Sophos NAC Advanced
July 01, 2008
£8.50 per user per year for 1,000 seats (minimum three-year contract)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: An elegant solution that does not place undue burden on administrators
- Weaknesses: The per-seat pricing may make the cost prohibitive for some
- Verdict: Recommended for its great balance between ease of use and security, plus free lifetime support
The Sophos NAC Advanced product is a well-designed offering that balances the need for ease of administration with network protection. It uses a Windows 2003 Server with SQL installed as a platform for the software-based offering. There are two modes for network access control. First is an agent-based install where a client is loaded onto each machine. The second method uses a web browser and an Active-x control. Regardless of whether the client uses the dissolvable (web) agent or the software agent, the policy is pulled from the Sophos configuration interface residing on the Windows 2003 server.
Setting up policies is quite easy. A sample policy might require Windows XP to have Service Pack 2 installed with all of the associated hot fixes, the Sophos anti-virus 6 running, and with updated DAT files, plus the Sophos personal firewall installed and running. If the client fails to meet those criteria, the machine can be placed in either a partially compliant state or, if more controls are missing, in a non-compliant state.
Sophos NAC Advanced has three methods for enforcing the network policy should a device be placed into a non-compliant state. The first is to work with a Microsoft or Lucent DHCP server to assign an address that only allows the client to have access to the remediation server and the internet. The second option is to use 802.1x to assign the non-compliant machine to a VLAN, which places the machine in quarantine. The final option is to work with the Cisco NAC platform to further restrict access.
Sophos includes round-the-clock support to all users at no additional charge. There are extended fee-based options - premium and platinum. These offerings include direct access to an engineer during software upgrades. Assistance can be obtained through phone, web and email.
The pricing for the Sophos NAC Advanced is based on per-seat licensing. This places the Sophos offering in the middle to upper range of products in this review, but when free lifetime support is taken into account, the offering is very affordable.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report