Symantec Network Access Control Starter Edition v.11.0

Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
Simplified endpoint enforcement
Overview
Symantec™ Network Access Control Starter Edition
makes it easy to begin implementing a network access
control solution. It offers a subset of Symantec Network
Access Control functionality that can be completely
leveraged toward a full Symantec Network Access
• Verification that endpoint security investments such
as Symantec AntiVirus™ and the client firewall are
properly enabled
• Seamless integration with Symantec™ Endpoint
Protection
Control deployment. Like Symantec Network Access
Control, it grants access only to endpoints that comply
Key features
with your defined security policies by evaluating
compliance status, providing automatic remediation,
and ensuring access is properly provisioned and
secured. The result is a network environment in which
businesses can realize significant reductions in security
incidents, increased levels of compliance with
configuration policies, and confidence that endpoint
security mechanisms are properly enabled.
Key benefits
• Reduced propagation of malicious code such as
viruses, worms, spyware, and other forms of
crimeware
• Lowered risk profile through increased control of
unmanaged and managed endpoints accessing the
corporate network
• Greater network availability and reduced disruption of
services for end users
Symantec Network Access Control Starter Edition Process
Network access control process
Network access control is a process—one that mandates
coverage for all types of endpoints and all types of
networks. It begins prior to connection to the network
and continues throughout the duration of the
connection. As with all corporate processes, policy
serves as the basis for evaluations and actions.
• Verifiable organizational compliance information
through near real-time endpoint compliance data
• Minimized total cost of ownership based on an
enterprise-class centralized management architecture
Page 1 of 5
Confidence in a connected world.
Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
The network access control process consists of four
multiple access methods; as a result, administrators
steps:
must have the flexibility to consistently apply evaluation
1. Discover and evaluate endpoints. This occurs as
and connection controls regardless of the connection
endpoints connect to the network and before they
type. As one of the most mature network access control
access resources. Through integration with the existing
solutions on the market today, Symantec Network
network infrastructure and the use of intelligent agent
Access Control Starter Edition allows network
software, network administrators can be assured that
administrators to actively enforce compliance through
new devices connecting to the network are evaluated
existing investments in network infrastructure with no
according to minimum IT policy requirements.
required network equipment upgrades.
2. Provision network access. Full network access is
Whether using one of the Symantec Network Access
granted only after systems are evaluated and
Control Gateway Enforcers that integrate directly into
determined to be in compliance with IT policy. Systems
the network or our host-based Self-Enforcement option
not in compliance, or failing to meet the minimum
requiring no network enforcers, organizations can be
security requirements for the organization, are
assured that end users and endpoints are in compliance
quarantined with limited or no access to the network.
at the point of contact to the corporate network.
3. Remediate noncompliant endpoints. Automatic
remediation of noncompliant endpoints empowers
Symantec Network Access Control architecture
administrators to quickly bring endpoints into
The Symantec Network Access Control architecture
compliance and subsequently alter network access.
includes three core components: policy management,
Administrators can either fully automate the
endpoint evaluation, and network enforcement. All three
remediation process, resulting in a fully transparent
components work together as a single solution without
process to the end user, or provide information to the
relying on external elements for functionality. If
user for manual remediation.
host-based enforcement is desired over network-based
4. Proactively monitor compliance. Because adherence
to policy is a full-time issue, Symantec Network Access
enforcement, only the policy management and endpoint
evaluation components are necessary.
Control actively monitors the compliance posture for all
Centralized policy management and reporting
endpoints on an administrator-set interval. If at any time
Paramount to the efficient operation of any solution is
the endpoint’s compliance status changes, so will the
an enterprise-class management console. The Symantec
network access privileges of the endpoint.
Endpoint Protection Manager provides a Java™
Deployable in any network
technology–based console to centrally create, deploy,
The typical corporate user connects to the network by
Page 2 of 5
manage, and report agent and Enforcer activity. Scalable
Confidence in a connected world.
Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
to fit the most demanding environments, the policy
• Gateway Enforcer is an in-line enforcement device
manager provides granular control to all administrative
used at network choke points. It controls the flow of
tasks in a high-availability architecture.
traffic through the device based upon policy
Endpoint evaluation
compliance of remote endpoints. Whether the choke
Symantec Network Access Control Starter Edition
protects the network from malicious code and also
verifies that endpoints connecting to the network are
configured properly so they are protected from online
attacks. Regardless of the goal, the process begins with
evaluating the endpoint. While the common minimum
point is at perimeter network connection points, such
as WAN links or VPNs, or on internal segments
accessing critical business systems, Gateway Enforcer
efficiently provides controlled access to resources and
remediation services.
• Microsoft® Network Access Protection (NAP)
requirements for allowing network access include
Enforcer augments NAP’s native capabilities by
checking for antivirus, antispyware, and installed
providing more comprehensive compliance-checking
patches, most organizations quickly expand well beyond
options and adds custom compliance checks.
these minimums after the initial network access control
Organizations can deploy NAP quickly and easily
deployment.
through the unified architecture and simplified user
Symantec Network Access Control Starter Edition offers
persistent agent–based evaluation technology when
determining endpoint compliance. Corporate-owned and
interface provided by Symantec Network Access
Control.
• Self-Enforcement leverages the host-based firewall
other managed systems use an administrator-installed
capabilities within the Symantec Protection Agent to
agent to determine compliance status. It checks
adjust local agent policies according to endpoint
antivirus, antispyware, and installed patches as well as
compliance status. This allows administrators to
complex system status characteristics such as registry
control access to any network, on or off the corporate
entries, running processes, and file attributes.
network, for devices such as laptops that routinely
Persistent agents provide the most in-depth, accurate,
move between multiple networks.
and reliable system compliance information while
• Peer-to-Peer Enforcement ensures that
offering the most flexible remediation and repair
client-to-client communication can only occur between
functionality of assessment options.
endpoints that are owned and managed by the
Enforcement
organization and between endpoints that are
Symantec Network Access Control Starter Edition allows
compliant with defined endpoint security policies.
you to select between gateway-based enforcement and
host-based enforcement:
Page 3 of 5
Confidence in a connected world.
Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
Support services
Minimum system requirements
Symantec provides a range of consulting, technical
Platform support
education, and support services that guide you through
Symantec Endpoint Protection Manager
the migration, deployment, and management of
Symantec Network Access Control Starter Edition and
help you realize the full value of your investment. For
organizations that want to outsource security
monitoring and management, Symantec also offers
Managed Security Services to deliver real-time security
protection.
Symantec Endpoint Protection Console
Page 4 of 5
Confidence in a connected world.
Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
Symantec Network Access Control Client
To speak with a Product Specialist outside the U.S.
For specific country offices and contact numbers, please
visit our website.
About Symantec
Symantec is a global leader in providing security,
storage, and systems management solutions to help
businesses and consumers secure and manage their
information. Headquartered in Cupertino, Calif.,
Symantec has operations in more than 40 countries.
Symantec Network Access Control Enforcer 6100
Series (optional)
More information is available at www.symantec.com.
Symantec World Headquarters
20330 Stevens Creek Blvd.
Cupertino, CA 95014 USA
+1 (408) 517 8000
1 (800) 721 3934
Symantec Network Access Control Scanner (optional)
www.symantec.com
• Microsoft Windows 2003 Server (SP1)
• Microsoft Windows 2000 Server (SP4)
• Microsoft Windows 2000 Professional
• Intel® Pentium® 4 1.8 GHz minimum
• 1 GB of RAM minimum
• 1 GB free hard disk space
• Internet Explorer® 5.5 or later
Visit Our Web Site
http://enterprise.symantec.com
Contact Us Today
Call toll-free 1 (800) 745 6054
Confidence in a connected world.
Copyright © 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
Other names may be trademarks of their respective owners.
12/08 12836808-3
Page 5 of 5