Vendors Getting the NAC At Interop

As the 2006 Interop trade show gets under way in Las Vegas, a dizzying number of networking and security vendors will be rolling out new products and services all week.

On the security side, one of the week's technologies to watch is network access control (NAC). As the usage of corporate networks expands and begins to incorporate new elements such as wireless devices and mobile users, the need to police network gateways is becoming especially crucial.

"Companies are really concerned about mobile users and about adding additional people to their networks; they need to control the network endpoints more than ever," says Kathy Johnson, director of sales for Johnson Consulting, a reseller of security and messaging products in Boston. "We've begun seeing demand for NAC products, and with the expansion of the network boundaries, this is where we need our focus to be."

With the increased number of mobile or remote workers and overlapping wireless and wired networks, companies are finding that positively verifying who is trying to access their data has become a tricky business. "The number of system types is really starting to grow, so you need the ability to look at all of them and offer a lot of flexibility in the access control solutions," says Roger Stegman, product manager for security vendor Enterasys.

Sponsored post

No doubt, the NAC market is a busy one;because the access control problem is so broad, numerous vendors--notably Microsoft and Cisco--have been trying to play the first-to-market game, getting their products out quickly in hopes they can become the de facto standard (read "Fight For Control").

For example,Microsoft has been signing up partners for Network Access Protection (NAP), its own network access alternative that should become fully realized whenever the Longhorn/Vista operating system finally ships. In recent weeks, vendors such as Trapeze Networks and Lockdown Networks have announced support for the NAP program.

Lockdown CEO Brett Helsel says that a software-focused targeting of NAC issues, such as the one Microsoft advocates, will eventually replace the appliance-based approach. "Everything we do is moving toward software," he says. "We'll keep delivering appliances, but I wouldn't be surprised to see everything get built into the network switching infrastructure."

To that end, last week Lockdown announced version 4.2 of its turnkey NAC solution, Lockdown EnforcerT. The solution integrates with Enterasys Networks' Dragon Security Suite and with external security systems, such as IPS devices and patch management systems. It also includes advanced guest registration and support for additional control points and for Mac OSX.

Back to the show--Among the other NAC software solutions that will be showcased at Interop are the Websense Web Security Suite and Web Security Suite-Lockdown Edition, version 6.2; Enterasys Networks' Dragon Network Defense; Identity Engines Ignition 3.0; Highwall Technologies' Highwall EndPoint software; Vernier Networks' next-generation NAC solution; and Wiresoft's Sentry Security Platform (SSP). Also, the Trusted Computing Group will release three new specifications for its TNC architecture for integrity-based network access control.

Until the eventual migration to primarily software-based NAC solutions takes hold, NAC appliances still will be very much in demand. Here's a sampling of the devices that vendors will be demonstrating this week in Las Vegas. (Pricing was unavailable except where indicated.)

NEXT: From Trend Micro and Enterasys

Vendor: Trend Micro
Product: Network VirusWall Enforcer

Features: This second-generation enterprise-class NAC appliance ensures that all devices comply with security policies before they're granted access to corporate networks. Enforcer integrates NAC functionality with antiworm capabilities and automates the entire NAC flow using agentless remediation. Optimized for large enterprise networks, Enforcer scans devices for security software, critical patches and current updates. It evaluates the security profile of networked devices and then administers precise security policies automatically. Noncompliant devices are quarantined and undergo automatic remediation. Once a device is cleaned and meets corporate security requirements, it is allowed to access the network. Enforcer will ship next month for $24,995 for a 1,000-user license, and is also is available in 250-, 500-, 2,500- and 4,000-user licenses at prices that vary by user count.

Vendor: Enterasys Networks
Product: Enterasys Sentinel

Features: Sentinel is a federated solution for location-based network-access control. An agentless, network-based solution, Sentinel provides enterprises with proactive assessment, authentication and assisted remediation of both user and machine-centric endpoints. The agentless approach reduces the time and cost of deploying network security by eliminating the need to install and maintain separate software on every PC. It also extends network-access control to a wide range of devices that connect to the enterprise network ranging from environmental systems and building management systems to guest-user workstations.

