Trustwave NAC v3.6.0
September 01, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Management of dark IP space (deception), full cycle NAC product. Good reporting and agent flexibility including an agentless Java web service to scan guest machines
- Weaknesses: Management server functionality is not distributed, single point of failure
- Verdict: Easy to use and fully featured, but can be pricey in a distributed environment
Trustwave NAC v3.6.0 is an appliance-based solution that works in a distributed yet centrally managed architecture and includes both sensors and management servers. The appliances run a hardened Linux OS and communicate with each other through an SSH pipe.
The central management console is responsible for pushing configuration to all sensors, taking status data from the sensors and archiving data for reporting. Sensors are responsible for network traffic monitoring, detection and mitigation.
Configuration of the management appliance and sensors is pretty straightforward. Initial programming to get the appliance on the network is through a terminal program. There are several screens of data that require data entry and then the management operations console can be launched.
Trustwave NAC supports comprehensive endpoint compliance scanning of Windows, Linux and Mac-based network devices. Compliance scans can check for known firewall, anti-spyware and anti-virus packages and operating system patches and compare these to configured policies. A basic port scan can be conducted as part of the compliance check. It does not perform a full port scan, rather a scan of common TCP and UDP ports.
Active Directory integration is accomplished via either portal-based logins or single sign-on (SSO). Network-based fingerprinting is available as a lightweight option, with deeper compliance checking available via a Java webstart control. An added feature that we liked is the ability to manage dark IP space through a feature called deception. This allows for the appliance to act as a decoy for unused IP addresses in the network.
The user interface is a standard tree-based multi-window interface. If you have worked on a Windows server, you will be very comfortable with this.
Reporting is good and includes numerous canned and custom reporting capabilities. The graphical displays include drilldown capabilities to underlying detail. A useful ad hoc query/analysis engine allows you to easily query the MySQL database for information. A full device level audit trail is included. Alerting is fully configurable and can be sent via email or syslog server.
Standard support includes access to software updates. Premium support options are available for a 23 per cent fee based on the purchase price.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears