Trend Micros NAC Offering Doesnt Change Playing Field

Review: In a crowded market, the NVWE 1200 is solid but doesn't do much to impress.

The newest player on the increasingly crowded NAC field is Trend Micros Network Virus Wall Enforcer 1200, and the product doesnt do much to differentiate itself.

That said, the NVWE 1200 is worth consideration at small and midsize businesses that either dont want to wait for Microsofts NAP (Network Admission Protection), slated to be released in "Longhorn" later this year or dont want the extensive planning and network architecture changes needed to implement Cisco Systems Network Admission Control solution.

With the NVWE 1200, Trend has added a PC assessment agent to the Virus Wall line to create what we call YANACA (or Yet Another NAC appliance) that nicely builds on Trends antivirus and gateway security appliance family.

The NVWE 1200 started shipping April 9 and costs $8,995. The product is recommended for up to 250 users, which makes the per-seat cost—$36—roughly in line with the price of rival products.

eWEEK Labs installed the NVWE 1200 in our test network and made no changes to the infrastructure aside from adding the appliance to our DNS (Domain Name System). We put the NVWE 1200 between our client PCs and our protected network resources, including DHCP (Dynamic Host Configuration Protocol), DNS, and portal and Internet connections.

As a purpose-built appliance, the NVWE 1200 has an advantage over some software-based systems that run on commodity hardware. The NVWE 12 runs in-line, which enabled us to block noncompliant PC network access. Other systems, in contrast, sit to the side and depend on VLAN (virtual LAN) assignments and ACL, or access level, changes to block PCs.

The NVWE 1200 does share a widespread weakness among many current NAC products—it does not offer end-point assessment services for Apples Mac OS X—or Linux-based machines. So, while Trend Micro calls this a second-generation NAC solution, we think that the third generation of these products—including the NVWE—should widen its support for non-Windows endpoint systems. For now, Mac or Linux systems can be allowed to bypass NVWE assessment to gain access to network resources.

One advantage of the NVWE 1200s Windows focus is that it is easy to check for particular Microsoft updates. During tests, we checked to ensure that systems had all of Microsofts "critical" and "important" updates but allowed systems that were missing "moderate" updates. This functionality was simple to implement using the intuitive NVWE 1200 interface.

NAC now

Our first step in using the NVWE 1200 involved creating policies and what Trend Micro calls "zones," or groups of computers. Policy creation was straightforward and should be easily picked up by IT staff at the SMBs for which the product was designed.

We created policies to check our PC systems for the most current Windows patches and hotfixes and for the presence of approved applications such as Windows Office. On systems that were not up-to-date, we configured the NVWE 1200 to connect to Microsofts update site, where users could initiate an update to bring their systems up to spec.

/zimages/3/28571.gifIs NAC whack? Click here to find out what eWEEK Labs Advanced Technologies Analyst Jason Brooks thinks.

Although we could have configured the PCs to be directed to a local update resource as well, such as our Windows System Update Server, SMBs may find it easier to get these updates from Microsoft.

To check for unauthorized software, we configured NVWE to do a registry scan for keys that indicated the programs we were looking for. Our tests showed that this was the weakest area of the NVWE 1200. To check for prohibited applications such as Kaaza or other peer-to-peer applications, we needed to manually create policies that we have grown accustomed to seeing provided out of the box.

When we infected machines with test viruses, the NVWE 1200 was effective in recognizing the infections and quarantining the systems. Because Trend Micro is an anti-virus company, quarantine can involve deploying what is called a damage cleanup utility to the PC. While this procedure worked to remove the test file and bring the system back into compliance with our standard virus tests, we think that Trend Micro could do more for reporting failed machines.

The user interface that reports system compliance automatically updates to remove systems that have been corrected, making it easy for managers to miss machines that may be having chronic problems with infection but that are being corrected by remediation action.

Once a PC is passed onto the network by the NVWE 1200, the agent—either the temporary ActiveX-based agent or the persistent agent that is permanently installed on the system—can be configured to recheck compliance as often as every 15 minutes.

Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.