NetBeat Network Access Control
NetBeat NAC is a next generation network access control (NAC) solution that lets you gain visibility and control over your networks by automatically blocking untrusted devices that should not be gaining access.
Many companies today are focusing on securing their organization from threats that exist outside the perimeter of their network by using firewalls and IDS/IPS systems. But most of today’s threats are not entering the organization through the firewall, but through malware-infected devices behind the firewall. In order to strike at the root cause of this, you need a network access control solution that blocks unwanted devices from accessing your network.
The problem with traditional NACs is that they were complex, costly, and not flexible enough to work within your existing network. Not anymore.
NetBeat NAC is the next-generation solution to comprehensive access control that is simple to deploy and manage. No agents or changes to network infrastructure; it could simply be taken out of the box and blocking untrusted devices within a few minutes.
In order for security to be practiced, it must be practical.
Mid-sized companies across all industries can depend on NetBeat NAC to defend their networks against untrusted or unwanted devices in three simple steps:
Step 1: Build your trust list through automatic discovery or via CSV import.
Step 2: Enable blocking of devices outside of trust list. Or set up custom alerts to see when new devices attach to your network.
Step 3: Sit back and relax, knowing that NetBeat NAC has you covered against rogue or malicious devices.
Beyond this core NAC functionality, NetBeat NAC appliances can enumerate vulnerabilities present on the devices accessing your network in a non-intrusive way similar to how hackers would, so that you can be proactive about remediating vulnerabilities. Appliances are also equipped with a malware detection feature designed to identify outbound "command and control" traffic destined toward known malware sites, and this is integrated with the blocking engine to provide millisecond response time to contain this type of malware threats.
NetBeat NAC in Action - Automatically discover and block untrusted devices
NetBeat NAC is a cost effective, easy to deploy, and easy to use Network Access Control solution for mid-sized companies.
- Effectively manage BYOD by securing your corporate network from unknown devices
- Minimize breaches by blocking any unknown device on your network
- Know exactly who and what is on your network at all times to meet or maintain compliance
- Easy to install and provision - can be setup in minutes
- Management branch locations remotely without needing IT staff on-site
- Real-time asset identification and classification
- Automatically deny access to any IP - both wired and wireless - that is trying to attach to your network
- Compliance reporting for PCI, HIPAA, GLBA, SOX
- Command Center allows you to manage remote sites from one location
In addition to blocking untrusted devices, the NetBeat NAC appliances proactively scan assets for common vulnerabilities and exposures (CVEs) on a regular basis to help you proactively manage your security posture. As a third layer of defense, the appliance integrates its malware behavior detection engine with the blocking engine so that asset blocking can be automatically triggered if evidence of malware traffic is detected via a port mirror from the core switch.
Asset discovery, analysis, and control
NetBeat NAC appliances are designed to protect your network from threats originating on the inside. Unauthorized devices connected to your network make your organization vulnerable to malware behavior, viruses, and data theft. NetBeat NAC appliances detect, alert, and block unauthorized devices from connecting to your network.
NetBeat NAC vulnerability scanner helps you identify the most urgent patches needed to harden your network against attack. After you run scans, detailed reports alert you if an attached device has a problem, or you can simply block an asset if it fails a vulnerability scan. These are very helpful in complying with requirements mandated by HIPAA/HITECH, PCI, GLBA, PSN, ISO and other security standards.
Zero-day malware protection
Quarantine or block malware-infested PCs—even zero-day malware that would otherwise go unchecked by standard virus-protection software. Or NetBeat NAC can simply issue an alert and you can decide how to proceed with remediation.
NetBeat NAC cloud-based subscription service allows you to gain access to zero-day malware heuristic updates, CVE tests, asset fingerprint signatures, and firmware updates several times per day to keep you continually protected in real-time.
The Command Center comes with all Enterprise appliances and allows you to manage branch or remote locations efficiently.
