Home > Information Security Magazine > Hot Pick & Product Reviews > IDP/Network Access Control
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

IDP/Network Access Control
Issue: Aug 2006
printer-friendly

IDP/NETWORK ACCESS CONTROL


CounterACT
ForeScout Technologies
Price: $13,995 for base CT100 appliance with IPS functionality; additional $9,995 for integrated NAC module

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]

[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

The idea behind CounterACT is de-scribed in its name: Find an intrusion that you can counter, and then act to do something about it. CounterACT provides layered security by combining intrusion prevention and agentless network access control.

Configuration/Management B
Getting the CounterACT appliance up and running mostly consists of plugging it in. You'll need three Ethernet connections: one is for management, another attaches to a span port on a switch to monitor traffic, and the third connects to an ordinary switch port to send messages and take network-based enforcement action.

The CounterACT console allows you to control virtually every aspect of the appliance's operation, including telling it what to look for on your network, what to ignore, the levels you want to reach before the appliance decides you have a problem, and to make the system settings. The easy-to-use GUI consists of drop-down lists, check boxes and radio buttons--not particularly sexy, but it does the job.

Effectiveness A
During testing, CounterACT was able to find and identify everything on the network and follow the rules we set, including bl...



ocking where instructed. Because you can key network access control to the intrusion prevention features, the machine can operate on its own once you set and test the rules. It doesn't matter if someone starts sending out worms at 2 a.m.--CounterACT will handle the problem and report back. In our lab, the appliance watched efforts by a simulated worm and then shut it down.

Likewise, it can determine how well users meet other policy requirements, such as update levels and virus definition dates, and put them in network-based quarantine until they are compliant.

Policy Control B
CounterACT uses predefined rules and your network policies to alert the user and/or the manager, and to take action, such as sending noncompliant users to a remediation page. CounterACT can enforce security policies, such as blocking a connection if a user is in violation.

The policy controls have a lot of flexibility. For example, most organizations don't allow users to add their own network segments, wireless access points or external routers.

With CounterACT, you can spot such unauthorized additions to your network and shut them down. During our testing, CounterACT immediately spotted access points that were outside the portion of the test network being managed and flagged them.

You can define virtually anything on your network that you want to monitor. The device will watch for suspected worm traffic, monitor for prohibited activities such as peer-to-peer sharing software, and let you know when any event you designate takes place on your network.

Reporting B
CounterACT can be set up to report anything. The appliance constantly collects a database of events and can report on them in a variety of formats. In addition, CounterACT can alert you immediately with reports on infected sources on your network, and it can alert users when they don't meet your policy requirements.

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
More information from SearchSecurity.com

Learn tactics for deploying endpoint security in this lesson from Identity and Access Management Security School.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

CounterACT's regulatory compliance feature can correlate employee and event information, and provide reports on what happened on your network, when it happened and who did it. And, CounterACT can provide a variety of real-time event reports using SNMP, syslog, OPSEC and SESA.

Verdict
CounterACT provides a lot of bang for the buck. It's flexible and easy to use, providing intrusion detection/ prevention and network access controls.

--Wayne Rash


Testing methodology: The test network included managed and unmanaged switches; Windows, Linux and Novell servers; a complete VoIP system and voice gateway; and an Internet gateway. Wireless APs were introduced to test for rogues. We tested custom policies and detected worm simulations.





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts