Symantec NAC Tool Takes Integrated Approach to Network Security
Labeled as Symantec Network Access Control, or SNAC, the product boasts a range of features and support for various computing platformsincluding Ciscos and Microsofts versions of the technologywith officials of the Cupertino, Calif., company pitching the package as a vital new piece of its overarching corporate risk management strategy.
That effort, launched in October 2006, evangelizes the use of integrated products for solving both security and regulatory compliance issues for businesses, versus the use of stand-alone technologies from multiple vendors to solve various problems.
NAC systems are increasingly being adopted by organizations to verify the security posture of devices as they attempt to log onto IT networks.
While Cisco and other networking companies were the first to begin marketing the tools, primarily as a feature on their switches, a wide range of vendors from stand-alone startups to enterprise security giants such as Symantec are trying to grab a piece of the market.
Due in March, the SNAC system will be based around so-called agentless endpoint enforcement, meaning that there is no full-time software client installed on end users PCs. Among the other features detailed thus far by Symantec are support for Apples Mac OS X operating systemas well as Microsofts Windowsand integration with the 802.1x industry standard for network authentication.
One of the primary benefits of the Symantec product is its agentless, or "dissolvable," software client approach. With so many security products already residing on enterprise desktops, keeping the NAC systems impact on performance and memory to a minimumand having more control over the application through its centralized distribution to endpointsis a key differentiator, according to company officials.
Like other NAC products with so-called post-admission capabilities, the SNAC system claims pervasive coverage, keeping tabs on users and machines for potential misuse even after they have been approved for access to a corporate network.
The new package was developed through internal development and using the technologies brought onboard via Symantecs August 2005 buyout of Sygate. Just exactly what plans Symantec had for Sygates technology has been a topic of debate among industry watchers since the security giant announced the deal.
"We feel that Sygate gives us one of the most developed solutions on the market as they have essentially been doing NAC since 2001, long before we even talked about this type of product using that term," said Patrick Wheeler, senior product manager for endpoint security at Symantec. "We felt it was important to provide not only policy enforcement and host configuration security, but also to offer pervasive endpoint enforcement on any type of networking equipment our customers use."
One of the frequent criticisms launched at Cisco over its NAC technologies is that they are focused mainly on the vendors own networking hardware. Like many other NAC vendors that dont make their own networking gear, Symantec is touting its more agnostic approach as a major selling point to enterprises that maintain heterogeneous environments.
By providing a combination of security scanning toolssome of which have the ability to test the security of devices such as printers that have been cited as potential weak points in NAC systems when left open to attacks that spoof the machines identities to evade authenticationSymantec believes it can separate itself from the pack by delivering a more comprehensive approach to the technology.
"The idea is to avoid having any gaps in visibility, and you need to make sure that you can assess everything on your network for compliance policies, even these other types of non-PC devices," Wheeler said. "We feel its a major advantage to be vendor-agnostic from a networking standpoint. While just as we would love for the world to be all Symantec for security, its particularly important for customers to be able to provide protection over multiple platforms, and there are some major vendors out there who cant make that claim."