Frequently Asked Questions
WHAT ARE THE BENEFITS?
Easy NAC provides the benefits of traditional network access control – awareness, enforcement, and policies – without agents or network configuration. The result is easy deployment, management, and scaling, especially across multiple locations.
Some of the key benefits of Easy NAC include:
- Discovering and reporting network devices, including PCs, BYOD, IOT
- Controlling access to wired, wireless, and VPN networks
- Identifying and remediating managed PCs that are non-compliant
- Providing BYOD and guest registration with limited access
- Validating Windows or Azure AD and Anti-Virus
- Integrating with patch management, APT, firewall, and more
- Zero trust quarantining rogue devices from the network
CAN EASY NAC BE USED FOR ZERO TRUST?
Without needing to rearchitect the network, Easy NAC provides a comprehensive set of features that helps organizations implement a ZTNA security model. These include full visibility and control, continuous compliance checks, device fingerprinting, multi-factor authentication, least-privilege access, monitoring, orchestration and reporting.
These flexible features work together to increase visibility, improve security, and simplify security management, which help organizations protect their networks from unauthorized access and reduce the risk of a security breach.
Download the whitepaper
HOW DOES EASY NAC CONTROL ACCESS?
Easy NAC uses ARP to restrict access to the network by default. ARP enforcement is an out-of-band enforcement method that’s part of the Internet Protocol v4. Because this protocol is part of the IP protocol, network changes are not required. For subnets where IPv6 traffic needs to be enforced, one of Easy NAC’s alternate enforcement methods should be used.
WHAT DEVICES CAN EASY NAC CONTROL?
Easy NAC is compatible with all network equipment and endpoint devices. Because it does not require changing or reconfiguring network equipment or endpoints, Easy NAC works with managed and unmanaged networking equipment, and all types of endpoints.
WHERE IS EASY NAC PLACED ON THE NETWORK?
Easy NAC provides layer 2 visibility, protection and access control on the subnets that it connects to. Easy NAC supports direct connections, VLAN trunks, or vLinks to extend protection to all locations.
ARE THERE ANY SWITCH OR NETWORK REQUIREMENTS?
There are no special networking requirements to deploy Easy NAC. It works with any brand of switches, hubs, or wireless infrastructure. Easy NAC uses standard networking protocols to detect, control, and manage devices to ensure the broadest compatibility.
WHAT MAKES EASY NAC DIFFERENT?
Easy NAC is a third generation plug and protect NAC solution that is easily deployed and affordably scales to many remote sites. Other products that focus on homogeneous networks with limited sites are harder to setup and maintain, especially when enabling quarantine functionality.
Easy NAC provides immediate visibility, response, and control, without network changes or agents. Easy NAC blocks infected devices where they reside, to prevent contact with any other devices. NAC solutions that check specific points on the network have limited control over endpoints on remote networks.
HOW DOES EASY NAC COMPARE TO THE COMPETITION?
Easy NAC is a third generation NAC solution designed with enterprise security for organizations of all sizes, while the competition is predominately targeted at the Global 2000 which has the resources necessary for complex deployments.
Immediately after plugging in, Easy NAC provides visibility and enforcement without network changes or device configuration.
In short, Easy NAC provides the same or better security features that other NAC solutions provide, with a focus on simplicity and ease of use.
Easy NAC is the most affordable and simplest solution for organizations with distributed locations, common in industries such as healthcare, financial, personal services, and retail.
HOW DOES EASY NAC DETECT AND TRACK DEVICES?
Easy NAC uses a combination of network monitoring and orchestration with third party software and services to learn and track devices without agents. Starting at layer 2, Easy NAC learns of all devices on the network. Information is collecting using low level network protocols like ARP and DHCP, as well as application level protocols.
To obtain higher level information, Easy NAC uses orchestration modules to integrate with security software, enterprise software, and cloud services. This includes security software such as anti-virus and firewalls. Through multiple sources, Easy NAC profiles each device on the network, for reports, tracking, and automatic quarantines.
WHAT DEVICE PROFILING METHODS DOES EASY NAC USE?
