Network Sentry v4.1.1
Strengths: Great device discovery tools and ability to phase in protection. Decent guest and sponsor-based access tools
Weaknesses: Light on reporting
Verdict: Strong performer that integrates with most LAN and security solutions, good navigation and user interface. We make this one our Best Buy
Network Sentry v4.1.1 from Bradford Networks is currently sold as an integrated appliance-based solution. However, in the second half of 2010 it will be available as a software-based offering that can be run in a virtual server environment.
It utilises an out-of-band, policy-driven architecture to deliver centrally managed visibility and access control across wired, wireless and VPN environments. It has recently been re-packaged to be sold as the base foundation appliance, with various software options and extensions for adding functionality to the chosen software options.
Initial set up of the appliance and configuration of the Layer 2 or Layer 3 isolation options will take a bit of time but is done through a menu-driven wizard. Once set up, the endpoint configuration and management user interface is very strong.
The device will discover all of your endpoints and allow you to navigate through the management options associated with each. The UI is mature and provides easy navigation options to quickly switch between views and get right to the information you want.
User identity and role information are ascertained via integration with authentication and directory services such as Radius, Active Directory and LDAP-based ones.
Network access policies are associated with a seven-point identity profile consisting of user name, user role, host/device name, Mac address, IP address, network access location and time. Persistent and dissolvable agents are offered for endpoint assessment with support for Windows, Mac OS X and Linux devices.
Integration with third-party security devices such as IDS/IPS and other systems is also supported, enabling real-time traffic-based compliance monitoring and alerting. Reporting was a bit light but the product did provide a good dashboard.
Alerting was good and included full integration to trigger configuration changes with network equipment via SNMP, SSH or Telenet. The guest access portal was great, allowing an admin-level resource to securely add guest access.
No basic support is included with the product but gold and platinum options are available for 18 or 27 per cent of the base price.
Priced in the middle of the spectrum, Network Sentry delivers a lot of capabilities in an easy to use platform.