CyberGatekeeper with DNAC
Strengths: An ability to restrict non-compliant machines to the network
Weaknesses: Greater configuration would increase administration overhead
Verdict: A product with some serious strengths, but in-depth training is needed to truly grasp the configuration interface
CyberGatekeeper with dynamic network access control (DNAC) was one of the more challenging products to work with in the review process. The application is feature-rich, with the ability to develop polices for primarily Windows-based systems that need to meet policy criteria in order to gain access to the network. The application consists of three components: a policy manager, a policy server and a reporting server.
The reporting and most of the management is conducted through a web interface. Typically, this product is installed by InfoExpress engineers to ensure the client has a greater depth of understanding.
From a pure security standpoint, this solution has some advantages in the ability of the client to restrict the level of access to the network an endpoint (workstation) will have. The policy manager is the component of the application that builds the executable, which is then installed on the client machine, and the application runs as a service.
Once the application is installed, it is possible to alert the user, through pop-up messages, as to why the endpoint is not in compliance with the policy. Network access is given based on a series of network rules that appear very similar to IPTables rules or early Cisco router configuration rules. If an endpoint is non-compliant, limited access is granted to the network. The configuration interface is complex, although you get used to it.
CyberGatekeeper installed very easily on a standard Windows 2003 server from a single executable. During the process, an SQL database server will be installed if the current server is not already running one. An additional internet information server (IIS) is configured for most management and reporting tasks.
Documentation comes in the form of a single PDF document that is indexed and searchable. It is clear and easy to understand, but some sections could benefit from more detailed screenshots.
Assistance is available through several phone support options that include both office-hours and 24/7 support. In addition, email and online support options are on offer, which include access to a password-protected knowledge base.
The pricing for the CyberGatekeeper product is at the upper end of this group.