Symantec Corp. is expanding its capabilities in network access control (NAC) with new versions of its own products and by acquiring new tools from a company with which it's traded legal blows in the past.
The new functions come from a large-scale update of Symantec Network Access Control (SNAC) that is designed to let customers or integrators deploy the type of monitoring technology that's most appropriate for each device or network, according to Patrick Wheeler, senior product manager for network access security at Symantec.
The new version, which will be announced Feb. 7, includes three ways for customers to monitor specific devices:
- Persistent agents can be installed on managed devices -- laptops or PCs inside the corporate network -- to constantly monitor their compliance with network-access control policies.
- On-demand agents or network scans can check unmanaged workstations in remote offices or other less-controlled environments as they connect to higher-security parts of the network.
- Network scans can check devices such as printers, handheld devices and others that can't support an agent.
Customers or integrators can mix and match those functions according to which is most appropriate for a specific device, Wheeler said, adding flexibility to a deployment and deeper security where it's needed.
"You're limited in what you can do over the network with an uncredentialed scan," Wheeler said. "You can't do registry checks, for example. But it's a good approach for unmanaged systems to give a customer visibility over what's happening on their network."
The new version will also come with an agent for Macintosh computers as well as an updated version of Symantec's NAC appliance -- a preconfigured device that sits on a customer's network to enforce security policies. The appliance will ship later in the first half of this year.
The new NAC version can use Dynamic Host Control Protocol or 802.1x authentication and includes in-line gateway enforcement to sift the rest of a network's traffic.
Symantec's regular tiered channel pricing, bundles and volume discounts will apply to channel partners, Wheeler said.
The additions are the last of the integrations due from Symantec's 2005 acquisition of Sygate Technologies Inc., which specialized in network access control software.
Symantec announced a new acquisition yesterday as well: the $830 million purchase of systems-management software vendor Altiris Inc.
Altiris products are designed to manage a range of network endpoints, including handheld and other devices, as well as PCs and servers. The software provides lifecycle and asset management of the devices themselves, and tracks each device's service history.
The company also sells a software-virtualization product designed to make PC application deployment faster and more manageable.
Mike Rothman, president and principal analyst of Security Incite in Atlanta, said the Altiris acquisition and the acquisition of Veritas two years ago, shows Symantec is trying to move up the sales channel to compete with systems-management platform vendors such as IBM Tivoli as well as security vendors such as McAfee Inc.