Enterasys is adding its own brand of endpoint vulnerability assessment to the company's NAC package.

Until now, Enterasys customers who wanted to include endpoint vulnerability assessment as part of their NAC checks had to use third-party tools, typically from Check Point, Microsoft or Symantec, the company says. The tool costs a one-time $5 per device, which is less than the recurring fees charged by third parties.

The software can test machines that are unable to run vulnerability-assessment agents such as IP phones, printers and cameras to check whether they have been hijacked to perform other functions. For example a copier that has been commandeered to run a mail server could be detected by responding to mail requests sent by an Enterasys NAC appliance.

The software can also make use of a full vulnerability assessment agent deployed to managed PCs or Mac desktops.

Customers can dial up or down the thoroughness of the vulnerability scans to strike a balance between security and end-user patience. Out of the box, the software is set to perform checks that take about a minute, but more thorough checks take longer.

Enterasys says that some of its customers thought they had vulnerability assessment as part of the software bundles they bought from third-party security software vendors, but discovered that they didn’t. These customers requested that Enterasys offer its own assessment software.

The new software runs on both the Enterasys inline and out-of-band Enterasys NAC appliances. Enterasys says this capability is part of Microsoft’s Vista and Windows Server 2008 products, and that eventually customers may switch to that as they adopt Vista. (Compare NAC products)

Tim Greene is senior editor at Network World.