StillSecure Safe Access

Cost: Pricing starts at $20 per IP address

Score: 3.83

StillSecure Safe Access is an appliance that can be deployed in three scenarios – as part of an 802.1X authentication scheme, sitting in-line or working in conjunction with DHCP server. In the last scenario, which is sometimes the only option for an organization based on infrastructure limitations, is when SafeAccess performs an endpoint assessment before the DHCP server gives the endpoint an IP address and provides network access. The drawback with DHCP is that a static IP addresses can bypass the endpoint-assessment process.

For testing, we deployed Safe Access in-line between the access and distribution layer of our test network.

Guest access is handled by StillSecure using a captive Web portal. When the guest users try to gain network access through the portal, an Active X agent is pushed out to the unknown machine to perform the system assessment. Managed systems can have a persistent agent installed on the system or be assessed agentlessly (remotely) using administrator credentials provided to the Safe Access system.

User authentication can occur against a Lightweight Directory Access Protocol store or relational-database management system. For testing, we configured Safe Access to integrate with our LDAP-based Active Directory server, which worked fine, requiring only that we enter the username/password to access the directory and the base distinguished name search for our directory.

StillSecure’s authorization is based on groups defined by physical items, such as IP address or domain name. In this process you define which endpoint-assessment policies are run against which devices. You use the general-management GUI to create an access policy and then map the endpoint checks to be performed against a device group. With StillSecure, there is no means to set up authorization based on users’ roles as there are in most other products tested.

Device-based access works well when you have a diverse population of users with the same endpoint-security requirements. User-based access works best when you have specific security requirements for a user’s role, and they could be using different endpoint systems.

The information collected about any machine coming onto the network is just username as well as MAC and IP addresses, which is an average amount of data collected by the devices tested.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports