Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Security Readers' Choice Awards 2014: Network access control products

Readers vote on the best NAC products of 2014.

Network access control saw tremendous growth in 2013 as companies turned to these products to grapple with bring your own device security. NAC products are focused on authentication and endpoint security, yet only 31% of voters in the Readers' Choice Awards use this security technology in their organizations, according to those surveyed. Today NAC products integrate with a range of security technologies from mobile device management (MDM) to firewalls, threat intelligence and security information and event management (SIEM) systems.

The winners in this year's Network Access Control category support BYOD, heterogeneous endpoints and integration with an increasing number of technologies, including MDM. We congratulate this year's first-time honorees.

Winner: Cisco Identity Services Engine, Cisco

Innovative NAC today means addressing the mobility challenge. Cisco's Identity Services Engine (ISE) policy server answers the call by providing policy management and access control for users and endpoint devices connected to the vendor's switches and routers. The ISE platform is a RADIUS-based technology that supports wireless, wired, VPN and Cisco TrustSec services. It is available as hardware or as a virtual appliance, with three different levels of software.

Cisco's NAC Appliance (formerly Clean Access) comprises Cisco NAC Server, Cisco NAC Manager and CISCO NAC Agent. The NAC Appliance's ISE Profiler services can discover, identify and analyze identities and devices on the network in real-time. Unlike NAC products that enforce policies on individual endpoints, the Cisco NAC Appliance uses the "network as the enforcement point" and addresses authentication, authorization, policy enforcement and remediation of unauthorized users and noncompliant systems across the network, according to the company. The entry-level version of the product supports 801.2x and guest provisioning; and at the high end, the ISE can handle up to 250,000 devices concurrently.

Cisco Identity Services Engine console
The Cisco Identity Services Engine console provides administrators with visibility into authentication failures, endpoint profiles and posture compliance.

Cisco is rolling out a Platform Exchange Grid (pxGrid) designed to offer a single interface that provides visibility into security and access management on multiple vendors' systems with support for bidirectional context sharing. The pxGrid controller is provided by ISE. Partners will be able to control what information is shared or published and with which platforms. To date, the ISE provides API-level integration with several third-party vendors, including AirWatch and MobileIron in the MDM space, and HP ArcSight and Splunk Enterprise for SIEM.

The Cisco NAC Appliance and ISE combined had a larger share of the votes than any other vendor in this Readers' Choice category. Readers had high praise for the technology. It is "operating as designed and operating effectively," says one survey respondent. "Excellent service," noted another.

Winner: ClearPass Access Management System, Aruba Networks Inc.

The ClearPass Access Management System from Aruba Networks had fewer votes but those who used the product gave it high marks across the board. The RADIUS-based technology, available as hardware and virtual appliances, enables administrators to have a clear view of network devices and control over user access in multivendor environments. The technology received high ratings for its policy-based network access control, policy enforcement options and scalability.

Aruba ClearPass offers comprehensive third-party MDM via its ClearPass Exchange API. ClearPass also works with SIEM systems from vendors like Splunk and ArcSight.

Aruba ClearPass Access Management System product image
The Aruba ClearPass Access Management System enables administrators to have a clear view of network devices and control over user access in multivendor environments.

The Aruba technology eases bring your own device security, with its own built-in certificate authority. The onboarding module can also revoke certificates of devices that are missing or belong to former employees. ClearPass provides self-service features for employees, enabled onboarding of devices without the IT department, and Wi-Fi guest access through its customizable guest portal. Readers described the product as "good" and "excellent."

Send comments on this article to

Article 6 of 5

Next Steps

Which products won the best network access control last year? Compare to this year's winners to the top choices in 2013.

This was last published in November 2014

Dig Deeper on Network Access Control technologies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All