Hello,
SNAC is a Compliance Management software
- Set compliance standards for the Network (Host Integrity Policy)
- Ensure all clients comply to the set-standards (Using Enforcement methods like DHCP OR Gateway Enforcers, etc... and Remediation)
Organizations that deploy Symantec Network Access Control Starter Edition can experience multiple measurable benefits, including:
• Reduced propagation of malicious code such as viruses, worms, spyware and other forms of crimeware
• Lowered risk profile through increased control of unmanaged and managed endpoints accessing the corporate network
• Greater network availability and reduced disruption of services for end users
• Verifiable organizational compliance information through near real-time endpoint compliance data
• Minimized total cost of ownership based on an enterprise- class centralized management architecture
• Verification that endpoint security investments such as Symantec AntiVirus™ and the client firewall are properly enabled
• Integrates seamlessly with Symantec™ Endpoint Protection
To explain more in detail:
You might be knowing more than 90% of the attacks, infections comes from within the LAN from our trusted computers.
You say they are trusted because they are employee of your company .. that's it..
You configure your firewall and everything from external threats and attacks but do you exactly do to make sure your employees are doing what they are supposed to do.
What applications they are running, do they have any AV installed or have they removed them are they on the latest patch and AV definitions or they are just hiding from Administrators..
An Administrator wants his network to be completely secured and Patched up..but do the employees care out what definition or patch they have..they think its Admins job to check these things..
One un-Patched/un-secure computer is enough to bring down the whole company without compliance check.
Symantec Network Access Control helps you achieve this compliance..
Eg: A Field engineer /Sales Employee has been out for a month..he has not updated his definitions or patch..he has his laptop infected with bots
Then he logins to the network saves some files to your server including the bot..
Now the bot can control over your network..
When you have SNAC in place it won't allow an unpatched PC, old definition PC to connect to your critical servers.
First they will connect to a Remediation VLan/Server to get these updates and become totally safe to be able to login to the network.
Think about the VPN clients who don't even come to office to connect to the LAN..how to believe they are patched up ? SNAC will do that for you..
You can control what application clients should run and what they should not..
You can do any compliance related Job to make sure the clients inside your network including VPN clients are the trusted ones..
It is all policy/rules based about what do you think your clients should be like and should be doing...if they don't obey they are thrown out of the network..
You can also do windows patch management.
SNAC is a independent product that can be integrated by SEP/SEPM..
So if you are using any 3rd party antivirus it will do the compliance check for it..
Addition to those above:
It provides basic user management. You're at the command prompt of all clients, you can run scripts (cmd, vbs, powershell), collect information, get the juice out of your network.
Check these Articles:
SEP and SNAC - An Unbeatable Combination
https://www-secure.symantec.com/connect/articles/sep-and-snac-unbeatable-combination
Supported virus protection applications in a SNAC Host Integrity policy
http://www.symantec.com/docs/TECH162768
Symantec Endpoint Protection and Symantec Network Access Control 12.1.2 Installation and Administration Guide
https://www-secure.symantec.com/connect/downloads/downloadable-guides-reference-symantec-endpoint-protection-121-ru2
Hope that helps!!