IT Connection from Current Analysis
| How to Login | How to Navigate |
Home Products Suppliers Real-Time Analysis   Sign Up Now - FREE Sample Reports FAQs About Us
IT Connection Product Assessment reports provide in-depth analysis of more than 200 products and services. Each Product Assessment report includes expert analyst advice and recommendations on what to look for when making buying decisions. Click here to view sample reports.

Enterprise Security
Product Assessments
More Information | Products | Suppliers | Real-Time Analysis |

Product Landscape Chart
Network Access Control

Report Information | Contents | Buying Criteria | Product Metrics |

Available Product Assessments

Cisco NAC Appliance
Cisco has introduced a set of new appliances, chiefly with the goal of introducing FIPS compliance. This provides a broader, more secure set of deployment options for Cisco NAC customers. (3/31/2010)

| Subscriber Access | Sign Up Now | View Sample Reports |

Juniper Networks Unified Access Control
Juniper UAC has not had a significant product revision in the last six months. The product, however, remains competitive in the space. (3/31/2010)

| Subscriber Access | Sign Up Now | View Sample Reports |

McAfee NAC
McAfee NAC has not had a significant update in the last six months. (4/8/2010)

| Subscriber Access | Sign Up Now | View Sample Reports |

StillSecure SafeAccess
StillSecure is a popular technology partner with network equipment vendors looking to jump start their NAC stories. The company did not significantly update its Safe Access product in the last six months. (3/31/2010)

| Subscriber Access | Sign Up Now | View Sample Reports |

Symantec NAC
Symantec continues to work to better integrate its NAC solution with its broader suite of security and systems management products. The product has not had a significant upgrade in the last six months. (3/31/2010)

| Subscriber Access | Sign Up Now | View Sample Reports |

Top

Product Assessment Report Information

Report Contents

  • Current Perspective Rating
  • Product Strengths & Weaknesses
  • Product Buying Criteria
  • Product Metrics

Top

Network Access Control Buying Criteria

  • Pre-connect Host Posture Assessment
    • Ability to determine the security state, or health, of each device as it attempts to authentication to the network. Typical software checks would include presence of updated AV software and OS patches. Configuration checks might include confirmation that AV and firewall software is turned on. Solutions should be able to create, manage and confirm compliance with policy on a per user or group level.
  • Non-compliant Host Quarantine and Remediation
    • Ability to place non-compliant devices into a restricted subnet where typically the only available resources are remediation servers and/or Internet access if additional third party remediation resources are also required. Solutions do not need to include patch management functionality but should integrate with existing patch management products.
  • Identity Awareness
    • Ability to capture authentication information and to link user identity to network traffic. NAC solutions are NOT expected to perform network authentication, rather they are expected to help enforce authentication by leveraging existing AAA and directory services and redirecting unmanaged devices (e.g., using captive portals) where identity information can be collected. Identity information can also provide an important overlay to network traffic data for audit and reporting capabilities. Ability to deliver policy driven access to network resources based on user identity. Solutions should be able to extract role data from existing identity databases and support role-based provisioning and access management based on corporate or regulatory access policy.
  • Post-connection Threat Detection and Containment
    • Ability to continuously monitor network traffic and react to threats in real time by leveraging NAC quarantine enforcement. Solutions typically employ behavioral anomaly techniques to detect unknown threats to the network. Enforcement and remediation are done through the same infrastructure that supports pre-admission NAC.
  • Cost and Ease of Use
    • Network access control is a complex, immature, and evolving concept. Ease of deployment and the associated issue of scalability are important buying criteria. Interoperability with network infrastructure, security products, both host-based and network based, and systems management solutions are also important considerations. And finally, given the scope of NAC deployments, cost is always an important consideration.

Top

Network Access Control Product Metrics

  • Endpoint Detection
    • RADIUS Server
    • DHCP
    • 802.1x
    • Inline Appliance
    • Out of Band Appliance/Passive Scanner
    • IPSec VPN
    • SSL VPN
    • Other
  • Posture Checking (Means)
    • Agent (Native or Third-party)
    • Temporary Agent (Native or Third-party)
    • Agentless
  • Posture Checking (Depth)
    • OS Patches
    • Software Whitelists
    • Registry Settings
    • Personal Firewall
    • HIPS
    • Software Blacklists
    • Software Configurations
    • System/Policy Mgmt Agents
    • Patch Mgmt Agents
    • Microsoft Security Patches
  • Quarantine Enforcement
    • VLANs
    • Endpoint
    • Switch
    • Router
    • DHCP
    • Network-based Inline
    • Network-based Out of Band
    • Other
  • Remediation
    • Trouble Ticketing Systems
    • Patch Managers
    • Systems Mgmt Systems
    • Network Mgmt Systems
    • Vulnerability Mgmt Systems
    • Other
  • Policy Mgmt & Reporting
    • Policy Creation Environment
    • Policy Templates
    • Reports by Industry Regulation
    • Aggregate Security Status Reports Tied to Policy
    • Reports by IP Address/MAC Address/User Name
    • Custom Reporting
  • Identity-based Authentication
    • RADIUS
    • AD/LDAP
    • Windows Login
    • Web Login
    • Identity-aware DHCP
    • Other
  • Network Resource Access Control
    • Role-based Provisioning
    • Extract Role Info from LDAP
    • Extract Role Info from Active Directory
    • Extract Role Info from RADIUS
    • Tie User to Traffic/Policy
    • Allow Segmented Access Based on Risk
    • Post-connect Security
    Post-connect Security
    • Continual Real-time Infection Detection
    • Firewall Policies
    • Anomaly Detection
    • Signature Matching
    • Other
  • Continual Real-time Infection Detection
    • IPS
    • Firewall
    • Dedicated Appliance
    • Switch or Router-based Enforcement
    • Other
  • Pricing
    • Priced per seat/box/etc.
    • Base List Price

Top

| Home | Products | Suppliers | Real-Time Analysis | Sample Reports | About Us | Sign Up Now | FAQs | Site Map |
Click here to sign up, or contact us at: ITConnection@currentanalysis.com or call +1 703-788-3700.
All materials Copyright Current Analysis, Inc. Reproduction or distribution prohibited without express written consent.