| SC MAGAZINE - Industry
innovators |
DEC 2007 |
| Peter
Stephenson |
| |
Access Control
|
|
|
|
Access control is among the most multidimensional
of classifications. Network access control (NAC) is a
very hot topic at the moment. We looked at NAC as well
as its siblings — biometrics, credential management,identity
management and multifactor authentication. These classifications
were interesting from a number of perspectives. First,
there is a trend toward building extensible architectures
with snap-in modules. All of these products need to work
in environments from small to very large. Another perspective
is technology. Our selections cover the spectrum from
a deep focus on cutting-edge technology to more of a
focus on solid functionality. Finally, we envisioned
our products all working together in a single enterprise.
Was there overlapping functionality? Welcome to the first
SC Labs dream security architecture.
|
|
|
|
Bradford Networks
|
|
If you are trying to log into a network protected by
Bradford Networks’ NAC Director, you’ll
have an agent on your computer or you won’t login.
If you have an agent, you’ll be sent exactly
where policy allows you to go and nowhere else. If
you are a visitor, you’ll have a dissolvable
agent uploaded and installed on your computer automatically,
and when you are finished it will clean up after itself
and disappear as if it was never there. All that will
happen without any human intervention from the organization.
|
We looked at NAC Director this year and
we were impressed with its creative approach to protecting
the enterprise. When we asked Bradford visionaries what made
them innovators the answer was “wireless.” Wireless
networks will soon outnumber wired networks by 10 to one, according
to Bradford. Wireless networks stress NAC systems because of
the nearly ad hoc nature of wireless. That means that NAC products
in a wireless environment are challenged to be highly scalable.
This is one place that Bradford Networks has staked a claim.
The second area is anticipating the future.
To do that Bradford relies heavily on customer feedback and
NAC Director’s ability to leverage existing network resources.
An important result of that is that NAC Director leverages
existing and coming technology rather than attempting to build
that technology into the system. For example, rather than duplicate
functionality that is available in Microsoft Vista, Bradford
simply hooks into that technology. This allows them to focus
on what they do best, which is not building operating systems.
NAC Director also uses an out-of-band technology
reducing the choke point of an in-line system without sacrificing
performance. The core of the technology is the self-evolving
policy engine, which takes advantage of policy decisions made
elsewhere on the network based on data from network assets,
such as an IDS. Bradford calls that “leveraging the network.”
The future strategy of Bradford is to continue
evolving the policy engine’s smart capabilities. Tactically,
NAC Director pushes access control policy enforcement to the
edge of the enterprise where it belongs. Strategically, NAC
Director leverages the assets on the network to keep pace with
the unique security architecture of each individual enterprise.
What it does:
Agent-based network access control policy manager that functions
out-of-band
Cost:
Starting at $6,495
Innovation
Out-of-band agent based access control policy management
engine that leverages existing network assets to evolve policy
automatically
What we liked
Ease of use and management, vision for the future, number
of network devices supported
|
