- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $18,009 for 1,000 users
Score: 4.48
Symantec Network Access Control (SNAC) is the product that has evolved from endpoint-security technology the company picked up from its 2005 acquisition of Sygate. In our evaluation, there was no silver bullet that put Symantec on the top of the heap. Rather it edged out the competition for its breadth of coverage in the areas of deployment options, endpoint assessments and flexible policy creation.
SNAC comprises two primary components – Policy Manager and Enforcers. The Policy Manager is the central management server that executes all policy settings. The Enforcers are the distributed devices that perform the endpoint assessments and enforcements. Enforcers can be deployed in three ways: LAN (802.1X), Gateway (in-line) and DHCP integration (delivered as either an appliance or as a Microsoft DHCP plug-in). An appliance can function as any enforcer type, but it cannot function as multiple enforcer types at the same time. For example, it is either deployed as an in-line gateway or used within an 802.1X-enabled LAN, but not both simultaneously. Multiple enforcers can be deployed to provide high availability and redundancy.
For testing, we deployed a Gateway Enforcer 1U appliance sitting between the access and distribution layer of the test be network.
A captive Web portal – dubbed OnDemand by Symantec – supports guest users and is where they pick up a browser-based disposable agent used for both authentication and assessment purposes. Remote access can be supported by either placing a gateway Enforcer in-line behind the remote-access termination point, or Symantec provides API integration with some SSL and IPSec VPN products -- such as Aventail, Check Point, Cisco, Juniper and Nortel -- that provides the ability to assess the endpoint as a condition of the remote-access system granting network access. Both of these scenarios require Symantec’s agent software to be running on the remote machines.
For testing, we also deployed a gateway Enforcer in-line behind the Cisco VPN Concentrator and set up Symantec’s On-Demand component to provide the captive portal, which is a scenario you would use for remote devices that do not have the NAC agent installed.
The Leader in Network Knowledge
Comments (2)
Which NAC vendors were included in this test?By Anonymous on January 29, 2009, 1:33 pmIf Symantec tops the ticket then I would like to know who else was included in these tests.
Reply | Read entire comment
RE: Symantec tops the NAC ticket with its breadth of coverageBy Tony Harbon on August 9, 2007, 5:36 amAs a reseller, we like the Symantec products as they have strong application control. Re: Symantec tops the NAC ticket with its breadth of coverage. With...
Reply | Read entire comment
View all comments