| Symantec Network Access Control V5.1 |
ForeScout CounterACT CT100 |
Lockdown Networks Enforcer 4.5.2 |
Unified Access Control 2.0 |
| Symantec |
ForeScout Technologies |
Lockdown Networks |
Juniper Networks |
| $18,000 for 1,000 users. |
Starts at $14,000. |
$25,000 per appliance, which supports up to 2,000 users. |
$30,000 for 1,000 users. |
| Unique and powerful location-based policies; supports user- and device-based policies; intuitive; easy-to-navigate interface; very wide breadth of endpoint assessment capabilities. |
Endpoint assessment timing can be configured on a check-by-check basis; wide variety of enforcement options; unique network portal is useful for data analysis; one of the stronger reporting engines tested. |
Great administrative interface; strong reporting tools; very capable vulnerability scanning tool included. |
Strong basic NAC components; integrates well into existing Juniper environment; easy to use. |
| Reporting engine could be improved to provide more options and functionality. |
Workarounds to maintain agentless architecture may not sit well with some organizations. |
Complex policy management. |
Minimal reporting capabilities. |
| ConSentry LANShield switch and InSight Manager 3.1.1 |
StillSecure Safe Access |
Check Point Integrity NGX |
Vernier EdgeWall 8800 |
| ConSentry Networks |
StillSecure |
Check Point |
Vernier Networks |
| $14,000 for LANShield switch; $3,000 for 100 agents; $8,000 for Insight Manager. |
Pricing starts at $20 per IP address. |
$37,000 for 1,000-user license. |
$45,000 for chassis, support for 1,000 users and one Control Server management appliance. |
| Security functions reside directly in the switch; strong reporting features. |
Minimal endpoint impact noted during integrity assessment; intuitive, easyto-use management GUI. |
Easy to deploy and manage; offers flexibility and detail in policy definition. |
Provides flexible, detailed security for groups of users; has built-in intrusion-detection engine. |
| InSight Manager console not intuitive; endpoint assessment not well integrated. |
Minimal reporting; powerful, Python-based custom checks require a skill set many organizations may not have in-house. |
No preconfigured Windows patch support for posture checking; minimal custom checks functionality. |
Not easy to use; offers no reporting functionality beyond log review. |
| Trend Micro Network VirusWall Enforcer 2500 |
Bradford Networks NAC Director |
InfoExpress Dynamic NAC for Windows |
Cisco NAC Appliance 4.1 |
McAfee NAC 2.5 |
| TrendMicro |
Bradford Networks |
InfoExpress |
Cisco |
McAfee |
| $25,000. |
$32,200 for 1,000 users. |
$40 per user. |
Pricing starts at $18,000 for Clean Access Server and Clean Access Manager. |
$20,400 for 1,000 users. |
| Quick to deploy and easy to administer. |
Provides easy integration into existing environments by directly controlling network switch flows; supports all access environments; taps into multiple authentication servers; user roles are well integrated with Active Directory. |
No network infrastructure changes required for NAC. |
Allows for flexible policy creation, because physical endpoint checks are separate from endpoint software requirements; strong authentication and authorization features. |
Easy-to-use wizard process for rule creation; overall management through ePolicy Orchestrator is very mature. |
| No custom check functionality; no ability to assess status of client firewall programs. |
Network switch control can be a controversial approach to NAC; management features are not easy to use. |
Disparate management tools required; policy management interface needs to be streamlined. |
Noticeable performance impact on endpoint during posture assessment; minimal reporting capabilities; Cisco API required to analyze assessment results; overall confusing management interface; checks run only at initial connection time. |
Minimal to out-of-box reporting with no custom report capability; no custom check development functionality; canÕt authenticate using external repositories; no support for guest users. |
|
