Symantec To Roll Out NAC Appliance

Symantec said it plans to ship a network access control appliance in late April.

The Cupertino, Calif.-based security vendor announced the appliance, the NAC Enforcer Series, on Monday at the RSA Security Conference, held this week in San Jose, Calif. The new product, which uses NAC technology that Symantec acquired from Sygate in August, will be part of Symantec’s end-point security product family.

A rack-mountable appliance, NAC Enforcer is designed to help ensure that corporate networks, branch offices and mobile workers are protected and compliant with security policies when users access the network from managed or unmanaged devices. The appliance automatically blocks or remediates noncompliant devices and provides patch updates before granting network access. It can support up to tens of thousands of concurrent sessions, according to Symantec.

The appliance is intended to be easy to implement and can be integrated into a network without the need to upgrade current infrastructure or switches, said Brian Foster, senior director of product management for client and server security at Symantec. "The key advantage of this is its ease of use," he said.

NAC is a hot growth area, and many security vendors are introducing solutions to address that market, said Jeffrey Tye, founder of GMP Networks, a Tucson, Ariz.-based solution provider. "I'm not surprised [Symantec has] something in this area," he said.Tye said he hasn't been briefed in detail about the new product, but if it's easy to install, then Symantec will be in a good position to sell NAC solutions.

NAC Enforcer uses Sygate Enterprise Protection 5.1 software, which offers security protection against known and unknown attacks by combining host intrusion prevention, desktop firewall and peripheral device control. To enable compliance-on-contact for unmanaged devices, the On-Demand Protection 2.6.1 software also integrates with the Enforcer appliance, using agentless technology that eliminates exposures from guest laptops.

On-Demand Protection creates a virtual desktop environment, offering a protected network session that includes a malicious code module to detect and eliminate programs such as keystroke loggers from capturing username and password information and screen scrapers from spying on user activity. At the end of the virtual desktop session, all Web browser data such as auto-complete, stored passwords and temporary files are erased.

Symantec Sygate Enterprise Protection 5.1 and Symantec On-Demand Protection 2.6.1 will be available in March. Pricing has not yet been determined.