Network Access Control (NAC) Target Recommended Solution
Network Access Control (NAC) Target Recommended Solution
Network Access Control (NAC) Target Recommended Solution
Royal Commission
for Jubail and
Yanbu
Network Access Control (NAC)
Target and recommended Solutions
EA Team
Business Relationship EA Team
IT PMO IT PMO
EA Team Procurement Team
EA Team IT Service Management
Concerned IT Administration Solution Selection Team
Stakeholders Procurement Team
Sector Central
Central
3 Solution Specification
Network Access Control (NAC) to contain all in all-in-one features that streamlines security policy management and
reduces operating costs. NAC to delivers visibility and access control over users and devices across wired, wireless, and
VPN connections.
Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual
data, such as threats and vulnerabilities, with integrated technology partners. Identify network, which applications are
running, and more.
The NAC is to sets easy and flexible access rules. These rules to
be controlled from a central console that enforces them across the
Comprehensive network and security infrastructure. define policies that differentiate
NAC03 Policy Enforcement
policy enforcement between registered users and guests.
The system uses group tags that enable access control on
business rules instead of IP addresses
Incident response
Integration
Cisco ISE
Cisco ISE
Cisco is headquartered in San Jose, California. Its Identity Services Engine (ISE)
policy server is RADIUS-based, which enables Cisco to support authentication in
heterogeneous network infrastructure environments (although advanced NAC
features will require Cisco components). ISE is available in hardware appliances and
also as a virtual server. Cisco packages ISE software in several licensing options,
including a mobility-only license. Cisco customers should consider ISE, especially
when the Cisco AnyConnect endpoint client will be in use
Strengths Cautions
Cisco has a strong BYOD strategy. ISE integrates Cisco's status as a network security vendor is an
with AirWatch, Mobilelron and solutions from obstacle when it comes to partnering with other
several other EMM vendors. Version 1.3 of ISE network security vendors. For example,
supports an optional onboarding module that mainstream firewall vendors and third-party
includes a certificate authority. This feature sandboxing vendors have not yet integrated with
simplifies BYOD implementations, since enterprises pxGrid.
do not need to implement a third-party certificate
authority.
ISE includes a strong guest administration module
that is highly customizable.
ISE leverages technology that is embedded in Enterprises that are interested in implementing
Cisco network infrastructure components to provide TrustSec's role-based identity policies should
unique benefits. For example, it uses endpoint perform careful testing in a lab environment.
profiling data collected from Cisco switches and Adoption of TrustSec has been slow, as some key
wireless controllers, eliminating the need to deploy Cisco products have only recently added TrustSec
stand-alone profiling sensors. TrustSec enables support (for example, TrustSec
granular identity-based policies on many Cisco
LAN. WI-AN and firewall products.
Cisco's pxGrid initiative enables network and Support for ASA Security Appliances was added in
security solutions to coordinate the sharing of July 2014). With TrustSec deployments, network
contextual information (such as identity and teams may encounter challenges typical of early
location) through ISE. pxGrid also enables adopters of new technology.
integrated technology partners to use ISE to
execute mitigation actions in response to events.
Early pxGrid partners include Splunk, Ping Identity,
NetlQ, Tenable Network Security, Emulex and
Bayshore Networks. Some Cisco Sourcefire
products also support pxGrid.
Aruba Network
Aruba Networks
Strengths Cautions
ClearPass provides integration capabilities In multivendor networks, ClearPass customers
through the ClearPass Exchange API that have not implemented Aruba's Mobility
promoting contextual sharing integration with Controllers lose advanced functionality,
third-party security solutions. Examples include irwluding Apple AirPlay visibility and support for
SIEM, EMM and next-generation firewalls. Aruba s auto-sign-on feature.
Aruba has a strong BYOD strategy. It Gartner rarely sees ClearPass in wired LAN
integrates with AirWatch, Mobilelron and environments. ClearPass sales are driven
several other EMM solutions. primarily by Aruba wireless custorners.
The ClearPass Onboard module, which
includes a certificate authority, supports more
operating systems (seven) than any other
onboarding module in the NAC market. In
supporting Chrome OS and Ubuntu, ClearPass
is a strong option for the education vertical.
As per Gartner Magic Quadrant for Network Access Control, Cisco ISE and Aruba ClearPass was and still
in the highest level of the leader’s quadrant. Such recognition comes from the high capabilities of both
solutions and its market position after gaining the trust and adoption of professionals and positive reviews.
EA recommend Cisco ISE is an all-in-one solution that streamlines security policy management and
reduces operating costs.
Cisco ISE have wide ranges of visibility and access control over users and devices across wired, wireless,
and VPN connections.
Target Network access control (NAC) NAC solutions are rule-based Time and Entity
Gains network visibility Visibility and profiling Controls access for guests
To Enforce security policies, blocking, isolating, and To Integrates with existing security and network
To Enforce the policies for all scenarios
remediating of non-compliant devices. solutions.