NetBeat Network Access Control

Overview

NetBeat NAC is a next generation network access control (NAC) solution that lets you gain visibility and control over your networks by automatically blocking untrusted devices that should not be gaining access.

Many companies today are focusing on securing their organization from threats that exist outside the perimeter of their network by using firewalls and IDS/IPS systems. But most of today’s threats are not entering the organization through the firewall, but through malware-infected devices behind the firewall. In order to strike at the root cause of this, you need a network access control solution that blocks unwanted devices from accessing your network.

The problem with traditional NACs is that they were complex, costly, and not flexible enough to work within your existing network. Not anymore.

NetBeat NAC is the next-generation solution to comprehensive access control that is simple to deploy and manage. No agents or changes to network infrastructure; it could simply be taken out of the box and blocking untrusted devices within a few minutes.

In order for security to be practiced, it must be practical.

Mid-sized companies across all industries can depend on NetBeat NAC to defend their networks against untrusted or unwanted devices in three simple steps:

Step 1: Build your trust list through automatic discovery or via CSV import.

Step 2: Enable blocking of devices outside of trust list. Or set up custom alerts to see when new devices attach to your network.

Step 3: Sit back and relax, knowing that NetBeat NAC has you covered against rogue or malicious devices.

Beyond this core NAC functionality, NetBeat NAC appliances can enumerate vulnerabilities present on the devices accessing your network in a non-intrusive way similar to how hackers would, so that you can be proactive about remediating vulnerabilities. Appliances are also equipped with a malware detection feature designed to identify outbound "command and control" traffic destined toward known malware sites, and this is integrated with the blocking engine to provide millisecond response time to contain this type of malware threats.

NetBeat NAC in Action - Automatically discover and block untrusted devices

Click to Enlarge Click to Enlarge Click to Enlarge

 

Benefits

NetBeat NAC is a cost effective, easy to deploy, and easy to use Network Access Control solution for mid-sized companies.

Benefits

  • Effectively manage BYOD by securing your corporate network from unknown devices
  • Minimize breaches by blocking any unknown device on your network
  • Know exactly who and what is on your network at all times to meet or maintain compliance
  • Easy to install and provision - can be setup in minutes
  • Management branch locations remotely without needing IT staff on-site

Features

  • Real-time asset identification and classification
  • Automatically deny access to any IP - both wired and wireless - that is trying to attach to your network
  • Compliance reporting for PCI, HIPAA, GLBA, SOX
  • Command Center allows you to manage remote sites from one location

Capabilities

Click to EnlargeIn addition to blocking untrusted devices, the NetBeat NAC appliances proactively scan assets for common vulnerabilities and exposures (CVEs) on a regular basis to help you proactively manage your security posture. As a third layer of defense, the appliance integrates its malware behavior detection engine with the blocking engine so that asset blocking can be automatically triggered if evidence of malware traffic is detected via a port mirror from the core switch.

Asset discovery, analysis, and control
NetBeat NAC appliances are designed to protect your network from threats originating on the inside. Unauthorized devices connected to your network make your organization vulnerable to malware behavior, viruses, and data theft. NetBeat NAC appliances detect, alert, and block unauthorized devices from connecting to your network.

Vulnerability assessment
NetBeat NAC vulnerability scanner helps you identify the most urgent patches needed to harden your network against attack. After you run scans, detailed reports alert you if an attached device has a problem, or you can simply block an asset if it fails a vulnerability scan. These are very helpful in complying with requirements mandated by HIPAA/HITECH, PCI, GLBA, PSN, ISO and other security standards.

Zero-day malware protection
Quarantine or block malware-infested PCs—even zero-day malware that would otherwise go unchecked by standard virus-protection software. Or NetBeat NAC can simply issue an alert and you can decide how to proceed with remediation.

Subscription services
NetBeat NAC cloud-based subscription service allows you to gain access to zero-day malware heuristic updates, CVE tests, asset fingerprint signatures, and firmware updates several times per day to keep you continually protected in real-time.

The Command Center comes with all Enterprise appliances and allows you to manage branch or remote locations efficiently.

Specifications

The NetBeat NAC Nano units are small, portable, low-heat, low-power, wall mountable, while the NetBeat NAC Branch and Enterprise Appliances are 1U Rackable hardware, all running the EasyNAC® software technology on hardened Linux operating systems. The technical specifications for all NetBeat NAC models are listed below.