The NetBeat NAC Nano units are small, portable, low-heat, low-power, wall mountable, while the NetBeat NAC Branch and Enterprise Appliances are 1U Rackable hardware, all running the EasyNAC® software technology on hardened Linux operating systems. The technical specifications for all NetBeat NAC models are listed below.
|NANO 25 and 100||Branch Pro||Enterprise 10||Enterprise 100||Enterprise 250|
|Form Factor||Mini-ITX wall mount||1U Rackmount||1U Rackmount||1U Rackmount||1U Rackmount|
|*Protected Nodes||25 or 100||500||1000||1500||2000|
|Setup Time||15 minutes||30 minutes||under an hour||1-4 hours||4-8 hours|
|Storage for Logs||150 GB||250 GB||1000 GB||1000 GB||1000GB (1 TB)|
|802.1q Tagged VLANS||10 VLANs||20 VLANs||40 VLANs||60 VLANs||80 VLANs|
|Agentless Active Directory (AD) Support||YES||YES||YES||YES||YES|
|Agentless CVE (r) Audits||YES||YES||YES||YES||YES|
|Agentless Malware Blocking||YES||YES||YES||YES||YES|
|Auto Device Discovery||YES||YES||YES||YES||YES|
|MAC Spoof Detection||YES||YES||YES||YES||YES|
|MAC & IP Spoof Block||YES||YES||YES||YES||YES|
|Multiple User Logins||YES||YES||YES||YES||YES|
|Controllable Units||N/A||N/A||up to 10 remote||up to 100 remote||up to 250 remote|
The NetBeat NAC appliances can be taken out of the box and begin blocking assets within minutes. NetBeat NAC was built to be practical; making setup and use simple and efficient. Follow these steps and you’re on your way to a secure network.
NetBeat NAC Setup
- Pull the NAC out of the box.
- Plug it in – NetBeat NAC does NOT need to sit inline of network traffic.
- Setup in minutes – You do not need to make any changes to your network infrastructure or install agents on your endpoints. Simply build your trust list through automatic discovery and enable blocking of devices that are outside of your trust list.
- Enjoy a secure network with NetBeat NAC.
Frequently Asked Questions
1. What makes NetBeat NAC different from other NAC appliances?
Traditional Network Access Control solutions have historically been a nightmare to deploy, because they have depended upon one of the following actions:
In-line solutions: Re-architecting the network by placing the access control solution in-line with all network traffic, which administrators hesitate to do because of the potential of catastrophic downtime and the introduction of a new choke point into the network;
Integrated solutions: Extensive integration with existing network infrastructure equipment like switches, RADIUS servers, and firewalls, which is time-consuming and likely not to work with all equipment in heterogeneous networks;
Agent-based solutions: Using credentialed access to endpoints or agents to be installed on endpoints, which means that only certain endpoints can be supported (e.g., windows devices, etc.), and this is also time consuming.
These options strain IT resources and budgets today—particularly in the mid-market, and are therefore impractical for effective management of BYOD. Here the solution must be both universally applicable to all devices on the network, as well as seamless to deploy and manage. NetBeat NAC solves all of the above actions by meeting the following requirements: NetBeat NAC is not in line of network traffic; NetBeat NAC does not require any change to network infrastructure; and NetBeat NAC is completely agentless.
2. How are you able to block/quarantine devices without having credentials to any machines, or agents installed, or being in-line to network traffic?
NetBeat NAC has been developed with a low-bandwidth denial-of-service (DoS) method that we can target at any IP device inside your network. Agents or credentials are not necessary and makes installation simple and fast.
3. What if an attacker spoofs his MAC address, can he circumvent detection and blocking methods?
NetBeat NAC has a MAC Spoof protection feature to mitigate these threats.
4. How does the malware detection work?
We scan for real-time malware traffic back to known malware sites. Our database is synchronized multiple times a day to protect networks against zero-day threats. Because it can be integrated with the blocking engine, threats can be blocked within 10 milliseconds of detection versus just receiving an alert.
5. Can the NetBeat NAC control remote sites or branch locations?
Yes, a Command Center is included in all Enterprise level appliances.
6. We have a very mixed network – some Cisco, Windows, Apple, VoIP phones, HP printers, Android, Blackberry, Symbian, Linux… can NetBeat NAC work to protect these types of devices?
Yes, the NetBeat NAC appliances protect all devices with any operating system, both wired and wireless.