Menu
Gain Full Visibility and Control of Your Network with the Help of Easy NAC
Keep unauthorized users and compromised devices outside of your
organization’s private network
Given how sophisticated cybersecurity threats have become, a lot of organizations are now paying more attention to ensure the safety of their network. They buy an anti-virus solution from one vendor, a firewall on a different one, and invest in a totally separate system for managing access permissions – but what if you can have a centralized approach to all of your network security concerns?
Easy NAC is a simple and affordable network access control solution that offers comprehensive protection for physical and virtual environments, desktops, servers, and mobile devices. It also has antispam for Exchange mailboxes – all from a single console.
Easy NAC is an ideal solution for organizations with many locations, especially those in the industries of healthcare, finance, or services. What’s more, it has also been featured at Gartner’s Market Guide for Network Access Control in 2018 and gained high ratings in eSecurityPlanet for seamless visibility and network management.
Automate Network Control with Easy NAC
It’s time to take the burden off your IT or Security Teams when it comes to securing your network against threats with these capabilities.
See Everything
Take your security to the next level, stop rogues and threats, enroll guest devices, be prepared for BYOD setups, and protect IoT devices. Moreover, integration is also easy.
Deploy Quickly
Experience agentless deployment and installation without any network changes with Easy NAC. There is also no 802.1x or SPAN ports.
Orchestrate Access
Control access for LAN and Wi-Fi, authorize by role and identity, seamlessly remediate PCs, and be compatible with enterprise and consumer networks.
Take Charge of Your Network with These Key Features
With Easy NAC, you can automatically discover devices and profile them. Start upping the ante against these cybercriminals with these key features.
Security Posture Enforcement
Integrate with enterprise anti-virus vendors and leading endpoint management solutions, to help you verify if a device’s endpoint security is active and up to date. If a device is not compliant with your security protocol, it will be restricted at the point of network access effortlessly.
Device Profiling
See devices that join your network, without the use of agents. With Easy NAC, visibility is immediate, untrusted devices are immediately restricted, and endpoints will be both passively and actively profiled to determine operating system, manufacturer, and type of device.
Automated Whitelisting
Have the power to regularly check with your Active Directory server to verify which devices are domain-joined. Devices that are confirmed as trusted can automatically be granted full access to the network. Device profiling can also be used to automate the process of approving IoT devices.
Anti-Spoofing Protection
Provide a fingerprint feature to protect against MAC address spoofing. All devices on your network are profiled for their MAC address, IP, Operating System, and Hostname. This information can then be used to set a unique fingerprint for each device.
Effortless Threat Response
Receive an alert if a device is compromised and restrict it immediately with Easy NAC. In addition to this automated response against attacks, you’ll also have Zero-day behavioral detection that protects your network from worms or malware making unusual connection attempts to other devices on the LAN.
LAN / VPN Protection
Leverage the capabilities of ARP Enforcement, DNS, and HTTP Redirection to immediately detect and prevent unknown devices from joining the LAN. ARP enforcement is an out-of-band enforcement method. That works with any network infrastructure. For VPN protection, it can be configured as in-band to allow only authorized and compliant devices.
BYOD Registration and Guest Access
Have a self-registration portal to automate the BYOD registration process of your company. Policies can be set by groups to limit the number and type of BYOD devices. This improves your security by tracking device ownership and restricting the locations they are allowed
Integrate Seamlessly with Your Trusted Endpoint Solutions
Easy NAC integrates with Active Directory and supports many third-party software integrations. Some of the more common ones are shown below, but please inquire for an updated list or for a specific integration.
Sophos Enterprise Console
Symantec Endpoint Protection Manager
McAfee ePO
Trend Micro OfficeScan
Kaspersky Antivirus
ESET Remote Administrator
Microsoft WSUS / SCCM
Moscii StarCat
IBM BigFix
InfoExpress CyberGatekeeper
Carbon Black Cb Response
FAQs – Easy NAC
Easy NAC provides the benefits of traditional network access control – awareness, enforcement, and policies – without agents or network configuration. The result is easy deployment, management, and scaling, especially across multiple locations.
Some of the key benefits of Easy NAC include:
- Discovering and reporting network devices, including PCs, BYOD, IOT
- Controlling access to wired, wireless, and VPN networks
- Identifying and remediating managed PCs that are non-compliant
- Providing BYOD and guest registration with limited access
- Validating Windows or Azure AD and Anti-Virus
- Integrating with patch management, APT, firewall, and more
- Zero trust quarantining rogue devices from the network
Easy NAC uses ARP to restrict access to the network by default. ARP enforcement is an out-of-band enforcement method that’s part of the Internet Protocol v4. Because this protocol is part of the IP protocol, network changes are not required. For subnets where IPv6 traffic needs to be enforced, one of Easy NAC’s alternate enforcement methods should be used.
Easy NAC is compatible with all network equipment and endpoint devices. Because it does not require changing or reconfiguring network equipment or endpoints, Easy NAC works with managed and unmanaged networking equipment, and all types of endpoints.
Easy NAC provides layer 2 visibility, protection and access control on the subnets that it connects to. Easy NAC supports direct connections, VLAN trunks, or vLinks to extend protection to all locations.
There are no special networking requirements to deploy Easy NAC. It works with any brand of switches, hubs, or wireless infrastructure. Easy NAC uses standard networking protocols to detect, control, and manage devices to ensure the broadest compatibility.
