“Network-based vendors tend to focus on guest users and unmanaged devices, because that’s where their strength is on the network,” said Patrick Wheeler, Symantec’s senior product manager for endpoint security.
Wheeler said Symantec has always been strong in the managed user area. He said the upgrade gives managed and unmanaged users a single product.
The upgrade allows Symantec NAC customers to centralize policy for both managed and unmanaged users and devices in one place, through Symantec Endpoint Protection Manager. Further, temporary guest client software — dissolvable Java agents — can be issued directly by the Network Access Control Enforcer appliance in gateway or DHCP mode.
Up until now, these guest features were only available in a separate product, Symantec On-Demand Protection for Web Applications. Wheeler said this is serviceable, but requires some integration and two management points.
Symantec customers can have a Web login and RADIUS or Active Directory authentication for guests, as well as a single point of policy control for both managed and unmanaged users.
In addition to guest users, Symantec NAC now supports MAC-based 802.1X authentication for undamaged devices, such as printers and UPS devices.