Strengths: Uses standards for maximum flexibility and scales well
Weaknesses: Installation can take time
Verdict: Constantly evolving with each release, it is only a matter of time before Safe Access becomes a preferred 802.1x NAC platform
With StillSecure's Safe Access, every device starts in the quarantine network segment and has to test out of quarantine to reach devices on the protected network. Testing of endpoints can be done in one of three ways. The first method is to test in an agentless configuration. This works well for XP machines and allows for a rapid rollout.
The second method is with an installed agent. This is designed to work with legacy systems such as Windows 95 and NT 4.0. The final option is to use a dissolvable client, which is actually an ActiveX plug-in. This allows non-Microsoft machines to use the Safe Access product. Safe Access has many different methods to quarantine devices that fail to pass the security testing.
With 802.1x becoming very popular, it is easy to imagine that the restriction of VLANs, while already a Safe Access feature, will become more robust and use a protocol such as extensible authentication protocol. This will give this type of enforcement greater control of system configurations. Besides 802.1x, this appliance can also function as a pseudo firewall and restrict access to the data link layer.
Safe Access uses policies to test the endpoints for compliance. There are several predefined policies and it is quite simple for an administrator to modify existing policies to fit the organisation's need. A unique feature is the grace period. This allows a non-policy-compliant system to still access resources for a limited time. If the vulnerability is not remediated before the grace period lapses the system is moved back to the quarantine network.
The installation is complex and is usually performed by a member of the StillSecure professional services organisation. Even with the guidance of professional services, the Safe Access product installation can take hours.
The product comes with a hard copy quick-start guide and PDF versions of the administration and installation manuals on a CD.
Standard support is included in the purchase price, with office hour telephone and email assistance. Additional support coverage is available for an additional fee.
The pricing at around £10 per seat is in the low to medium price range. However, the product scales very well to meet just about any organisation's needs.