing patch management products.
Identity Awareness
Ability to capture authentication information and to link user identity to network traffic. NAC solutions are NOT expected to perform network authentication, rather they are expected to help enforce authentication by leveraging existing AAA and directory services and redirecting unmanaged devices (e.g., using captive portals) where identity information can be collected. Identity information can also provide an important overlay to network traffic data for audit and reporting capabilities. Ability to deliver policy driven access to network resources based on user identity. Solutions should be able to extract role data from existing identity databases and support role-based provisioning and access management based on corporate or regulatory access policy.
Post-connection Threat Detection and Containment
Ability to continuously monitor network traffic and react to threats in real time by leveraging NAC quarantine enforcement. Solutions typically employ behavioral anomaly techniques to detect unknown threats to the network. Enforcement and remediation are done through the same infrastructure that supports pre-admission NAC.
Cost and Ease of Use
Network access control is a complex, immature, and evolving concept. Ease of deployment and the associated issue of scalability are important buying criteria. Interoperability with network infrastructure, security products, both host-based and network based, and systems management solutions are also important considerations. And finally, given the scope of NAC deployments, cost is always an important consideration.
Product Landscape Chart
