Network Access Control (NAC)
Identity-based NAC with IPS and SIEM Integration
Product Overview
Enterasys Network Access Control (NAC) is a complete standards-based, multi-vendor
interoperable pre-connect and post-connect Network Access Control solution for wired and
wireless LAN and VPN users. Using Enterasys NAC Inline Controller, NAC Out-of-Band Gateway
appliances and/or NAC Out-of-Band Gateway Virtual Appliance with NMS NAC Manager
configuration and reporting software, IT administrators can deploy a leading-edge NAC solution
to ensure only the right users have access to the right information from the right place at the
right time. Enterasys NAC is tightly integrated with the Enterasys Intrusion Prevention System
(IPS) and Enterasys Security Information and Event Manager (SIEM) and Enterasys Network
Management Suite (NMS) Automated Security Manager to deliver best-in-class post-connect
access control.
The Enterasys NAC advantage is business-oriented visibility and control over individual users and
applications in multi-vendor infrastructures. NAC protects existing infrastructure investments
since it does not require the deployment of new switching hardware or that agents be installed on
all end systems. Enterasys NAC performs multi-user, multi-method authentication, vulnerability
assessment and assisted remediation. It offers the flexibility to choose whether or not to restrict
access for guests/contractors to public Internet services only—and how to handle authenticated
internal users/devices that do not pass the security posture assessment. Businesses have the
flexibility to balance user productivity and security. The NAC assessment warning capability
alerts users that they need to upgrade their system but can allow a grace period before they are
quarantined.
Enterasys NAC policies permit, deny, prioritize, rate-limit, tag, re-direct, and audit network
traffic based on user identity, time and location, device type, and other environmental variables.
Enterasys NAC supports RFC 3580 port and VLAN-based quarantine for Enterasys and third-
party switches, plus more powerful isolation policies (which prevent compromised endpoints from
Benefits
Business Alignment
• Protect corporate data by proactively
preventing unauthorized users,
compromised endpoints, and other
vulnerable systems from network access
• Effectively balance security and availability
for users, contractors and guests
• Proactively control the security posture of
all devices on the network
• Efficiently address regulatory compliance
requirements
Operational Efficiency
• Leverage existing assessment servers,
authentication servers, software agents
and identity sources avoiding forklift
upgrades
• Enable business staff to easily sponsor
guests and validate guest registration
• Protect physical and virtualized
environments with flexible deployment
options including appliances and virtual
appliances
Security
• Enable the strongest security with fine
grained access control based on user,
device, time, location and
authentication type
• Assess end systems of any type for
vulnerabilities or threats with agent-based
or agent-less assessment including third
party tools
• Automate endpoint isolation, quarantine
and remediation, plus ongoing threat
analysis, prevention, and containment
Service and Support
• Industry-leading first call resolution rates
and customer satisfaction rates
• Personalized services, including site surveys,
network design, installation and training
Complete solution featuring in-
line, out-of-band appliances and
virtual out-of-band appliance
Open, standards-based
architecture and open APIs
Comprehensive dashboard
reporting and advanced
notification engine
Managed guest access control
with sponsorship
Unified policy management
in heterogeneous wired and
wireless environments
There is nothing more important
than our customers.
DATASHEET
Komentáře k této Příručce