In-Band NAC: Three Products You Should Know About

Rolling Review wraps up assessment of ConSentry's LANShield Controller, Nevis' LANenforcer, and Vernier's Edgewall.

Mike Fratto, Former Network Computing Editor

January 17, 2008

2 Min Read
InformationWeek logo in a gray background | InformationWeek

ENJOY THE VIEW

Every security vendor wants to sell you a "compliance solution," and ConSentry, Nevis, and Vernier are no different. The location of in-band NAC appliances does give give them a unique view of the protocols, applications, and activities on your network. Depending on what data is gathered during a host assessment, even endpoint configuration can be reported on. Included reports may satisfy some compliance reporting, but you'll need to merge the data with other network stats to get an overall picture.

Reporting covers daily, weekly, or monthly roll-ups that give the big-picture view. Unfortunately, Vernier's roll-up reporting was nonexistent; we were limited to viewing real-time events and exporting data to external servers using syslog. While we don't expect full-blown log analysis in a NAC product, historical trending and automated reporting should be basic features. Both ConSentry and Nevis offered more in-depth reporting.

ConSentry's and Nevis' management products offered scheduled capabilities that could be used for long-term trending and reporting. ConSentry's report templates were more robust and configurable than Nevis'; in addition, Nevis had few report templates, and they relied on using Crystal Reports to build custom trend reports.

Where Nevis has an edge is in troubleshooting. We could easily discover and resolve connection issues using the tools Nevis provided, while ConSentry's offering took more effort. Vernier's troubleshooting tools left much to be desired.

In the end, no one product emerged as the Editor's Choice or as a Best Value. But both ConSentry's LANShield and Nevis' LANenforcer made our Short List. And the real winners are enterprise IT groups: In-band NAC vendors are in an arms race. ConSentry's newest version, shipping in the first quarter of 2008, should enhance an already strong product offering. Vernier does have some ground to make up on the policy and reporting fronts, but both ConSentry and Nevis could take a page from Vernier's playbook and beef up their host assessment functions. We'll be keeping an eye on this space.

THE REPORT: NAC Tutorial

Here's how to protect your networks from jmalicious and misconfigured hosts:

See all our reports at informationweekreports.com

Read more about:

20082008

About the Author

Mike Fratto

Former Network Computing Editor

Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights