| Dennis Boas: | First, we really listen to our customers. We take into account their fears, needs and requirements as we build and enhance our NAC solution. We hear that this approach contrasts dramatically from other networking vendors. Second, I’d say that our longevity in the network security business gives us an advantage. Many of our new NAC users are long-time Enterasys infrastructure customers who decide to give this technology a try, and then go for the whole solution. Once they have it, they don’t want to go back to the old days of network vulnerability. With customers who’ve never used our products before, including customers who come to us from competing networking vendors, they really like the value and total cost of ownership. Interoperability is a big selling point for them. Our NAC architecture was among the first to provide a number of now generally expected features, such as role-based control for granting network access, and guest access control that is unified across wired and wireless networks. Quite simply, we built a solution that accurately reflects our customers’ needs, instead of building a product and telling them, "This is the way it’s done." |
According to Enterasys, the architecture enables network usage policies for users and devices to be established centrally and enforced throughout the network environment. These policies for network communication enable an IT organization to ensure the overall integrity of data communications and to restrict and isolate communications from un-trusted and dangerous end systems and users. Policies can be applied to communication from any type of end system connecting to the network: 11. How do you define a complete NAC solution?
| Dennis Boas: | A complete NAC solution must deliver comprehensive functionality, end-to-end, for both out-of-band and in-line deployment options, agent-based or agent-less endpoint baselining, and integration with other network security products such as intrusion prevention, network behavioral analysis and security information and event management (SIEM) for post connect behavioral analysis and audit. The Enterasys NAC architecture integrates with any vendor’s network equipment that also supports industry standards. Enterasys NAC is centrally managed for ease of configuration and management. |
12. How is Enterasys NAC managed?
| Dennis Boas: | NAC management needs to be simple, or the NAC solution itself will be useless. What good is all of this technology if your administrators struggle to monitor it every day? We work with companies who have a very small IT operations staff- sometimes a handful of people. They can’t allocate people to spend hours taking special classes, or trying to troubleshoot their solution - they just want to plug it in and know that it’s going to work. Our NMS NAC Manager software provides secure policy-based NAC management. From one centralized location, IT staff can configure and control the NAC solution, simplifying deployment and ongoing administration. Enterasys NAC offers advanced capabilities such as the IP-to-ID Mapping capability that binds together the username, IP Address and MAC address and physical port of each endpoint. NMS NAC Manager reports this important information for audit or forensics analysis. One of Enterasys’ large university customers is gaining huge benefits using NMS NAC Manager with NMS Policy Manager. When combined with Policy Manager, NAC enables "one click" enforcement of role-based policies. NAC with Policy Manager enables organizations to address deployment worries with Policy Manager’s Active/Passive domain mode. This allows policies to be set up in a passive mode that does not enforce the policy, but does report on how the policy would work. This is a great for testing policies prior to enforcing them on the network. |
13. How does NAC help administrators with compliance reporting?
| Dennis Boas: | We find customers often implement NAC to address compliance requirements, especially in highly regulated environments like healthcare, financial services and government. NAC can quickly view the state of the network environment and provide IT administrators the information they need: who and what is attaching to the network; where and at what time the devices are connecting; whether the devices are safe and secure, and whether the users of the devices pose any threat to the network environment. We believe that the network is more secure with the most fine-grained control over who gets on, when and from where. Enterasys NAC maintains a comprehensive set of critical data that can be leveraged to quickly determine network usage and the treats and vulnerabilities posed by end systems of any type. Another important aspect of Enterasys NAC is the ability to look at historical data on any end system. The Enterasys NAC solution can report on not only where an end system is connected currently, but also where it has been connected in the past, as well as who was using the end system and whether or not it was in compliance at the time. |
14. This all sounds great, but what are we really talking about in terms of investment? What equipment must be purchased, installed and maintained?
| Dennis Boas: | The "total forklift" deployment approach, understandably, strikes fear in the heart of the administrator for a number of reasons, including first and foremost, cost. The network operations customers we deal with also have to answer to their CFO on maximizing current infrastructure, so a NAC deployment that requires ripping out existing gear usually won’t get the green light – and that’s true whether the economy is good or in flux. Enterasys NAC leverages the equipment and expertise that already exist in the enterprise’s infrastructure. We do not require a total network upgrade in order for it to work. Customers avoid the extra expense associated from vendors who try to lock them in to their products. Enterasys NAC works with multiple assessment servers, authentication servers and security software agents to match the needs of different organizations. Enterasys NAC leverages existing identity sources enabling users to be centrally managed in an enterprises identity management system. |
15. What is the future for NAC as a technology, and for Enterasys NAC?
| Dennis Boas: | When you have a solution that knows who or what is trying to connect to the network, from where and when, plus management applications that can apply policy and take actions – there are a lot of problems that can be addressed. Those original barriers to NAC entry are being removed, and our revenue growth bears that out. People who see limited futures for NAC are demonstrating a lack of imagination. Enterasys, now part of Siemens Enterprise Communications Group, a Gores Group company, sees tremendous opportunity. For example, we are moving to completely abstract policy across multiple third party device vendors to further reduce operational and implementation costs. We’re developing solutions for NAC integrated with voice over IP (VoIP) servers. Think about it. Enterasys NAC can know the exact locations of every phone – the port, the switch the Mac address. With this information NAC can automatically add the location information to the VoIP server, eliminating all the tedious manual effort this requires today. Moves, adds and changes all done automatically! With this information supplied to Enterasys NAC Manager – specific templates can be downloaded. For example, help desk phones can automatically have their own set of speed dials. Enterasys is doing this with our customers today. |
Why do you think the Enterasys NAC solution is doing so well? BradReese.Com Cisco Refurbished - Services that protect, maintain and optimize Cisco hardware Contact: Brad Reese | Twitter: http://twitter.com/BradReese
- New NTIA administrator owned Cisco stock when Cisco granted coveted NTIA Buy American exemption
- New worldwide Cisco CCIE count surpasses historic 20K milestone
- Average tenure of a senior Cisco executive is 11.5 years
- It appears Agito Networks has surpassed competitors on mobile handset technology
- Cisco selling refurbished Linksys directly to end users
- Will Liquid Computing pour cold water over Cisco's ambitious unified computing system?
- New Apple iPhone 3G S will kill the Cisco Flip video camera
- How to reduce the high cost of T1 service
- New Cisco tool for those who don't know or use binary math
- Comment from Network World reader removes Cisco SVP Judy Lin's face from Cisco's Mount Rushmore of senior executive biographies
- Executive who outsourced U.S. jobs to India appears to be leaving Cisco
- Cisco SEC filing: Unable to reasonably estimate a range of loss, if any for Cisco Brazilian subsidiary
- Cisco may invest more than $500M in new data center located near Dallas, Texas
- Director-class switch dustup between Brocade and Cisco over Miercom lab test results
- Robert Lloyd, most likely successor to Cisco CEO John Chambers goads channel partners to wallop HP ProCurve
- Cisco loses $1M AT&T Park deal to pip-squeak competitor ShoreTel
- 4 key points on broadband stimulus money
- Has EMC rustled Data Domain away from NetApp, HP and Cisco?
- Judge calls bluff made by HP's new networking boss!
- View Brad Reese on Cisco Story Archives