Network Sentry is delivered through an appliance, virtual server or cloud service (for this evaluation, Bradford provided a hardware appliance). The tool monitors edge connections to a network and provisions the appropriate level of network access based on role-based security policies. Using a centralized, out-of-band architecture, the network infrastructure (switches, routers, controllers, access points) are automatically discovered, classified and inventoried. Then, each edge device that attempts to connect to the network is profiled by MAC address to identify the device type. If there is a user on the device, the user is also profiled before a network connection is provisioned. User identification and classification are achieved by integrating with technologies, such as Active Directory and Bradford Networks' Guest Management registration process.
Endpoint compliance can also be performed on the edge devices to assess the endpoint risk posture before connecting to the network. Specific attributes of the devices are checked to confirm the integrity of the configuration or existence of a mandatory endpoint security application (such as anti-virus). Varying degrees of endpoint compliance can be performed leveraging an agentless, dissolvable agent, or a persistent agent approach. Leveraging server-to-server integration, Network Sentry retrieves and maintains an inventory of all devices that have mobile device management (MDM) installed and, therefore, determines that a device should be allowed on the network. If a device attempts to connect to the network without MDM, the user/device can be routed to a captive portal where instructions for downloading and installing the MDM software can be presented to the user. Based on security policies (device type, known user, endpoint compliance, connection point, time of day), the appropriate level of access is granted to the device/user to the appropriate VLANs (confidential, secure, public, guest, quarantine) on the network. Alternate enforcement approaches are also supported, including access control lists (ACLs) on switches/routers or IP-based access for devices connecting to unmanaged hubs.
Installation requires a good understanding of network architecture and design. Bradford provides significant documentation and guidance to help with getting the system up and running. Overall, it took us about 45 minutes to go from opening the box to being fully operational. We found the written instructions sufficient to get the product up and running, but there were times when the guide seemed to move ahead of the task at hand.
However, this product is rich in features, strong in performance and so effective that within minutes of completing the installation it was possible to start creating policies without spending much time at all. In addition to the quality of the product, the support team was outstanding both in their technical and personal skills. Customer support offerings include gold assistance, Monday through Friday, 6 a.m. to 8 p.m. EST, and platinum support, 24/7.
Overall, this was a good value for the money.