We get questions from time to time about 3rd party attestation of our Network Access Control product.
Having won awards such as the fastest growing mobile company in 2014,
or crowd favourite from Mobits 2014 are a few good examples.
In most cases customers are looking for validation that the features and company providing the software/hardware have continually demonstrated alignment with market and customer requirements.
In our experience most customers will have a base set of prioritized requirements and evaluate the technology in their environment to ensure it can fulfill the requirement and meet a qualitative expectation set during web demonstrations or primary research.
Typically customers are familiar with Gartner MQ and the analysis of a market segment like Network Access Control.
The last MQ for network access control was released in December of 2014.
Over 2 years ago and has been replaced in subsequent years by the Market Guide.
Does this mean that Gartner is no longer covering the Network Access Control market?
No, far from it. Gartner has released a Market Guide for March of 2016 which summarizes their analysis of the Market Segment.
This year, we have opted to evaluate the network access control market in the form of a Market Guide as opposed to a Magic Quadrant, due to the maturity of the NAC market, the gradual decrease in market participants and the relative stability of NAC capabilities. Market Guides are a more appropriate mode of coverage for segments with these attributes.
- Gartner Market Guide for Network Access Control 2016.
For Vendors: There are two types of vendors in the Gartner Market Guide for NAC. Infrastructure and Pure-Play. IntelliGO Is a Pure-Play NAC. We make nothing but NAC for the Enterprise Market.
In the Market Guide, Gartner explains the typical priorities in selecting a NAC Vendor are mainly:
1 - Low levels of complexity of administration,
2 - Flexibility of controls,
3 - Ease of integration and
4 - Competitive product pricing.
So How Does IntelliGO Excel in These Categories?
Let's look at each of these in turn to get an understanding of the IntelliGO value proposition.
1- Level of Complexity of Administration:
IntelliGO is the only purpose built NAC to offer all features in a single platform without the need for complex integrations.
The main differentiator is that our Endpoint, Network and Identity configuration is the simplest on the market.
All components licensed on-box to provide turnkey deployments with which reduces complexity by provides:
2 - Flexibility of Controls:
In-Built Onboarding Clients/MDM: We can integrate with existing EMM or offer complimentary on-box MDM to enroll mobile clients,
certificates, workstations, servers and any other devices on the network which require a pre-configuration for 802.1X.
In-Built Agentless Onboarding: For IoT devices and systems which do not have Smart Operating systems such as printers,
thermostats or other network-enabled peripherals our agentless scanning and traffic anaylsis can identify and enroll these device types.
In-Built CA and Identity Store: Instead of having to worry about integrations with username and password
stores such as Active Directory or SAML stores like Google the inbuilt Certificate Authority can provide keys based on
those repositories to work with every device.
This helps simplify the roll-out by configuring the device, the network and the identity store without having to integrate many other systems.
Purpose Built Appliance: Installation and usage of the product is on a turnkey appliance or offered hosted.
This ensures that the deployment time is minimal as installations do not require provisioning of hardware or configuration of software.
Single Policy Engine: All policies are configured within the appliance and can read context from devices such as
OS, User, Device Hardware and Security Information without needing to read from multiple sources.
Dedicated Integration Team: Most manufacturers do not staff a dedicated infrastructure team which is used to deliver the off-box configuration requried to On-Board, Configure 1X or Push out Agents.
With our experienced Multi-Vendor ready team we can simplify deployments more than any other manufacturer.
IntelliGO has Compliance and MDM, Vulnerability Scanning and Indicator of Compromise Detection. The flexibility of policy allows with many aspects of devices, network and identity. A full range of capabilities for each includes:
Compliance/MDM: Interact with Applications, Lock and Wipe Devices, Change Passwords and Send Notifications on all popular operating systems.
3 - Ease of Integration:
Network API: Through 1X or through our networking API control all aspects of the network session including ACLs, VLANs, Port Status, QoS, URLs Filters etc.
Identity/PKI: Suspend, Revoke, Renew and Manage all aspects of the credentials include creation, expiry and restrictions on use.