NEXT: From eTelemetry and Imprivata

Vendor: eTelemetry
Product: Locate network appliance

Features: A finalist in the Network Services and Software category of the Best of Interop Awards competition, Locate automatically and instantly identifies the actual person behind the IP address, adding the "people layer" to today's network systems. The plug-and-play appliance passively analyzes network packets, automatically informing network managers of the exact number of users on the network by name and physical location, switch port, department and phone number. This enables IT managers to focus on optimizing the network instead of wasting time and resources searching for the "who" behind a problem IP address.

Vendor: Imprivata
Product: OneSign Enterprise Network Authentication (ENA)

Features: OneSign ENA is a secure appliance for organizations that need to increase user access security and replace basic Microsoft Windows passwords with a range of strong authentication options. A self-contained solution, OneSign ENA integrates with authentication options including One Time Password (OTP) tokens, proximity cards, smart cards, USB tokens and finger biometrics. Centralized monitoring and reporting tools track activity, such as which users logged in, how and when. This enables organizations to strengthen security policies and enforce regulatory compliance. The appliance also includes integrated management of Digipass two-factor authentication products from VASCO Data Security International, which allows customers to set up, deploy and manage any type of Digipass for online and offline strong network authentication. OneSign ENA will ship this month for $75 per user for a 1,000-user license, including Digipass tokens.

NEXT: From Fortinet and InfoExpress

Vendor: Fortinet
Product: FortiGate-60ADSL

Features: This multi-threat security appliance helps businesses that have ADSL service protect themselves by connecting to their Asymmetric Digital Subscriber Line (ADSL) service from a single security and routing platform. It features dual WAN link support for redundant Internet connections and an integrated four-port switch, giving networked devices a direct connection to the system and eliminating the need for an external hub or switch. The FortiGate-60ADSL appliance supports multiple ADSL standards. ADSL has become a high-demand Internet service option for small businesses and branch office environments because of its broad multimedia and high-speed communication capabilities.

Vendor: InfoExpress
Product: Dynamic NAC (DNAC)

Features: Many NAC vendors have yet to deploy their technologies on a large scale because of its inherent costs and years of implementation associated traditional NAC. To help solve this problem, DNAC offers ease of deployment, granular access control and strong security. It features a peer-to-peer model that uses the endpoints on the network to propagate NAC enforcement through the enterprise, without changing the network.

NEXT: From Anchiva Systems and Secure Computing

Vendor: Anchiva Systems
Product: Anchiva Enterprise Content Security Appliances

Features: These Internet gateway devices help remove spyware, spam and viruses. The Anchiva 2000-X, designed for large enterprises and service providers, scans data at near-gigabit line rates, and features Anchiva's patent-pending technology of optimized, pattern-matching algorithms and ASIC acceleration combined with a high-speed memory bus. The ASICs (application-specific integrated chips) allow the processors' intensive matching functions to be performed at speeds compatible to Gigabit Ethernet networks without fear of network bottlenecks. This enables the appliance to offer a database with a capacity of 1 million signatures that still scans and protect at network speeds. Other appliances are available now for enterprise networks with as few as 200 users for costs beginning at $7,999, including one year of automatic signature updates.

Vendor: Secure Computing
Product: SecureWire identity and access management (IAM) appliance

Features: This access, authentication and compliance hub simplifies and provides secure access management for inside and outside the perimeter by consolidating all policies on a single device, enabling configuration compliance that ensures only properly configured end-point devices can access the network. SecureWire hosts and manages all external access methods, including VPNs, Citrix applications, extranets, Web mail and more; and all internal access methods, including LAN connections, wireless LANs and mainframes. SafeWord strong authentication comes standard with every SecureWire appliance, providing strong, one-time password user authentication. SecureWire also provides native support for Active Directory, LDAP and RADIUS while supporting authenticators such as smart cards, biometric devices and third-party tokens.