3 Leading Network Access Control Products Reviewed
August 30, 2019
Mo Moin (2302 articles)
Share

3 Leading Network Access Control Products Reviewed

Real IT users evaluate network access control solutions: Cisco Identity Services Engine, Aruba ClearPass and ForeScout CounterACT.

network security / network traffic scanning
HYWARDS / Getty Images

If you are researching network access control (NAC) producet for your enterprise, the first step is to narrow down the field. The top-ranked vendors on IT Central Station based on user reviews are Cisco Identity Services Engine (ISE), Aruba ClearPass and ForeScout CounterACT. The reviews the downloadable PDF detail what makes these products unique in the NAC market and which is best-suited your organization.

A good way to look at these three solutions is to compare/contrast the most important features of NAC, based on reviews from enterprise tech professionals based on these four categories: visibility/ease of use, connectivity/interoperability, initial setup/deployment and support/documentation:

Visibility/Ease of Use

Cisco ISE:

  • One user explained that for device administration, all devices have multifactor authentication (MFA) in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it’s a matter of a manager who we give access to the portal and he can assign access to the guests, so it’s a very simple process now. It keeps IT focusing on their work, and gives the business people the right access.
  • A security engineer at an energy/utilities company noted that “The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there’s any malware or malicious activity going on in the network and will then isolate the device.”

Aruba ClearPass:

  • A real user says, “It has an easy to learn web GUI and command lines.”
  • Joe H., a network administrator wrote: “AirWave Dashboard heat maps could be better designed.”

ForeScout CounterACT:

  • Ricardo M., a network system administrator described how visibility is the main benefit. They now know how many devices are connected, what the use for each device is, and what kind of devices we have in our environment.
  • One consultant wrote: “Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.”
download icon insider pro green

Connectivity/Interoperability:

Cisco ISE:

  • A network engineer at a communications service provider noted: “The best feature of the Cisco ISE platform is that it is compatible with Microsoft products.”
  • Francois V., a solutions manager wrote: “There could be a bit more integration between the controller management and ISE. You have the controller dashboards along with the ISE dashboard. It would be good if there was a way to integrate them into one.”

Aruba ClearPass:

  • A user from the financial services industry stated: “More than 140 integrations are included as part of the core solution. You can integrate ClearPass to anything in your IT infrastructure at no extra cost to share contextual information: firewalls, MDM, SIEM, etc., by using built-in modules or APIs. You can request customized APIs, as well.”
  • A network architect wrote: “We used ClearPass for wireless 802.1x Authentication in a large campus deployment (more than 10,000 access points).”
  • Eliu R. responding to the Comparison of Aruba Clearpass, Bradford Networks and Forescout NACs wrote: “Non-domain devices can automatically or manually be provisioned using a guest network and dissolvable agent.”

ForeScout CounterACT:

  • Anestis M. wrote: “The most valuable features are remote access and administration scripts.”
  • A user explained that they experienced some detection issues when checking compliance for the Sophos agent.
  • A Network and Security Engineer recommends that: “It needs a direct web interface rather than installation of a client.”
  • A real user from the financial services industry noted that “ForeScout is able to interchange contextual information with third-party solutions. However, most of its contextual collaboration capabilities are available using an Extended Module option, which ForeScout charges separately for.”
  • A real user wrote that “To perform RADIUS-based network authentication, you need a “plugin” to forward the authentication requests to an external authentication server, like Microsoft NPS.”

Initial Setup/Deployment:

Cisco ISE:

  • Joe F. says, “The initial setup was complex. It took time to have a stable environment but once it stabilized, it was great. Although, we had six to seven months of an unstable system.”
  • One user reports that they had to engage an expert when rolling it out. “We had challenges and then we would have to find a way of fixing those challenges. Out of nowhere, it would lock out all users. Then we discovered that the password had expired for the service account. We needed to make it non-expiry.”
  • A security engineer at a energy/utilities company reported that “We struggled a lot to implement this solution into our network, and we opened a case a couple of times.”
  • One previous user of Cisco ISE reported that they switched to Aruba because Cisco ISE was complex. Even the deployment was not straightforward. When they had Cisco ISE, it was still in the first version 1.2. He heard people mention that version 2.2 is much more friendly, easy to deploy, and easy to use but didn’t get a chance to test that. He used Cisco ISE when it was what he would consider a very complex solution, difficult to install, and even understand. Even then, it was not meeting his requirements.

Aruba ClearPass:

  • A security automation and incident response user noted: “The initial setup was complex. The deployment was fast, but in order to tune the policy, install the agent, and do everything else, it took us around four to six months.”
  • David K., a systems technology manager says, “I would like the area of managing wired technology to be improved. Wireless is very good, but I’m still struggling a bit to do my end-to-end configurations in the wired technology area.”
  • One user noted that “Before we started using Aruba, we worked on Cisco, which has the same setup. They had the same access layer, access points, access controller and management at Cisco. We were, however, looking for a wireless solution.”

ForeScout CounterACT:

  • A network system administrator stated that “The initial setup was very easy and simple to deploy. We didn’t have problems or difficulties with the implementation.”

Support/Documentation:

Cisco ISE:

  • A network administrator at government agency states: “They need to invest more in the product. It’s a good product. They should just work on tech support. More support for the customer. It’s not that easy to get somebody to understand this product. I have had some issues with tech before for the solution. One of them brought the solution down due to some of his activity. They need to hugely invest in their tech support.”
  • Alfred P., an IT manager wrote that “It’s a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues.”

Aruba ClearPass:

  • A Wi-Fi Manager at a comms services provider noted that “Aruba’s processes must be clearer.”
  • Michael V. recommended that “It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.”
  • A Network Administrator in the K-12 education industry stated that “Instructions on adding layouts are not as clear as they could be.”
  • One user thinks that better documentation on the API would be useful.

ForeScout CounterACT:

  • A user described how references for the product are very good everywhere that you read them on the Internet.

IT Central Station’s “Network Access Control for Business Buyer’s Guide and Reviews” report identifies 17 enterprise-level network access control vendors, many of whom offer multiple solutions. Its goal is to arm you with both knowledge of each solution and first-hand experiences on how each performs in real-world environments based on reviews collected from a community of enterprise technology professionals.

Listed in alphabetical order, here are the Top 10 Network Access Control solutions identified by IT Central Station:

  • AppGate
  • Aruba ClearPass
  • Cisco ISE (Identity Services Engine)
  • Extreme Control
  • ForeScout CounterACT
  • FortiNAC
  • Impulse Point SafeConnect
  • Portnox CORE
  • Sophos Network Access Control
  • Tempered Networks

This post 3 Leading Network Access Control Products Reviewed originally appeared on CSO Online.

Read More