Enterasys Networks Inc, the secure networks company, today announced new integrated endpoint assessment capabilities for the Enterasys Network Access Control (NAC) in-line and out-of-band appliances, and embedded switch modules that enable enterprises to ensure only the right users have access to the right information from the right place at the right time. The agent-based or agent-less assessment offers deployment flexibility while determining health posture scoring for laptops, desktops, servers, printers, phones, copiers, cameras, etc aligned with industry standardisation efforts. Interoperability has been proven with Microsoft NAP and the Trusted Computing Group's TNC.
“For organisations to truly exploit the potential of NAC deployments, vendors need to support a broad set of network infrastructure and threat protection devices,” said Paula Musich, Senior Analyst, Enterprise Security, Current Analysis. “NAC offerings need to interoperate in heterogeneous networking environments by providing endpoint assessment, enforcement across all leading switches and routers, and containing threats detected by multi-vendor intrusion detection/prevention systems.”
The Enterasys NAC Controller and NAC Gateway are upgradable, allowing assessment to be integrated onto a single appliance with the other NAC functions for discovery, authentication, authorisation and remediation. Enterasys NAC works with multiple assessment servers, authentication servers and security software agents to match the needs of different organisations who may have already deployed assessment technology from Check Point, eEye, Microsoft, Symantec and Tenable. The Enterasys agent-less assessment scans for the SANS Top 20 vulnerabilities as well as hundreds of other operating system and application vulnerabilities, while the endpoint agent scans for anti-virus and firewall status along with operating system patches and peer-to-peer file sharing applications. The agent can also look for any process or registry entry and automatically remediate.
“As NAC evolves, it is clear that NAC is a feature of the infrastructure rather than a separate market,” said Trent Waterhouse, Enterasys VP Marketing. “Our 25-year track record of innovation, experienced support and open-architecture interoperability, coupled with our security and management software expertise, enables us to deliver a NAC solution that is cost-effective, practical, and achievable to deliver rapid time to value.”
Enterasys has shipped over 30 million switch ports capable of supporting Enterasys NAC with integrated management visibility and control of pre-connect and post-connect behaviour. Enterasys NAC avoids forklift upgrades by integrating with existing wired/wireless network connectivity for Layer 2, Layer 3 and VPN environments.
The new Enterasys NAC offerings are tightly integrated with Enterasys Dragon advanced security applications for intrusion prevention, network behavioural analysis and security information management to deliver best-in-class post-connect access control. The latest Enterasys NetSight NAC Manager configuration and reporting software offers centralised visibility and control with distributed policy enforcement to manage the networked infrastructure holistically rather than box-by-box.
The Enterasys NAC IP-to-ID Mapping feature delivers a real-time view of who and what is connected where on the network by binding together the user name, IP Address, MAC address and physical port of each endpoint - a key requirement for auditing and forensics. IP-to-ID Mapping leverages Kerberos snooping, RADIUS proxy and IP traffic observation techniques which are used by NetSight Automated Security Manager to implement distributed intrusion prevention; and by Dragon Security Command Console to pinpoint within seconds a threat source location for containment and remediation.
The Enterasys NAC advantage is business-oriented granular visibility and control over individual users, devices and applications. Enterasys NAC policies permit, deny, prioritise, rate-limit, tag, re-direct and audit network traffic based on user identity, time and location, device type and other environmental variables. Enterasys NAC supports RFC 3580 port and VLAN-based quarantine for Enterasys and third-party switches, plus more powerful Secure Networks isolation policies on Enterasys switches, which among other benefits, prevent compromised endpoints from launching attacks on other quarantined endpoints while in the quarantine state. Phased deployment options enable organisations to start with simple endpoint detection and location directory information, add authentication/authorisation and/or assessment, and then automate remediation.
Share
Enterasys Networks
Enterasys is part of a joint venture with Siemens Enterprise Communications led by The Gores Group, LLC. The joint venture is a multi-billion dollar provider of hardware, software, and services to deliver service-oriented networks that enable service-oriented applications in a mobile and secure manner. Enterasys delivers Secure Networks that ensure the confidentiality, integrity, and availability of IT services and the business users that rely on them - without sacrificing performance. Thousands of enterprises, government agencies and educational institutions in more than 70 countries worldwide rely on our convergence, compliance and connectivity solutions to deliver business-oriented, identity-based visibility and control of individual user and application priority and security. The company's culture is centred on the principle, "There is nothing more important than our customers." Enterasys' standards-based, open-architecture approach to network security offers a long technology lifecycle and significant operational and business benefits, while reducing total cost of ownership. Information about Enterasys' award winning, policy-enabled switches, routers, wireless products, security software and services is available at http://www.enterasys.com.