Easy NAC protects, and automatically profiles devices using both passive and proactive profiling methods. Passive methods include listening to network traffic. Proactive methods include: device scanning, network management queries, web scans, and integration with AD and other 3rd party security and software solutions.
CAN EASY NAC PROTECT AGAINST MAC SPOOFING?
Easy NAC goes beyond simple MAC detection by using a fingerprint feature to protect against MAC address spoofing. Devices are profiled with a variety of information, which creates a digital fingerprint for the device. If a device tries to spoof the MAC address, the fingerprint does not match and the device is restricted.
HOW DOES EASY NAC CHECK ANTI-VIRUS COMPLIANCE?
Easy NAC integrates with cloud or on-premise Anti-virus servers to check the status of the endpoints. Easy NAC supports integration with enterprise AV and endpoint management vendors. By leveraging the integration at the management server, Easy NAC can enforce compliance with security policies, without the use of agents. Devices out-of-compliance can be restricted and an administrator(s) alerted.
WHAT ENDPOINT INTEGRATIONS DOES EASY NAC SUPPORT?
Easy NAC integrates with Active Directory and supports many third party software integrations. Some of the more common ones are shown below, but please inquire for an updated list or for a specific integration.
• ESET Antivirus
• FireEye HX
• HCL BigFix
• Ivanti Security Controls
• Kaseya VSA
• Kaspersky Antivirus Integration
• ManageEngine Desktop Central
• ManageEngine Patch Manager
• McAfee ePolicy Orchestrator
• Microsoft Intune
• Microsoft SCCM \ WSUS
• Moscii StarCat
• Sophos Enterprise Console and Sophos Central
• Symantec Endpoint Protection Manager
• Trend Micro Apex One and Apex Central
• VMware Carbon Black Endpoint Standard
Easy NAC also supports optional agents that can provide compliance checks on any brand of endpoint security software.
WHAT MAKES EASY NAC SIMPLE TO USE?
Although NAC has a reputation of being expensive and difficult, Easy NAC is different because it is an agentless NAC solution that doesn’t require changes to the network. No switch configurations or spanning ports required. These attributes makes Easy NAC the easiest NAC solution to deploy and manage.
HOW LONG DOES IT TYPICAL TAKE TO DEPLOY EASY NAC?
Each deployment will vary depending on the number of locations and the number of devices. Deployments can be as fast as a few days, but a more conservative deployment would take about two weeks, with the majority of the time spent in monitoring mode. Larger distributed networks normally take 1-2 months.
Since there will be no changes to the existing network, operations will not be affected during the deployment, and after-hours work is not required. Typically, a three-stage deployment is recommended:
Phase 1 – Infrastructure setup (1-10 days)
- Installation of CGX appliances and vLinks at necessary sites
- Setup software integrations and policies
- Configure and fine tune Access Control Lists for Restricted, IOT, BYOD, Consultants and Guests
Phase 2 –Monitor mode – (1-2 weeks)
- Educate staff and have them register their personal devices
- Educate staff on how to register guests
- Monitor networks for devices that need to be whitelisted or flagged
- Add flags and white-lists configurations as appropriate
Phase 3 – Protection Enabled (1-2 days)
- Enable enforcement
HOW IS EASY NAC LICENSED?
Easy NAC is licensed either as a perpetual license with annual support or on a subscription basis. The pricing for both depends on the number of devices being managed.
Please contact your authorized partner or InfoExpress for up-to-date information on licensing.
HOW DO I SIZE A LICENSE?
Easy NAC can protect the entire network or only specific locations. If the requirements are to protect only the end-user networks, the license should cover all the devices expected on these networks.
Common devices include computers, laptops, printers, IOT devices, switches, and VOIP phones. The license should be sized to cover the networks that Easy NAC will protect. Of course licenses are not required for networks that are not being monitored.
IS EASY NAC SOFTWARE OR HARDWARE SOLUTION?
Easy NAC is a family of appliances to provide advanced Network Access Control. The appliances are available in a hardware form factor or as a Virtual Machine software appliance.
Refer to Products for an overview, or contact sales for detailed information.