Enterasys Network Access Control (NAC) is a complete standards-based, multi-vendor interoperable pre-connect and post-connect Network Access Control solution for wired and wireless LAN and VPN users. Using Enterasys NAC Inline Controller and/or NAC Out-of-Band Gateway appliances with NMS NAC Manager configuration and reporting software, IT administrators can deploy a leading-edge NAC solution to ensure only the right users have access to the right information from the right place at the right time. Enterasys NAC is tightly integrated with the Enterasys Intrusion Prevention System (IPS) and Enterasys Security Information and Event Manager (SIEM) to deliver best-in-class post-connect access control.
The Enterasys NAC advantage is business-oriented visibility and control over individual users and applications in multi-vendor infrastructures. Enterasys NAC performs multi-user, multi-method authentication, vulnerability assessment and assisted remediation. It offers the flexibility to choose whether or not to restrict access for guests/contractors to public Internet services only - and how to handle authenticated internal users/devices that do not pass the security posture assessment.
Enterasys NAC policies permit, deny, prioritize, rate-limit, tag, re-direct, and audit network traffic based on user identity, time and location, device type, and other environmental variables. Enterasys NAC is adaptable to any device using RADIUS for authorization with configurable RADIUS attributes such as Login-LAT or Filter ID. The solution offers unmatched interoperability, provides the widest number of authentication options, and supports Layer 2, Layer 3 and VPN access technologies.
Enterasys NAC enables the homogeneous configuration of policies across multiple switch and wireless access point vendors. This capability significantly reduces the burden of policy lifecycle management and eases NAC deployment in wired and wireless heterogeneous infrastructures.
In an identity-aware network a user's capabilities are controlled based on the user's identity and the access policies attributed to the user. Enterasys NAC provides user identity functionality including discovery, authentication and role based access controls. Users are managed centrally in the identity system for the network and all connected applications. The process of managing the user's lifecycle can be automated and linked to other business processes with LDAP and RADIUS integration. Users can be automatically added or deleted when they join or leave the organization. Enterasys identity-aware networking capabilities provide stronger network security and lower operational cost.
Endpoint baselining and monitoring
All end systems in the network infrastructure should be incorporated in the network access control system for control to be most effective. Enterasys NAC provides agent-based or agent-less endpoint assessment capabilities to determine the security posture of connecting devices. Enterasys NAC, aligned with industry standards, works with multiple assessment servers, authentication servers and security software agents to match the needs of organizations who may have existing assessment technology. The agent-less capability does not require the installation of a software security agent on the end system and is typically used for end systems such as guest PCs, IP phones, IP cameras or printers. The Enterasys agent-less assessment scans for operating system and application vulnerabilities. The endpoint agent scans for anti-virus status, firewall status, operating system patches and peer-to-peer file sharing applications. The agent can look for any process or registry entry and automatically remediate. This combination of agent and agent-less capabilities in the Enterasys NAC solution enables more efficient management and reporting.
Notifications and reportingProduct Highlights
The advanced notification engine in Enterasys NAC provides comprehensive functionality and integrates with the workflows of other alerting tools already in place. Enterprises can leverage and extend their existing automated processes to further reduce operational costs. Notifications occur for end-system state changes, guest registration and end-system health results. Notification is delivered through traps, syslog, email or web service. The notification engine has the ability to run a program triggered by a notification event. NAC provides easy-to-use dashboards and detailed views of the health of the end systems attached or trying to attach to the network. Analysts responsible for monitoring end-system compliance can easily tailor the views to present the information in their preferred format. The reports can be generated as PDF files.
In The Box
- Protect corporate data by proactively preventing unauthorized users, compromised endpoints, and other vulnerable systems from network access
- Effectively balance security and availability for users, contractors and guests
- Proactively control the security posture of all devices on the network
- Efficiently address regulatory compliance requirements
- Gain IT efficiency
- Enable business staff to easily sponsor guests and validate guest registration
- Enable the strongest security with fine grained access control based on user, device, time, location and authentication type
- Assess end systems of any type for vulnerabilities or threats with agent-based or agent-less assessment
- Automate endpoint isolation, quarantine and remediation, plus ongoing threat analysis, prevention, and containment
- Enterasys NAC Gateway
- Rack mounting kit