The most valuable feature was the 802.1x support (port base control). Also, we used to host integrity policy, and it was really useful. We could control almost all the properties of the clien. Host integrity policy feature is part of the SEP antivirus, but if you use with NAC it is the best solution.
Improvements to My Organization
We are an IT security department, and we are facing a lot of security controls and pentests because of regulations. This solution improved our security values, and made it easy to perform security checks.
Room for Improvement
Symantec NAC is no longer sold, and it will be end of support on 2017, so we don’t expect anything.
Use of Solution
We used it for about five to six years. As I remember, we bought the system in 2007 and we used it until 2013.
We had a conflict issue between NAC agent and other agent. This was causing the operating system problems.
Customer Service and Technical Support
Symantec technical support and customer services work well. We are also working with a local support company and they are giving first level support. If they can’t solve the problem, they escalate it to Symantec, whose techs responds quickly. There is only one complaint about support. Generally first level support people are not skilled enough or competent enough, and almost 50% percent of our cases are escalated to second level support, which causes a waste of time.
We hadn’t used any NAC solution before we bought Symantec NAC. We got it because we we re using other Symantec products. SEP, smtp DLP etc. Therefore, we didn’t need to install extra agents on the client computers. Also, we reviewed their host integrity feature and we liked them, so this was also made decision buying the solution.
The initial setup was went realy easy for us. We used an NAC enforcer 6100 as a radius and so easy to install. We were using 802.1x NAC and enforcer was compatible with our edge swtiches. We didn’t face any configuration problem. Also, we have IP phone devices, and we configured 802.1x on the IP phones with Symantec NAC enforcer. We configured forwarding radius in order to made a solution other project with Cisco ACS, they worked well together. To sum up, I dare say Symantec NAC configured to be an easy and compatible device.
We implemented it through a local support company, but if you have enough technical knowledge and employees, you can implement it easily with your own team. After the implementation, we didn’t need extra support and it was managed by our team.
The investment got a return in a short time because the solution is flexible.
Pricing, Setup Cost and Licensing
When we compared Symantec and other solutions, Symantec had a good price/performance ratio, and you can use it in a different network with 802.1x, radius based and agent based etc. Symantec offer good licensing options, such as three years maintenance, which will be cost effective buying. I suggest to companies which are looking for a NAC solution that they have to evaluate this options.
Other Solutions Considered
The host integrity feature is really powerful and you can control everything such as using registry parameters. Also, another good option is 802.1x support. I think NAC solution should be implement with 802.1x, because security is beginning layer. By the way, if some of the devices don’t support 802.1x, you can use MAC authentication with Symantec NAC.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aug 23 2015