IntelliGO has taken integration as the primary focus of our competitive advantage. By including Endpoint, Network and Identity configuration on-box, our implentations can focus on integrating security tools such as Endpoint Security Software, Web Filters, Firewalls, SIEM, ATD/APT monitors.
To do this we've incorportated:
Security APIs: Application Programming Interfactes to provide canned, bi-directional communication with popular SIEM, Firewalls, Endpoint Security Software and more.
4 - Competitive Product Pricing
In-Built Installers: Helps minimize integration work on Endpoints. Covers all Operating Systems from Windows, Macintosh, iOS, Android, Chromebook, Blackberry and IoT devices through Fingerprinting and Scanning.
802.1X and SSH APIs: IntelliGO can authorize devices via 802.1X over RADIUS or by controlling Switch/AP/VM via our SSH API supporting the most popular brand of OS without the need for 802.1X
IntelliGO provides scalable appliances and a single Enterprise License. This allows competitive pricing without removing functionality or penalizing customers for using High-Avaialbility.
The Market Guide also includes Recommendations for IT Security Managers when evaluating NAC products THese Are
Determine which enterprise mobility management (EMM) solutions are already installed on the network to
identify providers that have direct integration with these existing EMM solutions.
Utilize profiling features for Internet of Things (IoT) device identification to establish a continual
process for discovering these devices on the enterprise network.
Justify investment in NAC by evaluating the impact of improved visibility and control on the organization's risk exposure.
IntelliGO can help with these deliver on these recommendations by offering a Proof of Concept to help justify your investment in NAC. The Visibility and Control provided will allow many risks in finding threats, rogue devices and unauthorized use among others.
Our inbuilt EMM allows customers to get value from their mobile devices without a dedicated EMM. We also provide SCEP enrollment and API access to many popular EMMs including AirWatch, MobileIron, Blackberry and others.
IntelliGO Also recommends using all our methods of obtaining context with multiple profiling techniques including: Fingerprinting, VA Scanning, Probing and 1X Agents.
Drivers for Customers purchasing NAC:
Today, access involves the activity of a diverse population of users. Employees regularly connect to networks remotely, and consultants, contractors and other guests enter facilities and request connectivity to the enterprise's network. Many enterprises have established bring your own device (BYOD) networks, primarily wireless, to enable employees to access networks with personally owned devices. Also, there are an increasing number of IoT devices that need to be managed through NAC. An NAC solution includes these minimum capabilities:
- Gartner Market Guide for Network Access Control 2016.
Inquiries from Gartner clients indicate that their enterprises were interested in pursuing NAC for the following reasons:
Monitor/enforce BYOD: Many organizations recognize that BYOD is an unstoppable user-driven force and they should quickly
expand their support for such programs. To support a BYOD program, there is a need to automate policy enforcement based on authentication,
discovery, endpoint configuration or users' role/identity.
Improve network visibility: NAC can increase network visibility in order to reduce the risks associated with noncompliant devices and open access to enterprise network facilities.
Bidirectional integration: Integration occurs with other security components such as next-generation firewalls,
advanced threat defense (ATD), and security information and event management (SIEM) solutions,
all of which can enhance continuous monitoring. NAC vendors have positioned their solutions as "warehouses of context"
to share contextual information (for example, user ID or device type) with third-party security components
In addition, NAC can respond to ATD alerts by automatically enforcing security policies to isolate compromised endpoints.
Manage guest/contractor access: In the rush to provide connectivity to guests and contractors, many Gartner clients are overwhelmed by the number
of devices accessing their networks.
Organizations must prepare for multiple levels of access — depending on whether the user is a consultant,
contractor, employee, vendor or guest — and for times and locations that access should be available.
Regulation and audit: Enterprises may need to demonstrate control over their networks and access to
sensitive resources. Although there are no regulations that explicitly require NAC,
some auditors highlight open ports in conference rooms and common areas that enable any device to gain network access.
NAC can be used as proof that the enterprise is controlling and monitoring its network and managing the introduction of rogue devices.
For many organizations including Analyst Requirements and performing a POC can help identify the value and provide clarity on the differentiators between NAC vendors.
For a Demo and Proof of Concept, visit Click the Orange "Request Demo" Link in the footer.
CTO: IntelliGO Networks Inc.