Enterasys Integrates NAC Assessment
Agent and Agent-less Capabilities Embedded Across NAC Appliances
We are pleased to announce new integrated endpoint assessment capabilities for the Enterasys® Network Access Control (NAC) in-line and out-of-band appliances, and embedded switch modules that enable enterprises to ensure only the right users have access to the right information from the right place at the right time. The agent-based or agent-less assessment offers deployment flexibility while determining health posture scoring for laptops, desktops, servers, printers, phones, copiers, cameras, etc. aligned with industry standardization efforts. Interoperability has been proven with Microsoft NAP and the Trusted Computing Group’s TNC.
Enterasys NAC Features:
- Upgradable NAC Controller and NAC Gateway which allow assessment to be integrated onto a single appliance with the other NAC functions for discovery, authentication, authorization, and remediation.
- Ability to work with multiple assessment servers, authentication servers, and security software agents to match the needs of different organizations who may have already deployed assessment technology from Check Point, eEye, Microsoft, Symantec, and Tenable.
- Agent-less assessment scans for the SANS Top 20 vulnerabilities, as well as hundreds of other operating system and application vulnerabilities.
- Endpoint agent scans for anti-virus and firewall status along with operating system patches and peer-to-peer file sharing applications. The agent can also look for any process or registry entry and automatically remediate.
- Integrated management visibility and control of pre-connect and post-connect behavior can be supported on over 30 million switch ports that have been shipped.
- Integration with existing wired/wireless network connectivity for Layer 2, Layer 3, and VPN environments to avoid forklift upgrades.
Tight Integration with Enterasys Dragon®
The new Enterasys NAC offerings are tightly integrated with Enterasys Dragon® advanced security applications for intrusion prevention, network behavioral analysis, and security information management to deliver best-in-class post-connect access control. The latest Enterasys NetSight® NAC Manager configuration and reporting software offers centralized visibility and control with distributed policy enforcement to manage the networked infrastructure holistically rather than box-by-box.
IP-to-ID Mapping Feature Delivers Advanced Security
The Enterasys NAC IP-to-ID Mapping feature delivers a real-time view of who and what is connected where on the network by binding together the user name, IP Address, MAC address, and physical port of each endpoint — a key requirement for auditing and forensics. IP-to-ID Mapping leverages Kerberos snooping, RADIUS proxy, and IP traffic observation techniques which are used by NetSight Automated Security Manager to implement distributed intrusion prevention; and by Dragon Security Command Console to pinpoint within seconds a threat source location for containment and remediation.
The Enterasys NAC Advantage:
- Business-oriented granular visibility and control over individual users, devices, and applications.
- Policies that permit, deny, prioritize, rate-limit, tag, re-direct, and audit network traffic based on user identity, time and location, device type, and other environmental variables.
- Support of RFC 3580 port and VLAN-based quarantine for Enterasys and third-party switches, plus more powerful Secure Networks™ isolation policies on Enterasys switches (which, among other benefits, prevent compromised endpoints from launching attacks on other quarantined endpoints while in the quarantine state).
- Phased deployment options to enable organizations to start with simple endpoint detection and location directory information, add authentication/authorization, and/or assessment, and then automate remediation.
What they are saying…
“For organizations to truly exploit the potential of NAC deployments, vendors need to support a broad set of network infrastructure and threat protection devices. NAC offerings need to interoperate in heterogeneous networking environments by providing endpoint assessment, enforcement across all leading switches and routers, and containing threats detected by multi-vendor intrusion detection/prevention systems.”
Paula Musich
Senior Analyst, Enterprise Security,
Current Analysis
“As NAC evolves, it is clear that NAC is a feature of the infrastructure rather than a separate market. Our 25-year track record of innovation, experienced support, and open-architecture interoperability, coupled with our security and management software expertise, enables us to deliver a NAC solution that is cost-effective, practical, and achievable to deliver rapid time-to-value.”
Trent Waterhouse
VP of Marketing,
Enterasys