McAfee Network Access Control
September 01, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: In-band and out-of-band, great guest user options, fully featured, very flexible and provides numerous policy options
- Weaknesses: Pricey and requires ePolicy Orchestrator add-on if you do not have a McAfee security architecture currently deployed
- Verdict: Strong platform. Recommended
McAfee Network Access Control provides access security by detecting and assessing managed systems on your network. It enforces access to resources based on a system's health level or by detecting and assessing unmanaged systems on your network.
The components of the solution include the server, part of ePolicy Orchestrator and the agents. A persistent agent is available for managed endpoints and a guest client agent is available for unmanaged endpoints.
The documentation we were provided with did not cover the implementation of the appliance so we cannot comment on the level of effort required to get it out of the box and into a usable state on the network. The user interface we did see during the demonstration was very powerful and mature.
The product supports both an in-band and out-of-band capability. The in-band capabilities can be delivered via inline DHCP or health check and/or authentication. The out-of-band feature is handled through VLAN steering. McAfee's ability to support multiple VLANs per host was a decent feature, giving you a lot of policy flexibility.
McAfee NAC can provide user identity-based access control by mapping a user to a specific network access policy. Its Network Security Manager can be configured to derive roles for users from one or more Active Directory sources, Radius servers, DHCP servers or 802.1X enabled infrastructure.
To support enforcement for unmanaged systems, you can combine the NAC solution with McAfee Network Security Platform or with Microsoft Network Access Protection. An unmanaged system can be assessed only by the downloadable guest client.
Canned reports are available and you can also create customs reports.
Basic support is provided and includes 24/7 access to resources. There are a variety of upgrade support options available for a fee.
McAfee NAC is available in two forms: as an appliance for £14,478; or as an optional software NAC add-on to the McAfee Intrusion Prevention System for £2,300 for 100Mbps IPS up to £23,800 for 5Gbps IPS.
This is a fully featured offering that provides you with all of the tools you need to validate that your endpoints are in compliance with your policies.