Network Access Control (NAC) is a technology that grants access to enterprise network resources after first authorizing the user and device and verifying device compliance with the enterprise’s security policy. The network switch or VPN gateway forces authentication and perfoms a posture check prior to granting access. StormShield provides both client-side NAC and interoperability with NAC-enabled networks.

Endpoint-NAC is a pure software solution which does not require changes be made to any element of the network infrastructure; it ensures that end-user devices are in compliance with security policies before they are allowed to enter the network. Access is determined based on a health and policy compliance check that is persistent on the endpoint, regardless of network location. Only healthy devices are allowed access; if the PC is determined to be non-compliant, it can be instructed to disconnect itself from the network, or can be denied access to certain network resources. Remediation can be handled automatically; for example, if antivirus, anti-spyware, or operating system patches are out-of-date, the system may remedy the situation by automatically downloading the necessary software upgrades.

Endpoint-NAC also allows administrators to tailor access based on context, including connection types, user roles, or system identifications – most of which can be obtained by StormShield’s integration with your organization’s ActiveDirectory implementation. As a result, the enterprise is protected from device-introduced threats without large-scale infrastructure changes.

For enterprises with more stringent security requirements or with NAC infrastructures already in place, StormShield’s endpoint-NAC is interoperable with a variety of NAC-enabled networks, including Juniper UAC, Microsoft NAP, and Cisco NAC. StormShield’s endpoint-NAC controls supplement these vendors’ NAC agents in order to provide an in-depth view into the endpoint’s state and health. StormShield’s endpoint-NAC controls can also work in conjunction with VPN access control; interoperability is provided with most VPN vendors, such as Juniper, F5 or SonicWALL.

SkyRecon’s NAC allows you to:

• Enforce persistent endpoint system health and policy regardless of endpoint location
• Check active processes, such as antivirus and antispyware
• Check signatures and patch updates
• Achieve NAC-level security without infrastructure changes
• Ensure compliance with industry regulations
• Ensure compliance with organizational policies
• Create context-aware policies based on users, connection types, or system IDs
• Maintain compatibility with heterogeneous infrastructure
• Achieve two-layer NAC protection with network-level and device-level protection