Insightix adds post-admission checks to NAC device

Insightix secretive about new network access control technology

Insightix is introducing a new version of its network access control software that checks devices for appropriate security postures before they are allowed onto corporate networks.

Insightix NAC 3.0 first scans devices in a pre-admission stage for such things as domain names, DNS names, IP addresses and MAC addresses. Then, during a new admission stage, Insightix NAC checks Windows devices for compliance with rules such as what network services are running, what operating systems are installed, what service packs are in place and whether anti-virus software is running.

If a machine flunks the pre-admission stage it can be denied any access to the network, and if it flunks in the admission stage, it can be isolated in a silo where it cannot connect to other devices and other devices cannot connect to it. It can be directed to servers where it can download whatever software it lacks to meet compliance.

In a new post-admission stage, Insightix 3.0 monitors whether the properties of devices that have network access change over time. When they change, Insightix 3.0 denies them access.

This new software release adds to Insightix's platform some basic elements of what is generally called NAC. These include endpoint checking - what Insightix calls the admission stage - and quarantining devices that fail to meet network security policies - what Insightix calls siloing.

Insightix's post-admission stage is what other vendors call post-admission NAC, which is making sure devices don't behave badly after they are admitted to the network.

Cisco, Microsoft, members of the Trusted Computing Group and others are working on or already delivering products that supply some or all of these elements. Other vendors sell gear that add just one element.

Insightix performs its functions without using software clients or agents on each machine that it checks. It also requires no modification of network switches to enforce access. Other vendors, such as Cisco and Juniper, require that some of their hardware be part of the network infrastructure to act as enforcement points.

Insightix won't say how its silo technology works, saying it doesn't want to jeopardize its bid to patent the technology.

Join the newsletter!

Error: Please check your email address.

More about ACTCiscoInsightixJuniper NetworksMicrosoft

Show Comments

Market Place