Symantec has announced an upgrade to Symantec Network Access Control, providing comprehensive enforcement for managed endpoints, guest users and unmanaged devices.
Symantec is helping customers reduce overall cost and simplify network access control deployment by integrating the on-demand client into Symantec Network Access Control.
In addition, consolidated network access control policy configuration and management for managed and guest users can all be done through the Symantec Endpoint Protection Manager.
An integrated, dissolvable on-demand client for guest user access can now be delivered directly from the Symantec Network Access Control Enforcer appliance in Gateway or DHCP modes to simplify deployment. This ensures that unmanaged endpoints attempting to connect to corporate networks have the appropriate protection and security software installed. The on-demand client performs predefined checks to ensure that antivirus, antispyware, firewall and service pack software is installed and up-to-date.
“This critical expansion of our network access control capabilities allows customers to centrally enforce endpoint compliance policies for both managed and unmanaged endpoints, through integration with Symantec Endpoint Protection, and guest users,” said Patrick Evans, regional director for Africa at Symantec. “With Symantec Network Access Control, we have taken a flexible approach that goes beyond host-based enforcement and offers customers an array of options for enforcing network access control on the network.”
Symantec Network Access Control also supports authentication and identity-based access control for guest users by offering a new Web login that can be enabled as part of the on-demand client download process. Users can be authenticated against logins centrally stored in ActiveDirectory, LDAP, RADIUS or logins stored locally on the Enforcer. When used with LAN Enforcement, RADIUS attributes can control which resources guest users can access on the network once they have authenticated.
Furthermore, enhanced MAC address authentication functionality enforces network access for unmanaged devices in 802.1x-enabled environments. In LAN Enforcement mode, the Enforcer can check the MAC address of a device connecting to an 802.1x-enabled switch port, validate it against a store of known/authorized MAC addresses, and allow or block the device depending on whether it finds a match.
Symantec Network Access Control securely controls access to corporate networks, enforces endpoint security policy and easily integrates with existing network infrastructures.
Regardless of how endpoints connect to the network, Symantec Network Access Control discovers and evaluates endpoint compliance status, provisions the appropriate network access, provides automated remediation capabilities, and continually monitors endpoints for changes in compliance status.
The result is a network environment where corporations realize significant reductions in security incidents, increased levels of compliance to corporate IT security policy and confidence that endpoint security mechanisms are properly enabled.