Network Access Control (NAC) helps enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce compliance with security and patch management policies, among other controls.
NAC is an effort to create order out of the chaos of connections from within and outside the organization. Personnel, customers, consultants, contractors and guests all need some level of access. In some cases, it is from within the campus and at other times access is remote. Adding to the complexity are bring your own device (BYOD) policies, the prevalence of smartphones and tablets, and the rise of the Internet of Things (IoT).
According to Gartner, the minimum capabilities of NAC are:
- Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints
- Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access
- Access control so you can block, quarantine or grant varying degrees of access.
- The ability to manage guest access
- A profiling engine to discover, identify and monitor endpoints
- Some method of easy integration with other security applications and components
Impluse SafeConnect offers automatic device discovery and can support anywhere from 250 to 25,000 endpoints and up with its scalable appliance architecture. The company started in education and has expanded to government and corporate markets.
Get an in-depth look at Impulse SafeConnect.
Extreme Networks ExtremeControl
ExtremeControl is popular with education, entertainment, hospitality and healthcare customers and can scale to 200,000 endpoints. It offers a rule-based architecture to automate access based on use cases.
Get an in-depth look at Extreme Networks ExtremeControl.
Auconet BICS offers network monitoring, asset management and other functions in addition to NAC. It plays well in large, complex implementations, with up to 60,000 devices identified per hour with 100% device discovery and implementations of more than 500,000 ports.
Get an in-depth look at Auconet BICS.
CounterACT plays well in regulated environments such as defense, finance, healthcare and retail. The company boasts implementations of more than a million endpoints, and the technology can protect medical devices too.
Get an in-depth look at ForeScout CounterACT.
Pulse Policy Secure
Pulse Policy Secure supports up to 50,000 concurrent users in multi-vendor environments. It offers automatic deployment and threat intelligence options.
Get an in-depth look at Pulse Policy Secure.
HPE Aruba ClearPass
ClearPass is especially suited for high-volume authentication environments, offering more than 10 million authentications a day, as well as distributed environments requiring local authentication survivability across multiple geographies.
Get an in-depth look at HPE Aruba ClearPass.
Bradford Networks' Network Sentry
Network Sentry supports more than 1,500 networking devices and automatically contains compromised devices. It integrates with endpoint security, firewall and threat detection solutions.
Get an in-depth look at Bradford Networks.
Cisco Identity Services Engine
Services Engine supports up to 500,000 concurrent sessions and 1.5 million endpoints per deployment. It offers adaptive intelligence engines, automated detection and response, and machine learning.
Get an in-depth look at Cisco Identity Services Engine.
InfoExpress CyberGatekeeper automates discovery and audits devices before granting network access. It is popular with educational clients; one uses it to cover 100,000 users across 200 campuses.
Get an in-depth look at InfoExpress CyberGatekeeper.