Trustwave NAC v3.6.0
September 01, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Management of dark IP space (deception), full cycle NAC product. Good reporting and agent flexibility including an agentless Java web service to scan guest machines
- Weaknesses: Management server functionality is not distributed, single point of failure
- Verdict: Easy to use and fully featured, but can be pricey in a distributed environment
Trustwave NAC v3.6.0 is an appliance-based solution that works in a distributed yet centrally managed architecture and includes both sensors and management servers. The appliances run a hardened Linux OS and communicate with each other through an SSH pipe.
The central management console is responsible for pushing configuration to all sensors, taking status data from the sensors and archiving data for reporting. Sensors are responsible for network traffic monitoring, detection and mitigation.
Configuration of the management appliance and sensors is pretty straightforward. Initial programming to get the appliance on the network is through a terminal program. There are several screens of data that require data entry and then the management operations console can be launched.
Trustwave NAC supports comprehensive endpoint compliance scanning of Windows, Linux and Mac-based network devices. Compliance scans can check for known firewall, anti-spyware and anti-virus packages and operating system patches and compare these to configured policies. A basic port scan can be conducted as part of the compliance check. It does not perform a full port scan, rather a scan of common TCP and UDP ports.
Active Directory integration is accomplished via either portal-based logins or single sign-on (SSO). Network-based fingerprinting is available as a lightweight option, with deeper compliance checking available via a Java webstart control. An added feature that we liked is the ability to manage dark IP space through a feature called deception. This allows for the appliance to act as a decoy for unused IP addresses in the network.
The user interface is a standard tree-based multi-window interface. If you have worked on a Windows server, you will be very comfortable with this.
Reporting is good and includes numerous canned and custom reporting capabilities. The graphical displays include drilldown capabilities to underlying detail. A useful ad hoc query/analysis engine allows you to easily query the MySQL database for information. A full device level audit trail is included. Alerting is fully configurable and can be sent via email or syslog server.
Standard support includes access to software updates. Premium support options are available for a 23 per cent fee based on the purchase price.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- Krebs dropped by Akamai for record DDoS attack, OVH suffers 1100 Gbps DDoS
- NSA hacking tools used against Cisco customers
- WordPress plugin update leads to thousands of sites exposing users to adware
- The Internet of Things, cyber-security and the role of the CIO
- Gov-funded boot camp for cyber-security entrepreneurs graduates first intake
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit