Check Point Software is announcing a supplemental NAC architecture this week that integrates its deep-inspection firewalls with Intel-based network interface cards to block rogue behavior.

The latest version of Check Point’s VPN-1 NGX software enables postadmission NAC by finding traffic that violates security policies and shutting it down at the NIC of the machine generating it.

This requires NICs in desktops based on Intel’s vPro technology, which contains programmable hardware filters to block traffic.

Check Point already had a means to block malicious traffic at the desktop via its Integrity client software, which includes a firewall that can block traffic based on set policies. The software also scans desktops and laptops for security posture, and that information can be used to allow or deny network access.

Adding access controls via firewalls and NICs gives customers an additional option for deploying admission security. For example, a company that upgrades its PCs routinely might acquire the Intel hardware needed to execute admission policies. HP and Gateway have announced desktops employing vPro technology.

Customers could use the NICs to enforce NAC policies without deploying the Integrity client, a time-consuming task to take on, because it includes not only installation and configuration but ongoing maintenance.

The new Check Point software release supports cooperative enforcement between its VPN-1 firewalls and the NICs. To enable the enforcement, customers must write scripts that instruct the NICs what traffic to block or divert to quarantine VLANs. Check Point says that in later releases, the script writing will be masked behind a graphical user interface that will make it simpler to configure NAC policies for the NICs to enforce.