StillSecure provides flexible NAC with SafeAccess

StillSecure Safe Access

Cost: Pricing starts at $20 per IP address

Score: 3.83

StillSecure Safe Access is an appliance that can be deployed in three scenarios – as part of an 802.1X authentication scheme, sitting in-line or working in conjunction with DHCP server. In the last scenario, which is sometimes the only option for an organization based on infrastructure limitations, is when SafeAccess performs an endpoint assessment before the DHCP server gives the endpoint an IP address and provides network access. The drawback with DHCP is that a static IP addresses can bypass the endpoint-assessment process.

For testing, we deployed Safe Access in-line between the access and distribution layer of our test network.

Guest access is handled by StillSecure using a captive Web portal. When the guest users try to gain network access through the portal, an Active X agent is pushed out to the unknown machine to perform the system assessment. Managed systems can have a persistent agent installed on the system or be assessed agentlessly (remotely) using administrator credentials provided to the Safe Access system.

User authentication can occur against a Lightweight Directory Access Protocol store or relational-database management system. For testing, we configured Safe Access to integrate with our LDAP-based Active Directory server, which worked fine, requiring only that we enter the username/password to access the directory and the base distinguished name search for our directory.

StillSecure’s authorization is based on groups defined by physical items, such as IP address or domain name. In this process you define which endpoint-assessment policies are run against which devices. You use the general-management GUI to create an access policy and then map the endpoint checks to be performed against a device group. With StillSecure, there is no means to set up authorization based on users’ roles as there are in most other products tested.

Device-based access works well when you have a diverse population of users with the same endpoint-security requirements. User-based access works best when you have specific security requirements for a user’s role, and they could be using different endpoint systems.

The information collected about any machine coming onto the network is just username as well as MAC and IP addresses, which is an average amount of data collected by the devices tested.

For endpoint assessment, StillSecure supports the top-tier antivirus providers as well as second-tier ones, including Avast, Panda and ClamWin. On its natively supported list of personal firewalls are ISS, Tiny Personal Firewall and ZoneAlarm. It can also check for critical patches for the Windows operating system and key applications, such as Microsoft Office.

Full vulnerability assessment is not supported, but a few checks for critical malicious or unwanted software, such as Blaster and BitTorrent, are available. The agent checked all and functioned as expected in our tests. It had only the smallest impact on the client system, with client CPU use never increasing more than 5%.

While the initial checks are run before the client is allowed on the network, IT administrators can set a retest for any endpoint check to occur any frequency.

A few custom checks, such as which operating system services are allowed or denied, can be set out of the box These custom checks are set using the management GUI. You can specify whether a service is allowed or not. More advanced custom checks are created in StillSecure’s Python-based process. For example, you would use the latter to write a check to make sure a specific process is running or that a file is or is not present. As is the case with the custom checks written for the ForeScout product, while this provides a high level of flexibility, not all organizations may have the skills in-house.

StillSecure does not support a general vulnerability-scanning mechanism, nor does it have the ability to identify a system that was infected other than for the very small subset of active infections as noted above.

One of the more potentially interesting features of Safe Access is its Enterprise Integration Framework (EIF), which comprises a set of APIs that an IT organization can use to integrate homegrown or third-party applications with Safe Access. This allows you to integrate additional data, such as intrusion-detection (IDS) or intrusion-prevention (IPS) alerts or ticketing systems. Right now the only application that uses EIF is StillSecure’s IDS/IPS, but the company says it’s actively pursuing other third-party support. This is very similar to what McAfee is doing and it, too, is leading off its list of supported third-party applications with its own IPS system.

Enforcement options include quarantine virtual LANs, Web links directing users to sites for more information or software downloads for self-remediation, and integration with tools such as

Learn more about this topic

Buyer's Guide: Network Access Control

Open-source security platform debuts

04/02/07

A better NAC plan than Cisco?

09/11/06

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.