Datasheet
Data Sheet: Endpoint Security
Symantec™ Network Access Control Starter Edition
Confidence in a connected world.
Page 3 of 5
to fit the most demanding environments, the policy
manager provides granular control to all administrative
tasks in a high-availability architecture.
Endpoint evaluation
Symantec Network Access Control Starter Edition
protects the network from malicious code and also
verifies that endpoints connecting to the network are
configured properly so they are protected from online
attacks. Regardless of the goal, the process begins with
evaluating the endpoint. While the common minimum
requirements for allowing network access include
checking for antivirus, antispyware, and installed
patches, most organizations quickly expand well beyond
these minimums after the initial network access control
deployment.
Symantec Network Access Control Starter Edition offers
persistent agent–based evaluation technology when
determining endpoint compliance. Corporate-owned and
other managed systems use an administrator-installed
agent to determine compliance status. It checks
antivirus, antispyware, and installed patches as well as
complex system status characteristics such as registry
entries, running processes, and file attributes.
Persistent agents provide the most in-depth, accurate,
and reliable system compliance information while
offering the most flexible remediation and repair
functionality of assessment options.
Enforcement
Symantec Network Access Control Starter Edition allows
you to select between gateway-based enforcement and
host-based enforcement:
•
Gateway Enforcer is an in-line enforcement device
used at network choke points. It controls the flow of
traffic through the device based upon policy
compliance of remote endpoints. Whether the choke
point is at perimeter network connection points, such
as WAN links or VPNs, or on internal segments
accessing critical business systems, Gateway Enforcer
efficiently provides controlled access to resources and
remediation services.
•
Microsoft® Network Access Protection (NAP)
Enforcer augments NAP’s native capabilities by
providing more comprehensive compliance-checking
options and adds custom compliance checks.
Organizations can deploy NAP quickly and easily
through the unified architecture and simplified user
interface provided by Symantec Network Access
Control.
•
Self-Enforcement leverages the host-based firewall
capabilities within the Symantec Protection Agent to
adjust local agent policies according to endpoint
compliance status. This allows administrators to
control access to any network, on or off the corporate
network, for devices such as laptops that routinely
move between multiple networks.
•
Peer-to-Peer Enforcement ensures that
client-to-client communication can only occur between
endpoints that are owned and managed by the
organization and between endpoints that are
compliant with defined endpoint security policies.