Easy NAC uses ARP to restrict access to the network by default. ARP enforcement is an out-of-band enforcement method that’s part of the Internet Protocol v4. Because this protocol is part of the IP protocol, network changes are not required. For subnets where IPv6 traffic needs to be enforced, one of Easy NAC’s alternate enforcement methods should be used
Easy NAC is compatible with all network equipment and endpoint devices. Because it does not require changing or reconfiguring network equipment or endpoints, Easy NAC works with enterprise and consumer grade network equipment, and all types of endpoints.
Easy NAC provides layer 2 visibility, protection and access control on the subnets that it connects to. Easy NAC supports direct connections, VLAN trunks, or vConnect to provide access to all locations.
There are no special networking requirements to deploy Easy NAC. It works with any brand of switches, hubs, or wireless infrastructure. Easy NAC uses standard networking protocols to detect, control, and manage devices to ensure the broadest compatibility.
Easy NAC is a third generation plug and protect NAC solution that is easily deployed and affordably scales to many remote sites. Other products that focus on homogeneous networks with limited sites are harder to setup and maintain, especially when enabling quarantine functionality.
Easy NAC provides immediate visibility, response, and control, without network changes or agents. Easy NAC blocks infected devices where they reside, to prevent contact with any other devices. NAC solutions that check specific points on the network have limited control over endpoints on remote networks.
Easy NAC is a third generation NAC solution designed with enterprise security for organizations of all sizes, while the competition is predominately targeted at the Global 2000 which has the resources necessary for complex deployments.
Immediately after plugging in, Easy NAC provides visibility and enforcement without network changes or device configuration.
In short, Easy NAC provides the same security features that other NAC solutions provide, with a focus on simplicity and ease of use.
Easy NAC is the most affordable and simplest solution for organizations with distributed locations, common in industries such as healthcare, financial, personal services, and retail.
Easy NAC uses a combination of network monitoring and orchestration with third party software and services to learn and track devices without agents. Starting at layer 2, Easy NAC learns of all devices on the network. Information is collecting using low level network protocols like ARP and DHCP, as well as application level protocols.
To obtain higher level information, Easy NAC uses orchestration modules to integrate with security software, enterprise software, and cloud services. This includes security software such as anti-virus and firewalls. Through multiple sources, Easy NAC profiles each device on the network, for reports, tracking, and automatic quarantines.
Easy NAC protects, and automatically profiles devices using both passive and proactive profiling methods. Passive methods include listening to network traffic. Proactive methods include: device scanning, network management queries, web scans, and integration with AD and other 3rd party security and software solutions.
Easy NAC goes beyond simple MAC detection by using a fingerprint feature to protect against MAC address spoofing. Devices are profiled with a variety of information, which creates a digital fingerprint for the device. If a device tries to spoof the MAC address, the fingerprint does not match and the device is restricted.
Easy NAC integrates with on premise enterprise AV servers to check the status of the endpoints. Easy NAC supports integration with enterprise AV and endpoint management vendors. By leveraging the integration at the management server, Easy NAC can enforce compliance with security policies, without the use of agents. Devices out-of-compliance can be restricted and an administrator(s) alerted.
Easy NAC integrates with Active Directory and supports many third party software integrations. Some of the more common ones are shown below, but please inquire for an updated list or for a specific integration.
- Sophos Enterprise Console
- Symantec Endpoint Protection Manager
- McAfee ePO
- Trend Micro OfficeScan
- Kaspersky Antivirus
- ESET Remote Administrator
- Microsoft WSUS / SCCM
- IBM BigFix
- Moscii StarCat
- InfoExpress CyberGatekeeper
- Carbon Black Cb Response
Although NAC has a reputation of being expensive and difficult, Easy NAC is different because it is an agentless NAC solution that doesn’t require changes to the network. No switch configurations or spanning ports required. These attributes makes Easy NAC the easiest NAC solution to deploy and manage.
Each deployment will vary depending on the number of network segments to be protected and the number of devices on the network. Deployments can be a fast as a few days, but a more conservative deployment would take about two weeks, with the majority of the time spent in monitoring mode.
Since there will be no changes to the existing network, operations will not be effected during the deployment, and after hours work is not required. Typically, a three stage deployment is recommended:
Phase 1 – Infrastructure setup (1-3 days)
- Installation of CGX appliances and vConnect at necessary sites
- Setup software integrations and policies
- Configure and fine tune Access Control Lists for Restricted, IOT, BYOD, Consultants and Guests
Phase 2 –Monitor mode – (1 week)
- Educate staff and have them register their personal devices
- Educate staff on how to register guests
- Monitor networks for devices that need to be whitelisted or flagged
- Add flags and white-lists configurations as appropriate
Phase 3 – Protection Enabled (1-2 days)
- Enable enforcement
Easy NAC is licensed either as a perpetual license with annual support or on a subscription basis. The pricing for both depends on the number of devices being managed.
Please contact your authorized partner or InfoExpress for up-to-date information on licensing.
Easy NAC can protect the entire network or only specific locations. If the requirements are to protect only the end-user networks, the license should cover all the devices expected on these networks.
Common devices include computers, laptops, printers, IOT devices, switches, and VOIP phones. The license should be sized to cover the networks that Easy NAC will protect. Of course licenses are not required for networks that are not being monitored.
Easy NAC is a family of appliances to provide advanced Network Access Control. The appliances are available in a hardware form factor or as a Virtual Machine software appliance.