Easy NAC is a third generation plug and protect NAC solution that is easily deployed and affordably scales to many remote sites. Other products that focus on homogeneous networks with limited sites are harder to setup and maintain, especially when enabling quarantine functionality.
Easy NAC provides immediate visibility, response, and control, without network changes or agents. Easy NAC blocks infected devices where they reside, to prevent contact with any other devices. NAC solutions that check specific points on the network have limited control over endpoints on remote networks.
Easy NAC is a third generation NAC solution designed with enterprise security for organizations of all sizes, while the competition is predominately targeted at the Global 2000 which has the resources necessary for complex deployments.
Immediately after plugging in, Easy NAC provides visibility and enforcement without network changes or device configuration.
In short, Easy NAC provides the same or better security features that other NAC solutions provide, with a focus on simplicity and ease of use.
Easy NAC is the most affordable and simplest solution for organizations with distributed locations, common in industries such as healthcare, financial, personal services, and retail.
Easy NAC uses a combination of network monitoring and orchestration with third party software and services to learn and track devices without agents. Starting at layer 2, Easy NAC learns of all devices on the network. Information is collecting using low level network protocols like ARP and DHCP, as well as application level protocols.
To obtain higher level information, Easy NAC uses orchestration modules to integrate with security software, enterprise software, and cloud services. This includes security software such as anti-virus and firewalls. Through multiple sources, Easy NAC profiles each device on the network, for reports, tracking, and automatic quarantines.
Easy NAC protects, and automatically profiles devices using both passive and proactive profiling methods. Passive methods include listening to network traffic. Proactive methods include: device scanning, network management queries, web scans, and integration with AD and other 3rd party security and software solutions.
Easy NAC goes beyond simple MAC detection by using a fingerprint feature to protect against MAC address spoofing. Devices are profiled with a variety of information, which creates a digital fingerprint for the device. If a device tries to spoof the MAC address, the fingerprint does not match and the device is restricted.
Easy NAC integrates with cloud or on-premise Anti-virus servers to check the status of the endpoints. Easy NAC supports integration with enterprise AV and endpoint management vendors. By leveraging the integration at the management server, Easy NAC can enforce compliance with security policies, without the use of agents. Devices out-of-compliance can be restricted and an administrator(s) alerted.
Easy NAC integrates with Active Directory and supports many third party software integrations. Some of the more common ones are shown below, but please inquire for an updated list or for a specific integration.
- Bitdefender
- Carbon Black Cb Response
- CrowdStrike Falcon
- ESET Antivirus
- IBM BigFix
- Ivanti Security Controls
- Kaseya VSA
- Kaspersky Antivirus Integration
- InfoExpress CyberGatekeeper
- ManageEngine Desktop Central
- ManageEngine Patch Manager
- McAfee ePolicy Orchestrator
- Microsoft Intune
- Microsoft SCCM / WSUS
- Microsoft Windows Management Instrumentation (WMI)
- Moscii StarCat
- Sophos Enterprise Console and Sophos Central
- Symantec Endpoint Protection Manager
- Trend Micro OfficeScan and Apex Central
Easy NAC also supports optional agents that can provide compliance checks on any brand of endpoint security software.
Although NAC has a reputation of being expensive and difficult, Easy NAC is different because it is an agentless NAC solution that doesn’t require changes to the network. No switch configurations or spanning ports required. These attributes makes Easy NAC the easiest NAC solution to deploy and manage.
Each deployment will vary depending on the number of locations and the number of devices. Deployments can be as fast as a few days, but a more conservative deployment would take about two weeks, with the majority of the time spent in monitoring mode. Larger distributed networks normally take 1-2 months.
Since there will be no changes to the existing network, operations will not be affected during the deployment, and after-hours work is not required. Typically, a three-stage deployment is recommended:
Phase 1 – Infrastructure setup (1-10 days)
- Installation of CGX appliances and vLinks at necessary sites
- Setup software integrations and policies
- Configure and fine tune Access Control Lists for Restricted, IOT, BYOD, Consultants and Guests
Phase 2 –Monitor mode – (1-2 weeks)
- Educate staff and have them register their personal devices
- Educate staff on how to register guests
- Monitor networks for devices that need to be whitelisted or flagged
- Add flags and white-lists configurations as appropriate
Phase 3 – Protection Enabled (1-2 days)
- Enable enforcement
Easy NAC is licensed either as a perpetual license with annual support or on a subscription basis. The pricing for both depends on the number of devices being managed.
Easy NAC can protect the entire network or only specific locations. If the requirements are to protect only the end-user networks, the license should cover all the devices expected on these networks.
Common devices include computers, laptops, printers, IOT devices, switches, and VOIP phones. The license should be sized to cover the networks that Easy NAC will protect. Of course licenses are not required for networks that are not being monitored.
Easy NAC is a family of appliances to provide advanced Network Access Control. The appliances are available in a hardware form factor or as a Virtual Machine software appliance.
Specifications / System Requirements
There are no special networking requirements to deploy Easy NAC. It works with any brand of switches, hubs, or wireless infrastructure. Easy NAC uses standard networking protocols to detect, control, and manage devices to ensure the broadest compatibility.
Need to know more? Hear it straight from the experts!
We are always ready to answer your questions and tell you more about what this solution can do for your organization – you can also schedule a FREE online or on-site demo with us!