Slideshow

Network access control in a nutshell

12 Photos Joel Snyder (Network World)

Twelve leading NAC products put to the test

  • Vendor: Alcatel-Lucent Product: Safe NAC (Alcatel-Lucent OmniSwitch switches, OmniAccess wireless controllers, OmniVista management tool, plus CyberGatekeeper endpoint security checker from InfoExpress. Pros: Strong endpoint security checking, complete NAC solution Cons: Lack of integration between Alcatel-Lucent and InfoExpress products; confusing array of configuration and management options. Recommended for: Companies interested in comprehensive endpoint NAC and fine-grained access control

  • Vendor: Microsoft Product: Network Access Protection (NAP), includes NAP client and Network Policy Server Pros: Free to Windows shops, built into products most enterprises already have, many enforcement options Cons: Windows-only, features are relatively primitive Recommended for: All-Microsoft operating system environments where all devices are joined to a Windows domain.

  • Vendor: ForeScout Technologies Product: CounterAct Appliance Pros: Endpoint-centric, provides excellent network visibility Cons: Scalability concerns, weak authentication Recommended for: Companies focused on providing secure guest access, and looking for network visibility.

  • Vendor: McAfee Product: ePolicy Orchestrator, Network Security Manager, N-450 NAC appliance Pros: Strong endpoint security, tight product integration Cons: Lack of fine-grained access control when not in-line Recommended for: McAfee customers

  • Vendor: Alcatel-Lucent Vendor: Avenda Systems Product: eTIPS 5005 Pros: Simplicity, easy-to-use, well-balanced NAC features Cons: Relies on 802.1X authentication Vendor: Bradford Networks Product: Network Sentry Pros: Excellent, mature NAC tool for complex, multivendor environments Cons: Might be too complex and difficult to install for a typical enterprise Vendor: Cisco Product: NAC Appliance Pros: Strong enforcement in-line Cons: Limited tools for fine-grained access control, weaker enforcement at network edge Recommended for: Wireless and VPN environments Pros: Strong endpoint security checking, complete NAC solution Cons: Lack of integration between Alcatel-Lucent and InfoExpress products; confusing array of configuration and management options. Recommended for: Companies interested in comprehensive endpoint NAC and fine-grained access control

  • Vendor: Alcatel-Lucent Vendor: Avenda Systems Product: eTIPS 5005 Pros: Simplicity, easy-to-use, well-balanced NAC features Cons: Relies on 802.1X authentication Vendor: Bradford Networks Product: Network Sentry Pros: Excellent, mature NAC tool for complex, multivendor environments Cons: Might be too complex and difficult to install for a typical enterprise Vendor: Enterasys Product: NAC 3.2 Pros: Ease of use, well thought out, strong feature set Cons: Minor management flaws Recommended for: Enterasys and non-Enterasys networks considering 802.1X-based NAC. Product: NAC Appliance Pros: Strong enforcement in-line Cons: Limited tools for fine-grained access control, weaker enforcement at network edge Recommended for: Wireless and VPN environments Pros: Strong endpoint security checking, complete NAC solution Cons: Lack of integration between Alcatel-Lucent and InfoExpress products; confusing array of configuration and management options. Recommended for: Companies interested in comprehensive endpoint NAC and fine-grained access control

  • Vendor: Alcatel-Lucent Vendor: Avenda Systems Product: eTIPS 5005 Pros: Simplicity, easy-to-use, well-balanced NAC features Cons: Relies on 802.1X authentication Vendor: Bradford Networks Product: Network Sentry Pros: Excellent, mature NAC tool for complex, multivendor environments Cons: Might be too complex and difficult to install for a typical enterprise Recommended for: College campus deployments Pros: Strong endpoint security checking, complete NAC solution Cons: Lack of integration between Alcatel-Lucent and InfoExpress products; confusing array of configuration and management options. Recommended for: Companies interested in comprehensive endpoint NAC and fine-grained access control

  • Vendor: Trustwave Product: NAC 3.4 Pros: Easy to deploy, doesn't require network changes Cons: Poor documentation, reactive Recommended for: Small offices, branch offices Related stories: Ultimate guide to NAC products NAC access control: A multi-dimensional puzzle NAC authentication: Are you ready for 802.1X?

  • Vendor: Alcatel-Lucent Vendor: Avenda Systems Product: eTIPS 5005 Pros: Simplicity, easy-to-use, well-balanced NAC features Cons: Relies on 802.1X authentication Recommended for: Companies that want powerful, easy-to-use management system from a pure NAC vendor. Pros: Strong endpoint security checking, complete NAC solution Cons: Lack of integration between Alcatel-Lucent and InfoExpress products; confusing array of configuration and management options. Recommended for: Companies interested in comprehensive endpoint NAC and fine-grained access control

  • Vendor: HP Product: ProCurve Identity Driven Manager Pros: Cost-effective, strong management features, strong access controls Cons: Endpoint security checking, reliance on HP switches Recommended for: Existing HP switch customers

  • Vendor: Symantec Product: Network Access Control v11 (includes Symantec Endpoint Protection) Pros: Strong endpoint compliance, ease of use Cons: Weak authentication, lack of fine-grained access control Recommended for: Existing Symantec customers

  • Vendor: Juniper Product: Unified Access Control (UAC) 3.1 Pros: Integration with SSL-VPN, powerful feature set, separation of controls Cons: Complexity, works best in Juniper networks Recommended for: Companies focused on guest access and fine-grained access control.

Show Comments