BSA Network Access Control is an easily deployed Network Access
Control (NAC) product that provides a powerful, comprehensive, and
cost-effective way to control access to the enterprise network, in
real-time. It enables authorizing, authenticating, and evaluating
devices and users prior to allowing them access to the
network.
The complex and dynamic nature of enterprise networks and the
adoption of new IT technologies, such as virtualization, present an
enormous challenge for IT managers. Statistically, an additional
20% to 50% of devices reside on enterprise networks without the
organization’s knowledge. This uncertainty severely undermines
the security of the network as security measures are only partially
applied. One cannot defend against or manage devices whose
existence is unknown.
In order to effectively and successfully deploy and enable access
controls against all devices residing on the enterprise network,
regardless of their respective capabilities, it is essential to
classify devices. For example, knowing whether or not they are
capable of user-based authentication (e.g., printer, wireless
access points, VoIP phones). The classification determines which
verification actions (authorization, authentication, posture
evaluation) are to be applied against devices and users accessing
the enterprise network before granting them network access.
As part of the Insightix BSA solution suite, the BSA Network Access
Control utilizes BSA Visibility to build and maintain, in
real-time, a complete and accurate inventory of ALL devices
operating on the enterprise network. BSA Visibility enables BSA
Network Access Control to operate in real time against ALL
devices.
The meaningful network, device, and user intelligence information
provided by the unique profiling technology of BSA Visibility
enables BSA Network Access Control to select the appropriate
verification actions that must be applied against a device as it is
being attached to the network. BSA Visibility continuously monitors
the network and its connected devices. The real-time network
intelligence built and maintained by BSA Visibility enables BSA
Access Control to detect and block spoofing attempts that are
usually directed at unmanaged devices.
Insightix’s patent-pending network access prevention technology,
used by BSA Network Access Control, does not require integration
with infrastructure components, such as switches or routers, for
quarantine and/or enforcement, thereby reducing overhead, which is
usually associated with implementing a NAC solution. Network access
is evaluated, and prevented if needed, on a device-by-device basis,
whether physical or virtual.
With minimal prerequisites and zero physical infrastructure
changes, implementing the BSA Network Access Control is easy and
fast – its configuration virtually effortless.
BSA Network Access Control is an agentless solution; it does not
require any integration with infrastructure components for
quarantine and/or enforcement, operates in heterogeneous networks,
and is vendor agnostic.
Insightix NAC utilizes agentless visibility functionality… to
create a unique NAC solution that applies real time network access
controls to everything and anything that connects to the
network.
Chris Rodriguez, Research Analyst, Frost&Sullivan
Features and Benefits
Know What You
Are Defending
As part of the Insightix BSA solution suite, the BSA Network Access
Control uses BSA Visibility to build and maintain a complete and
accurate inventory of ALL devices operating on the enterprise
network in real-time. Utilizing unique profiling technology, BSA
Visibility provides meaningful network, device and user
intelligence. The information provided by BSA Visibility enables
BSA Network Access Control to operate against ALL devices whether
capable or not of user-based authentication, managed or unmanaged,
physical or virtual.
Real-Time Operation
BSA Network Access
Control detects and applies control measures as soon as a device is
attached to the network. For example, rogue devices are detected
and blocked in real-time.
Your Network, No Changes
Insightix’s
patent-pending network access prevention technology, used by BSA
Network Access Control, does not require any integration with
infrastructure components, such as switches or routers, for
quarantine and/or enforcement. This eliminates the added costs
typically associated with implementing a NAC solution (i.e., buying
more switches). BSA Network Access Control works with your existing
network – no changes are needed.
Effortless Configuration&Setup
As implementing BSA Network Access Control does not require any
integration with infrastructure components the overhead usually
associated with implementing NAC is considerably reduced. With
minimal prerequisites, zero physical infrastructure changes,
agentless operation, implementing the BSA Network Access Control is
easy and fast, requiring almost no configuration effort.
Measuring the Effect of Turning NAC On
BSA Visibility provides vast audit information that can be used to
simulate the effect NAC would have on the network and the devices
connected to it once turned on. This enables the adjustment of key
settings prior to enabling NAC, preventing an overwhelming effect
against the devices attached to the network and its users when
turning NAC on.
Accurate Pre-Planning
The vast audit information provided by BSA Visibility allows
accurate pre-planning of the various NAC verification actions to be
applied against devices and users accessing an enterprise network.
For example, this information makes it possible to easily
distinguish unauthorized devices from legitimate devices based on
the accurate and in-depth audit information produced by BSA
Visibility – thus supporting the blocking of rogue devices in
real-time.
Gradual Implementation of NAC
The different verification stages can be either turned on or off,
configured for a hybrid operational mode of alerting and enforcing
at the same time against different groups of devices and/or users,
allowing operation against subsets of the enterprise network, and
so on.
The configuration flexibility supported by BSA Network Access
Control allows the gradual implementation of NAC against different
parts of the network in different verification stages as the
organization may seem fit. For example, BSA Network Access Control
can prevent access from unauthorized (rogue) devices, while other
verification stages may be turned on or off.
Unified Authentication for ALL Devices
The
information provided by BSA Visibility allows BSA Network Access
Control to dynamically associate appropriate roles and access
rights for ALL devices, whether or not they are capable of
user-based authentication, managed or unmanaged, physical or
virtual, based on their asset classification.
Transparent User Experience
BSA Network Access Control supports transparent authentication
thereby eliminating the need for double authentication when users
access the network.
For managed, compliant devices, the user is unaware of the NAC
process, which is completely transparent from the user's
perspective.
BSA Network Access Control is capable of redirecting the device’s
browsers to a captive portal page, which can contain information,
require authentication, and so on.What (Insightix) offers is a way
to extend NAC to 100% of the IP-enabled devices on a network,
rather
than the 70% or 80% that just happen to be PCs."
Paul Roberts, Senior Analyst, The 451 Group
