In developing a NAC strategy, enterprises also need to consider the ease of deployment for managed and unmanaged users (guests, contractors, business partners, etc.). The ability to have a single approach for both types of users that can be quickly rolled out without the requirement of agent software on endpoints can translate to significant operational cost savings.
At Nevis Networks, we recognize that traditional NAC is a building block in deployment of a strategy to fully protect users, endpoints, and the network infrastructure from threats to data confidentiality, integrity and availability. Verification of endpoint client security software is an important first step, but additional capabilities are required to prevent unauthorized access attempts by users, to protect the endpoint from network-borne attacks, and to control and contain threats introduced by endpoints that expose network assets and disrupt availability. Nevis’ LAN enforcer solution provides identity-driven LAN security by delivering comprehensive and continuous NAC functionality. Specifically, the solution offers:
- Automatic, clientless endpoint security audit (posture check) before allowing network access; quarantine and deny access if device fails
- Role-based user, network and application access control
- Identity based stateful firewall with Application Layer Gateway (ALG) functionality
- Wirespeed signature based IPS and Anomaly Detection to quarantine all forms of malware
All Nevis solutions provide easy integration to existing network infrastructures and services (switches, routers, AAA, directory services, VLANs etc.) without requiring configuration changes or upgrades. To learn more about NAC, its role in a secure LAN, and Nevis’ NAC solution, please see our white paper: “NAC –The First Line of LAN Security Defense”