- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $24,995
Score: 3.53
Trend Micro’s Network VirusWall Enforcer focuses on outbreak prevention -- identifying and preventing malware outbreaks – which makes sense since the company has a long history in that segment of the security market.
The appliance sits in-line on the network, monitoring all packets for malicious traffic and assessing endpoints for both active infections and key vulnerabilities that could lead to infection. Trend Micro’s offering is similar to those shipping from ForeScout and ConSentry, but those products provide more in-depth functionality in intrusion prevention, such as anomaly detection and analysis on full traffic streams. Trend Micro focuses on virus outbreaks.
VirusWall appliances can run a primary/secondary pair for availability. It can also fail open to allow network traffic to continue to pass in the event of a device failure. Management is available on the appliance using a Web GUI, or Trend Micro offers a centralized management program called Control Manager, which can drive multiple VirusWall devices.
Endpoints that are not in compliance with set policy can be placed in quarantine, where traffic to and from the endpoint is blocked except for traffic explicitly allowed by policy, such as the ability to access the URL to receive the missing software.
User authentication is supported against the standard user repositories in Active Directory and Lightweight Directory Authentication Protocol. For testing, we configured the VirusWall to authenticate users against our Active Directory database without issue.
Guests are defined as a nonauthenticated users, and therefore you can define a more restrictive set of access policies than what is allowed for the general, trusted user population. Assessment policies are defined to apply either to an authenticated or nonauthenticated user. You are unable to select both options within the policy GUI, so if you have a policy that needs to apply to both groups of users, you need to define the policy twice. If, for example, you want to have both groups running antivirus software, but then only authenticated users to have a specific registry key in place.
In a Trend Micro NAC deployment, groups are defined based on physical interface, IP address, MAC address, or virtual-LAN assignment. NAC policies are based on these VirusWall-specific groups, not a user’s group as defined in Active Directory, which is a management drawback
To perform endpoint assessments, VirusWall uses an agent to perform integrity scans. The agent is either a persistent one or an ActiveX-dissolvable one. Trend Micros’s persistent agents are deployed through standard remote-logon processes, which may not always function if the endpoint device is running a firewall. The dissolvable agents are distributed over HTTP.
Minimal information is reported about from the endpoint – only user information and IP and MAC addresses. In addition to assessing a client’s status upon entry to the network, ongoing assessments can be configured as needed
Rss FeedRss Feed
The Leader in Network Knowledge
Comment