Trustwave NAC v3.6.0
September 01, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Management of dark IP space (deception), full cycle NAC product. Good reporting and agent flexibility including an agentless Java web service to scan guest machines
- Weaknesses: Management server functionality is not distributed, single point of failure
- Verdict: Easy to use and fully featured, but can be pricey in a distributed environment
Trustwave NAC v3.6.0 is an appliance-based solution that works in a distributed yet centrally managed architecture and includes both sensors and management servers. The appliances run a hardened Linux OS and communicate with each other through an SSH pipe.
The central management console is responsible for pushing configuration to all sensors, taking status data from the sensors and archiving data for reporting. Sensors are responsible for network traffic monitoring, detection and mitigation.
Configuration of the management appliance and sensors is pretty straightforward. Initial programming to get the appliance on the network is through a terminal program. There are several screens of data that require data entry and then the management operations console can be launched.
Trustwave NAC supports comprehensive endpoint compliance scanning of Windows, Linux and Mac-based network devices. Compliance scans can check for known firewall, anti-spyware and anti-virus packages and operating system patches and compare these to configured policies. A basic port scan can be conducted as part of the compliance check. It does not perform a full port scan, rather a scan of common TCP and UDP ports.
Active Directory integration is accomplished via either portal-based logins or single sign-on (SSO). Network-based fingerprinting is available as a lightweight option, with deeper compliance checking available via a Java webstart control. An added feature that we liked is the ability to manage dark IP space through a feature called deception. This allows for the appliance to act as a decoy for unused IP addresses in the network.
The user interface is a standard tree-based multi-window interface. If you have worked on a Windows server, you will be very comfortable with this.
Reporting is good and includes numerous canned and custom reporting capabilities. The graphical displays include drilldown capabilities to underlying detail. A useful ad hoc query/analysis engine allows you to easily query the MySQL database for information. A full device level audit trail is included. Alerting is fully configurable and can be sent via email or syslog server.
Standard support includes access to software updates. Premium support options are available for a 23 per cent fee based on the purchase price.