  NANO 25 and 100 Branch Pro Enterprise 10 Enterprise 100 Enterprise 250
Form Factor Mini-ITX wall mount 1U Rackmount 1U Rackmount 1U Rackmount 1U Rackmount
*Protected Nodes 25 or 100 500 1000 1500 2000
Setup Time 15 minutes 30 minutes under an hour 1-4 hours 4-8 hours
Storage for Logs 150 GB 250 GB 1000 GB 1000 GB 1000GB (1 TB)
802.1q Tagged VLANS 10 VLANs 20 VLANs 40 VLANs 60 VLANs 80 VLANs
Ethernet Ports 2 2 4 6 8
Agentless Active Directory (AD) Support YES YES YES YES YES
Agentless NAC YES YES YES YES YES
Agentless CVE (r) Audits YES YES YES YES YES
Agentless Malware Blocking YES YES YES YES YES
Auto Device Discovery YES YES YES YES YES
Inventory Alerting YES YES YES YES YES
MAC Spoof Detection YES YES YES YES YES
MAC & IP Spoof Block YES YES YES YES YES
Multiple User Logins YES YES YES YES YES
Workflow Engine YES YES YES YES YES
Compliance Reports YES YES YES YES YES
Command Center NO NO YES YES YES
Controllable Units N/A N/A up to 10 remote up to 100 remote up to 250 remote
Manageable YES YES YES YES YES

 

Deployment

The NetBeat NAC appliances can be taken out of the box and begin blocking assets within minutes. NetBeat NAC was built to be practical; making setup and use simple and efficient. Follow these steps and you’re on your way to a secure network.

Click to Enlarge

NetBeat NAC Setup

  1. Pull the NAC out of the box.
  2. Plug it in – NetBeat NAC does NOT need to sit inline of network traffic.
  3. Setup in minutes – You do not need to make any changes to your network infrastructure or install agents on your endpoints. Simply build your trust list through automatic discovery and enable blocking of devices that are outside of your trust list.
  4. Enjoy a secure network with NetBeat NAC.

Case Studies

NAC Case Study: Healthcare NAC Case Study: Government

Documentation

Because the NetBeat NAC User Guide contains proprietary information, it can be found within the Help menu on your NetBeat NAC appliance.

If you have a question for NetBeat NAC support, please fill out the support form.

Frequently Asked Questions

 

1. What makes NetBeat NAC different from other NAC appliances?

Traditional Network Access Control solutions have historically been a nightmare to deploy, because they have depended upon one of the following actions:

In-line solutions: Re-architecting the network by placing the access control solution in-line with all network traffic, which administrators hesitate to do because of the potential of catastrophic downtime and the introduction of a new choke point into the network;

Integrated solutions: Extensive integration with existing network infrastructure equipment like switches, RADIUS servers, and firewalls, which is time-consuming and likely not to work with all equipment in heterogeneous networks;

Agent-based solutions: Using credentialed access to endpoints or agents to be installed on endpoints, which means that only certain endpoints can be supported (e.g., windows devices, etc.), and this is also time consuming.

These options strain IT resources and budgets today—particularly in the mid-market, and are therefore impractical for effective management of BYOD. Here the solution must be both universally applicable to all devices on the network, as well as seamless to deploy and manage. NetBeat NAC solves all of the above actions by meeting the following requirements: NetBeat NAC is not in line of network traffic; NetBeat NAC does not require any change to network infrastructure; and NetBeat NAC is completely agentless.

2. How are you able to block/quarantine devices without having credentials to any machines, or agents installed, or being in-line to network traffic?

NetBeat NAC has been developed with a low-bandwidth denial-of-service (DoS) method that we can target at any IP device inside your network. Agents or credentials are not necessary and makes installation simple and fast.

3. What if an attacker spoofs his MAC address, can he circumvent detection and blocking methods?

NetBeat NAC has a MAC Spoof protection feature to mitigate these threats.

4. How does the malware detection work?

We scan for real-time malware traffic back to known malware sites. Our database is synchronized multiple times a day to protect networks against zero-day threats. Because it can be integrated with the blocking engine, threats can be blocked within 10 milliseconds of detection versus just receiving an alert.

5. Can the NetBeat NAC control remote sites or branch locations?

Yes, a Command Center is included in all Enterprise level appliances.

6. We have a very mixed network – some Cisco, Windows, Apple, VoIP phones, HP printers, Android, Blackberry, Symbian, Linux… can NetBeat NAC work to protect these types of devices?

Yes, the NetBeat NAC appliances protect all devices with any operating system, both wired and wireless.

Contact Information

Main Phone:  (443) 733-1900
Fax: (443) 733-1901
Email: info@hexiscyber.com

Corporate Headquarters
7740 Milestone Parkway
Suite 400
Hanover, MD 21076
Open in Google Maps

Silicon Valley
2800 Campus Drive
Suite 150
San Mateo, CA 94403
Phone: (650) 830-0484

Hexis Development Center
9693 Gerwig Lane, Suite O
Columbia, MD 21046
Phone: (443) 766-1550
Open in Google Maps

EMEA Headquarters
107-111 Fleet Street
London
EC4A 2AB
United Kingdom
Phone: +44 (0)203 755 3584

DACH HQ
Nördliche Münchner Straße 14 A
Grünwald
D-82031
Germany
Phone: +49 89 909015210

 

 

KeyW

Follow Us

Twitter icon
LinkedIn icon
YouTube icon

Copyright 2014  - Hexis Cyber Solutions a KEYW company - Site Map | Terms of Use / Privacy Policy  Back to Top

Back to Top