Product review: Sophos NAC is a good start

Sophos NAC Advanced combines agent-based awareness and enforcement of essential security policies for Windows end points with integration hooks to network-based control systems

By Steve Hultquist
July 03, 2008

Talkback

E-mail

Printer Friendly

Reprints

You can create profiles for the operating system (at least one of which is required for every policy), applications (including both security components such as anti-virus as well as user applications such as Internet Explorer), and patches for each of them, and assemble them into policies that outline the required OS patch level, anti-virus application and signature currency, and firewall application and settings. The policy definitions also include the resulting access available to the end point and any alerting necessary. In addition, you specify how frequently the agent on each end point will check for updates to the policy, assess and reassess the host system for compliance, and communicate with the reporting system.

The Bottom Line

Sophos NAC Advanced 3.0
Sophos, sophos.com

Good 7.2

criteria	score	weight
Manageability	7	20%

Policy Enforcement	7	20%

Scalability	7	20%

Reporting	8	15%

Setup	7	15%

Value	7	10%

Cost:
$14 per user per year for 1,000 seats (minimum) for 3 years

Platforms:
Requires Windows Server 2003 and SQL Server 2000. Agent supports Windows 98 SE, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista

Bottom Line:
Sophos NAC Advanced offers a comprehensive agent-based policy assessment and enforcement system for Windows end points, with the ability to integrate into environments that include 802.1X and RADIUS plus a long list of supported network hardware and end point security software. The system allows only white-list or black-list for non-Windows endpoints.

About our Reviews and Scoring Methodology

This combination of pre- and post-access awareness allows the end-point agent to adjust to dynamic changes in policies as well as to changes in the host system's compliance over time. You can also create profiles for custom applications, so if you require specific configurations of custom applications Sophos will allow you to alert and report on those characteristics.

Policy creation and modification is the most complex aspect of policy-based management. Current systems tend to provide detailed and therefore complex views of policies. This is the area ripest for significant improvement in manageability and a breakthrough in human interface design. The inclusion of one-button policies for typical requirements would be a good start.

Agent's-eye view
As I've emphasized in previous reviews, the reporting subsystem of a policy-based network is critical. It is the primary avenue for understanding the current state of your end points and infrastructure, and a key to the ongoing management of the entire network. The Sophos NAC Advanced system includes a comprehensive reporting system that provides both at-a-glance and in-depth reports for the knowledge that the system holds, such as overall compliance status and granular compliance reports based on application, policy, and assessment details.

The reporting system is effective, but it relies exclusively on information provided by the agents, so it has limited visibility into network activity as a component of the reports. By integrating Sophos NAC Advanced with an IDS/IPS, Sophos could extend the reach in an important direction, enabling identification of zero-day events and unexpected network activity to trigger alerting, quarantine, and administrator action. After such a discovery, hooks into an IDS/IPS could also be used to trigger a rescan by all agents to determine characteristics of the impacted systems.

Sophos has focused on providing a system that integrates with a broad range of Windows systems and an even broader range of network elements. The solution provides assessment and remediation for non-Sophos subsystems such as third-party anti-virus agents and other security components, and it integrates into standards-based environments such as 802.1x as well as more proprietary environments such as Cisco NAC.

Sophos NAC Advanced is a solid approach to protecting Windows systems in an enterprise environment. It's a good fit for organizations concerned mainly with the security status of Windows end points. With the growth of both Mac OS X and Linux in the enterprise, its current lack of support for these platforms may be an issue for those seeking to install policy-based networking. In addition, the product's focus on end points without engaging network components will leave at least some information unassessed in the process of applying and enforcing policy. Organizations aiming to gain granular control over both hosts and visibility into network traffic will need to look at integrating Sophos with network-based control systems or more network-oriented alternatives such as Cisco NAC.

Steve Hultquist is a contributing editor of the InfoWorld Test Center.

« PREVIOUS PAGE | 1 | 2

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

>> Talkback: Have your say

COMPREHENSIVE DATA PROTECTION AND DISASTER RECOVERY
Traditional backup and recovery is becoming irrelevant. You need more. Watch this InfoWorld and Dell Equallogic webcast to learn the current trends in Comprehensive Data Protection and Disaster Recovery for VMware Virtual Infrastructure. Sponsored by Dell Equallogic:

» Click here to view this Webcast

Network Security Solutions Guide
Network security is comprised of so much more than protecting just one or two PCs. And network security management can be different based on your situation. Read this Solutions Guide to find the best ways to protect your entire network, from individual PCs to network-attached storage and more. Sponsored by ISC2

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

When Content is King: Content Delivery Networks (CDNs) & You - Consumers now expect to see rich media on corporate websites. Learn how and why some businesses are turning to outside vendors...
HP ProLiant BL480c Server Blade Microsoft Exchange Server 2007 - The Exchange deployments can incorporate different server, storage and application availability features to support tiered...
Best practices for Microsoft Exchange 2007 with HP Servers - After extensive testing, we present you with configuration and performance data, best practices, and recommendations to ...
Performance and Scalability on HP ProLiant Multi-Processor Server Blades - This performance brief summarizes scalability testing of Microsof(R) Exchange Server 2007 on HP ProLiant blade servers. ...
HP Smart Array P800 Controller and HP MSA60 2,500 - This document provides information on the HP StorageWorks 60 Modular Smart Array (MSA60) direct attached storage (DAS) solution...
HP Insight Dynamics - VSE Reference Arch. for Microsoft Exchange Server 2007 - Learn more about HP Architecture Planning Tool for OCS 2007: - Further detail on the various input parameters and decision...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Product review: Sophos NAC is a good start

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - Securing the Converged Enterprise I AT&T - An AT&T Article: When Content is King AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out AT&T - Machines That Speak: The Machine-to-Machine Wireless Network AT&T - The Top 10 Best Practices for Server Virtualization Planning Rocket Gang - Jazz Meets Development in IBM Rational Team Concert Nokia - Interaction between Nokia Intrusion Prevention and Nokia Firewall Riverbed - Five Ways to Reduce IT Costs in 2009 AT&T - AT&T Article: Reinventing the Telephone with VoIP (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! AT&T - AT&T Business Continuity Survey on Risk Management AT&T - Maximizing Mobility in Communications Rackspace - The True Value of a Hosting Provider AMD - The Future is Fusion. Only from AMD. Learn more. Nokia - The Case for a Specialized Security Platform Intersystems - Develop and integrate faster with InterSystems Ensemble. AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution HP - HP Architect Planning Tools for MS Office Communications Server 2007 HP - Best Practices for Deploying Microsoft Office SharePoint Server 2007 HP - HP ProLiant BL480c Server Blade Microsoft Exchange Server 2007 HP - HP Smart Array P800 Controller and HP MSA60 2,500 Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! ISC2 - Network Security Solutions Guide		Infoblox - The Costs and Impacts of DNS and IP Address Management Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. Oracle - Nucleus Report: Who's ready for SMB? Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist TecChannel :: TecCommunity