McAfee Network Access Control
September 01, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: In-band and out-of-band, great guest user options, fully featured, very flexible and provides numerous policy options
- Weaknesses: Pricey and requires ePolicy Orchestrator add-on if you do not have a McAfee security architecture currently deployed
- Verdict: Strong platform. Recommended
McAfee Network Access Control provides access security by detecting and assessing managed systems on your network. It enforces access to resources based on a system's health level or by detecting and assessing unmanaged systems on your network.
The components of the solution include the server, part of ePolicy Orchestrator and the agents. A persistent agent is available for managed endpoints and a guest client agent is available for unmanaged endpoints.
The documentation we were provided with did not cover the implementation of the appliance so we cannot comment on the level of effort required to get it out of the box and into a usable state on the network. The user interface we did see during the demonstration was very powerful and mature.
The product supports both an in-band and out-of-band capability. The in-band capabilities can be delivered via inline DHCP or health check and/or authentication. The out-of-band feature is handled through VLAN steering. McAfee's ability to support multiple VLANs per host was a decent feature, giving you a lot of policy flexibility.
McAfee NAC can provide user identity-based access control by mapping a user to a specific network access policy. Its Network Security Manager can be configured to derive roles for users from one or more Active Directory sources, Radius servers, DHCP servers or 802.1X enabled infrastructure.
To support enforcement for unmanaged systems, you can combine the NAC solution with McAfee Network Security Platform or with Microsoft Network Access Protection. An unmanaged system can be assessed only by the downloadable guest client.
Canned reports are available and you can also create customs reports.
Basic support is provided and includes 24/7 access to resources. There are a variety of upgrade support options available for a fee.
McAfee NAC is available in two forms: as an appliance for £14,478; or as an optional software NAC add-on to the McAfee Intrusion Prevention System for £2,300 for 100Mbps IPS up to £23,800 for 5Gbps IPS.
This is a fully featured offering that provides you with all of the tools you need to validate that your endpoints are in compliance with your policies.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- NSA hacking tools used against Cisco customers
- Krebs dropped by Akamai for record DDoS attack, OVH suffers 1100 Gbps DDoS
- WordPress plugin update leads to thousands of sites exposing users to adware
- The Internet of Things, cyber-security and the role of the CIO
- Gov-funded boot camp for cyber-security entrepreneurs graduates first intake
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- Cyber-space wars may require new international regimes
- Google reverses Allo policy, raising ire of privacy groups
- ICYMI: Equation group, Hutzero, Cyber-security unemployment, CEO responsibility and Lord Blunkett
- SC Roundtable: The Threat Landscape
- Swift details measures to increase security of global banking payments network