- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - Despite the fact that network access control hasn't yet lived up to its initial promise, network access control is very much alive, as evidenced by the fact that 12 vendors participated in our network access control test, including industry leaders Microsoft, HP, Juniper, McAfee, Symantec and Alcatel-Lucent.
We tested each product on the key pieces of any full-strength network access control solution: authentication, access control enforcement and end-point security posture checking. We found 12 great products that were so different in the way they accomplished network access control that it was impossible to do a head-to-head comparison.
We did find products that fell into similar buckets. For example, if you were thinking of buying ForeScout CounterACT, you should also be looking at Trustwave NAC. If you were considering Avenda eTIPS, you definitely want to take a look at Juniper UAC.
Other products worked best if you already have that vendor's gear. HP ProCurve Identity Driven Manager is a great solution — but it really only works well in an HP environment. If you already have Symantec Endpoint Protection suite, you'll find its network access control solution a fantastic complement. Same with McAfee.
If you're looking for products not tied to specific hardware, the list includes Avenda eTIPS, Bradford Network Sentry, ForeScout CounterACT, Microsoft NAP and Trustwave NAC.
And you could certainly make good use of Juniper UAC or Enterasys NAC without any Juniper or Enterasys equipment in your network. Even Cisco's NAC Appliance and Alcatel-Lucent's Safe NAC could work with non-Cisco and non-Alcatel-Lucent switches.
We don't have a final answer on network access control. The product lines are growing and maturing, and many of the hard parts of network access control are moving into infrastructure, including switches, routers, and user operating systems.
But you will always need other pieces to make your network access control solution complete — end-point device profiling, policy management systems, and captive portals are all important parts of a network access control solution that you won't find built into your favorite switch or operating system.
But network access control is beginning to move away from a product and into a technology that you enable within your network, much like other advanced technologies, such as dynamic routing protocols or QoS enforcement.
To help you determine which network access control product is right for you, we sliced and diced our test results two ways – by product and by feature.
And although we don't have a traditional scorecard, we do we have some favorites. Since we're looking at network access control from a security point of view, approaches that leverage 802.1X well seem like good solutions to us. That puts Avenda eTIPS, Enterasys NAC and Juniper UAC on our short list. HP ProCurve Identity Driven Manager is in the same category, but will really only be interesting to HP shops.
Microsoft NAP, which leverages the client built-in to Windows, is an obvious winner, as is any solution that lets us build on what we get for free from Microsoft.