Juniper Networks Infranet Controller (IC)

Juniper's Unified Access Control (UAC) 2.0 solution for medium to large enterprises and remote and branch offices combines user identity, device security state and network location information to create a unique access control policy for each user. This data is then used to provide real-time visibility and policy control throughout the network. The solution can be enabled at layer 2 using 802.1X, or at layer 3 using an overlay deployment for ease of integration with existing firewalls. UAC 2.0 can also be provisioned in mixed mode, using 802.1X for network admission control and layer 3 for resource access control. The IC 4000 will scale to thousands of concurrent endpoints and can be deployed in cluster pairs for high availability. It also supports TNC, a suite of open standards for network access control developed by the Trusted Computing Group. This means it can be deployed into any 802.1X-enabled infrastructure and will interoperate with any TNC-compliant solution.
Distributed by ChannelWorx and Ingram Micro.
RRP: The Infranet Controller 4000 with 100 simultaneous endpoints is priced from $19,500.

---

Symantec Network Access Control 5.1.5

The Network Access Control (NAC) solution increases security, network availability and regulatory compliance by enabling enterprises to enforce security settings and software running on the hosts connected to their enterprise networks. Support for the widest variety of network equipment, access methods, and protocols in the industry helps organisations maximise ROI by eliminating ties to specific vendors. It blocks or quarantines non-compliant devices from accessing the corporate network and resources. The Host Integrity tests against pre-defined templates such as patch level, service packs, antivirus and personal firewall status, as well as custom-created checks tailored for the enterprise environment. It offers pervasive endpoint coverage for managed and unmanaged laptops, desktops, and servers existing both on and off the corporate network. The product protects the network from dangerous endpoints by enforcing compliance on contact with the enterprise LAN, wireless network, and remote access services.
Distributed by Ingram Micro and Express Data.
RRP: $91.57 (all enforcement: includes license, 12-month maintenance and 24/7 support and all components - Cisco, DHCP, gateway and LAN). Components can be purchased separately.

---

Sophos NAC 3.0

This comprehensive, enterprise-ready NAC software combines powerful assessment and reporting tools with comprehensive policy enforcement capabilities. Its broad enforcement framework protects enterprise networks from the threats posed by rogue, compromised, or misconfigured endpoints. Organisations can ensure security compliance even before users connect to the enterprise network - whether they are logging on by LAN, remote, wired, wireless, managed or unmanaged endpoints. The software overlay framework is vendor-neutral and utilises existing network infrastructures (switches, VPN concentrators, DHCP servers, enterprise user stores). Key functions include pre-defined assessments covering more than 350 security applications and more than 600 OS patches with point-and-click inclusion into policy. It also offers rapid response to new and unforeseen threats using custom application creation and enforcement. The software automatically updates antivirus and anti-spyware applications, enabling administrators to set up a policy once.
Distributed by Sophos.
RRP: $100 per user with 1000 or more users. This includes endpoint agent licenses, policy servers, DHCP and or 802.1X plug-in modules and Sophos NAC Informant for static IP address security enforcement as well as standard support.

---

Insightix NAC

Insightix NAC constantly monitors the network to provide accurate IT infrastructure information and detect in real-time any new device that connects to the network. Based on the wealth of information discovered on all the IT assets and their associated properties - including element type, MAC or IP address, operating system, open services, switch and connected switch port, patch information and more - IT professionals can easily baseline their networks and define an enforceable network access control policy. Any device that does not comply with the access policy is denied connectivity as it attempts to attach itself to the network. It does not require network changes, specialised software and hardware or extended deployment efforts. Using Insightix NAC, users can define and begin enforcing a NAC policy in less then two hours. It enforces the NAC policy on layer 2 of the network, preventing unauthorised devices from connecting and communicating with other elements on the network.
Distributed by Unixpac.
RRP: Entry-level pricing for a small network begins around $7500.

---

Fortinet FortiGate-224B

Fortinet claims its latest offering is a new class of LAN security system combining networking and security functions in a single appliance-type solution. Foundation networking products such as switches and hubs and security systems have, until now, been separate categories and their functions fulfilled by dedicated devices. The FG-224B integrates security functions into a networking device. It not only provides comprehensive protection against external threats, but also from compromised systems that are within the network. The NAC quarantine features include: strict or dynamic modes; client-less port-based quarantine; port-based quarantining; antivirus or IPS signature trigger; quarantine VLAN; administrator defined resource access; manual or dynamic configuration options; and quarantine portal. Other functionality includes redirect Web Request to Internal Portal (client remediation, administrator defined parameters), and user self-remediation.
Distributed by Firewall Systems, Lan 1, and WhiteGold Solutions.
RRP: $5940

---

Cisco NAC Appliance

Formerly Cisco Clean Access, this NAC appliance uses network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Administrators can authenticate, authorise, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles, are compliant with the network's security policies and repairs any vulnerabilities before permitting access. It extends NAC to all network access methods, including access through LANs, remote access gateways, and wireless access points. There is also support for posture assessment for guest users. The appliance evaluates whether machines are compliant with security policies. These can include specific antivirus or anti-spyware software, OS updates, or patches. It also supports policies that vary by user type, device type, or operating system. Distributed by Express Data, Ingram Micro and LAN Systems.
RRP: from $10,551 for a start kit bundle for 100 users.

---