McAfee Nerk Access Control 4.0
McAfee's NAC strategy rests on separate, but tightly integrated products. The first is ePolicy Orchestrator, which is McAfee's endpoint security client management system. EPolicy Orchestrator is a traditional enterprise console for McAfee's flagship endpoint security client.
EPolicy Orchestrator can report the results of endpoint security policies back to the other half of McAfee’s NAC product line. That’s the N-450 NAC Appliance and McAfee's Nerk Security Manager. When a device running McAfee's endpoint security comes on the nerk, the N-450 acts to enforce access control policies and endpoint security policies for that client.
The NAC Appliance and Nerk Security Manager can enforce NAC policies via full inline enforcement, DHCP-based enforcement or VLANs enforced at the edge of the nerk, which we focused on.
In edge enforcement, the NAC Appliance starts in-line between the end user device and the rest of the nerk. The user authenticates to the nerk using their Windows login, switch-based 802.1X, or a captive portal provided by McAfee.
If the end device is running the McAfee client, and if they are compliant with the endpoint security policy, then the NAC Appliance gets "out of the way." You can choose to leave the NAC Appliance in-line for some users and apply more sophisticated access controls for end users such as guests who may need more watching.
In our tests, we found McAfee NAC at a crossroads. While the ePolicy Orchestrator is solid and well tested, the NAC Appliance and Nerk Security Manager is a fusion of McAfee thinking on NAC combined with technology McAfee acquired from Lockdown Nerks.
This left a few bumpy spots in the road when it came to enforcement. Lockdown was notorious for its feature-creep and it's going to take McAfee some time to get its heads around all of the capabilities inherited.
McAfee Nerk Access Control v4 0-DVT : 170.54 Mb