NetClarity's EasyNAC Micro touts among its virtues that it requires no agent on end devices and infrastructure upgrades are unnecessary. The small device is meant to help battle the cost of pushing NAC to all corporate sites and reduce clutter in small-office wiring closets where space is at a premium.
The NetClarity device can be attached anywhere on a network, such as a span port on a switch. The company has not announced details of when or how it will shut down the product line or wind down support for it.
If it finds machines that violate policies, it can send alerts or block traffic. It can block using virtual LAN assignments to quarantine a device, or invoking firewall rules to isolate a particular machine. The method works with most major firewall vendors' gear, says Gary Miliefsky, CTO of NetClarity.
The appliance can also isolate an end device in concert with routers and the device itself.
Miliefsky won't say exactly how this works but it involves sending a 7kbps stream of traffic that blocks the device from gaining network access.
The appliance interrogates devices as they try to gain network access, probing it with requests to see what comes back as it tries to find malware, spyware, keyloggers and the like. "We can find anything that will answer a request on a port that doesn't look like a standard protocol that belongs there," Miliefsky says.
The first such probe takes about five minutes, and subsequent screenings take less time because the appliance doesn't repeat probes for things it has already looked for, he says. The screening include testing for 17,000 common vulnerabilities and exposures. When it finds one, the appliance can block traffic to vulnerable ports to protect the device until it can be patched, he says.
EasyNac Micro costs US$1,000.