Review

Review: Portnox, Extreme lead NAC pack

Network World |

1 2 3 Page 3
Page 3 of 3

Our tests consisted of adding new endpoint devices of different vintages (such as Windows XP, and old iPhones and Macs running older OS X versions) and using both physical and virtual machines. We then observed what was reported to each NAC, and created and modified policies to force various actions such as quarantining or allowing the device to connect on a limited-access guest network. Under each individual review we note the differences in the actual test network setup.

We scored each product on three metrics:

1)    Endpoint detection

The core of any NAC product is the ability to detect when something is wrong. We looked at the following sample use cases:

  • Can the NAC check for a second (or third) network interface on each endpoint? Can it determine that all interfaces belong to the same endpoint?
  • Can the NAC see who has local admin rights on each endpoint?
  • What happens when a rogue wireless access point connects to your enterprise network?
  • Can the NAC detect when a user brings their personal laptop to work? Does this guest get assigned to the appropriate limited-access network?
  • Does the NAC account for a non-PC endpoint, such as a print server?

2) Reports and auditing

Next, we looked at the usefulness of various logs, auditing tools and reports from each product. We were looking at outright reporting errors, such as misidentifying a machine with the wrong OS, or providing too much or too little information to be actionable. We were also looking for how an enterprise could use these reports for compliance purposes.

3)    Policy creation and management

The last aspect was how easy it was to create and modify policies that focused on both devices and particular end users and how the NAC works with existing security infrastructure such as anti-malware and firewalls. As part of this we looked at ease of installation and configuration. We assumed that these products would be installed in larger networks of several hundred nodes.

Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.

This story, "Review: Portnox, Extreme lead NAC pack " was originally published by Network World.

Related:

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld and other publications. He can be reached through his web site, or on Twitter @dstrom.

Copyright © 2015 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon