Sophos NAC Advanced
Strengths: An elegant solution that does not place undue burden on administrators
Weaknesses: The per-seat pricing may make the cost prohibitive for some
Verdict: Recommended for its great balance between ease of use and security, plus free lifetime support
The Sophos NAC Advanced product is a well-designed offering that balances the need for ease of administration with network protection. It uses a Windows 2003 Server with SQL installed as a platform for the software-based offering. There are two modes for network access control. First is an agent-based install where a client is loaded onto each machine. The second method uses a web browser and an Active-x control. Regardless of whether the client uses the dissolvable (web) agent or the software agent, the policy is pulled from the Sophos configuration interface residing on the Windows 2003 server.
Setting up policies is quite easy. A sample policy might require Windows XP to have Service Pack 2 installed with all of the associated hot fixes, the Sophos anti-virus 6 running, and with updated DAT files, plus the Sophos personal firewall installed and running. If the client fails to meet those criteria, the machine can be placed in either a partially compliant state or, if more controls are missing, in a non-compliant state.
Sophos NAC Advanced has three methods for enforcing the network policy should a device be placed into a non-compliant state. The first is to work with a Microsoft or Lucent DHCP server to assign an address that only allows the client to have access to the remediation server and the internet. The second option is to use 802.1x to assign the non-compliant machine to a VLAN, which places the machine in quarantine. The final option is to work with the Cisco NAC platform to further restrict access.
Sophos includes round-the-clock support to all users at no additional charge. There are extended fee-based options - premium and platinum. These offerings include direct access to an engineer during software upgrades. Assistance can be obtained through phone, web and email.
The pricing for the Sophos NAC Advanced is based on per-seat licensing. This places the Sophos offering in the middle to upper range of products in this review, but when free lifetime support is taken into account, the offering is very affordable.