Trustwave NAC is a hardware solution comprised of a management console and sensors, which are deployed throughout the network for distributed capabilities. However, the solution does have a standalone version containing both components in one appliance.
The device itself is easy to configure and deploy, and we were up and running within our test network in a short amount of time. Once the solution is configured correctly, the sensor components assess all endpoints through a dissolvable agent. The redirection to the NAC device - and any restrictions - are generally done through the network ARP (address resolution protocol) cache.
Acceptance criteria and what happens to an endpoint if it passes or fails is fairly granular. The solution can interrogate clients for the appropriate level of anti-virus, operating system patches, instant messaging application, authentication through Active Directory (AD), wired/wireless connection and other criteria. Hosts that do not pass the analysis (or users who do not have AD credentials) can be delegated to quarantine VLAN, where instructions can help an IT staff, or the user, update the appropriate components to allow full access to the network. After the initial analysis, any post-access continuous monitoring must be done through a Layer 2-tagged mirror port within the network infrastructure.
As an added feature, the Trustwave NAC components can act as a honeypot for any unused IP addresses on the network. Malicious or curious users can be redirected to a fake host that Trustwave mimics to help protect the network.
Overall, the documentation and materials for the solution are solid. Eight-hours-a-day/five-days-a-week phone and email support is available for 20 percent of the cost of the product. It is worth noting that Trustwave offers several levels of appliances depending on the number of endpoints needing protection.