Gain Full Visibility and Control of Your Network with the Help of Easy NAC

Easy NAC provides the benefits of traditional network access control – awareness, enforcement, and policies – without agents or network configuration. The result is  easy deployment, management, and scaling, especially across multiple locations.

Some of the key benefits of Easy NAC include:

• Discovering and reporting network devices, including PCs, BYOD, IOT
• Controlling access to wired, wireless, and VPN networks 
• Identifying and remediating managed PCs that are non-compliant
• Providing BYOD and guest registration with limited access
• Validating Windows or Azure AD and Anti-Virus
• Integrating with patch management, APT, firewall, and more
• Zero trust quarantining rogue devices from the network 

Easy NAC uses ARP to restrict access to the network by default. ARP enforcement is an out-of-band enforcement method that’s part of the Internet Protocol v4. Because this protocol is part of the IP protocol, network changes are not required. For subnets where IPv6 traffic needs to be enforced, one of Easy NAC’s alternate enforcement methods should be used.   

Easy NAC is compatible with all network equipment and endpoint devices. Because it does not require changing or reconfiguring network equipment or endpoints, Easy NAC works with managed and unmanaged networking equipment, and all types of endpoints. 

Easy NAC provides layer 2 visibility, protection and access control on the subnets that it connects to. Easy NAC supports direct connections, VLAN trunks, or vLinks to extend protection to all locations.  

Easy NAC is a third generation plug and protect NAC solution that is easily deployed and affordably scales to many remote sites. Other products that focus on homogeneous networks with limited sites are harder to setup and maintain, especially when enabling quarantine functionality.

Easy NAC provides immediate visibility, response, and control, without network changes or agents. Easy NAC blocks infected devices where they reside, to prevent contact with any other devices. NAC solutions that check specific points on the network have limited control over endpoints on remote networks.

Easy NAC is a third generation NAC solution designed with enterprise security for organizations of all sizes, while the competition is predominately targeted at the Global 2000 which has the resources necessary for complex deployments. 

Immediately after plugging in, Easy NAC provides visibility and enforcement without network changes or device configuration.

In short, Easy NAC provides the same or better security features that other NAC solutions provide, with a focus on simplicity and ease of use.

Easy NAC is the most affordable and simplest solution for organizations with distributed locations, common in industries such as healthcare, financial, personal services, and retail. 

Easy NAC uses a combination of network monitoring and orchestration with third party software and services to learn and track devices without agents. Starting at layer 2, Easy NAC learns of all devices on the network. Information is collecting using low level network protocols like ARP and DHCP, as well as application level protocols.  

To obtain higher level information, Easy NAC uses orchestration modules to integrate with security software, enterprise software, and cloud services. This includes security software such as anti-virus and firewalls. Through multiple sources, Easy NAC profiles each device on the network, for reports, tracking, and automatic quarantines. 

Easy NAC protects, and automatically profiles devices using both passive and proactive profiling methods.  Passive methods include listening to network traffic.  Proactive methods include: device scanning, network management queries, web scans, and integration with AD and other 3rd party security and software solutions.

Easy NAC goes beyond simple MAC detection by using a fingerprint feature to protect against MAC address spoofing.  Devices are profiled with a variety of information, which creates a digital fingerprint for the device.  If a device tries to spoof the MAC address, the fingerprint does not match and the device is restricted.

Easy NAC integrates with cloud or on-premise Anti-virus servers to check the status of the endpoints. Easy NAC supports integration with enterprise AV and endpoint management vendors. By leveraging the integration at the management server, Easy NAC can enforce compliance with security policies, without the use of agents. Devices out-of-compliance can be restricted and an administrator(s) alerted.

Easy NAC integrates with Active Directory and supports many third party software integrations. Some of the more common ones are shown below, but please inquire for an updated list or for a specific integration.   

• Bitdefender
• Carbon Black Cb Response
• CrowdStrike Falcon
• ESET Antivirus
• IBM BigFix
• Ivanti Security Controls
• Kaseya VSA
• Kaspersky Antivirus Integration
• InfoExpress CyberGatekeeper
• ManageEngine Desktop Central
• ManageEngine Patch Manager
• McAfee ePolicy Orchestrator
• Microsoft Intune
• Microsoft SCCM / WSUS
• Microsoft Windows Management Instrumentation (WMI)
• Moscii StarCat
• Sophos Enterprise Console and Sophos Central
• Symantec Endpoint Protection Manager
• Trend Micro OfficeScan and Apex Central

Easy NAC also supports optional agents that can provide compliance checks on any brand of endpoint security software.

Although NAC has a reputation of being expensive and difficult, Easy NAC is different because it is an agentless NAC solution that doesn’t require changes to the network. No switch configurations or spanning ports required.  These attributes makes Easy NAC the easiest NAC solution to deploy and manage.

Each deployment will vary depending on the number of locations and the number of devices.  Deployments can be as fast as a few days, but a more conservative deployment would take about two weeks, with the majority of the time spent in monitoring mode. Larger distributed networks normally take 1-2 months. 

Since there will be no changes to the existing network, operations will not be affected during the deployment, and after-hours work is not required. Typically, a three-stage deployment is recommended:   

Phase 1 – Infrastructure setup (1-10 days)

• Installation of CGX appliances and vLinks at necessary sites
• Setup software integrations and policies
• Configure and fine tune Access Control Lists for Restricted, IOT, BYOD, Consultants and Guests

Phase 2 –Monitor mode – (1-2 weeks)

• Educate staff and have them register their personal devices
• Educate staff on how to register guests
• Monitor networks for devices that need to be whitelisted or flagged
• Add flags and white-lists configurations as appropriate

Phase 3 – Protection Enabled (1-2 days)

• Enable enforcement

Easy NAC is licensed either as a perpetual license with annual support or on a subscription basis. The pricing for both depends on the number of devices being managed.

Easy NAC can protect the entire network or only specific locations.  If the requirements are to protect only the end-user networks, the license should cover all the devices expected on these networks. 

Common devices include computers, laptops, printers, IOT devices, switches, and VOIP phones. The license should be sized to cover the networks that Easy NAC will protect. Of course licenses are not required for networks that are not being monitored. 

Easy NAC is a family of appliances to provide advanced Network Access Control. The appliances are available in a hardware form factor or as a Virtual Machine software appliance.