Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

In-Band NAC: Three Products You Should Know About: Page 3 of 5

On the plus side for Vernier, its management system was the only one that let us define multiple host assessment criteria and apply them to roles. ConSentry and Nevis consider host assessment a global configuration, treating all comers the same. There are numerous reasons different computers might have different assessment requirements. Vernier wrote its own host agent but uses Opswat's libraries for assessment.

Vernier's Edgewall also stands out for supporting network-based assessment capabilities using the Nessus scanner, useful in cases where an agent can't be installed. All three products analyze network traffic for malicious activity, but they vary in the types of actions they can detect. All three do anomaly detection, but only Nevis LANenforcer can find client-oriented activities, such as browser-based exploits and running of policy-sensitive applications, including IM. Vernier checks for broader network attacks, both client- and server-based.

Anomaly detection is particularly useful for spotting new worms and network scans because both leave distinct and easily detectable signatures. Sure, anomalous behavior detection can be prone to false positives, so some tuning is required. Actions, from sending an alert to quarantining the host, can be tied to anomaly detection and provide good protection against common malware.

More insidious are client-based exploits, such as, bots, spyware, worms, and Trojan activity. Nevis focuses primarily on these, while Vernier looks for both client and server problems. Detecting server exploits is useful for spotting attacks from malicious intruders. Signature policies can be enabled or disabled as needed, and both companies issue updates daily as new vulnerabilities and malware are detected, provided you maintain your service contracts.

illustration: Real World Assessment: In Band NAC
(click image for larger view)