Video Screencast Help

What are the extra benifits I will get if I use SNAC with SEP

Created: 24 Jul 2009 • Updated: 21 May 2010 | 7 comments
This issue has been solved. See solution.

I use SEP11MR4 .

we use all the features of sep including firewall in our organization. so what extra benifits will we get if we use SNAC with SEP.

Discussion Filed Under:

Comments 7 CommentsJump to latest comment

Kedar Mohile's picture

SNAC is a Complaince Management software

  1. Set compliance standards for the Network (Host Integrity Policy)
  2. Ensure all clients comply to the set-standards (Using Enforcement methods like DHCP, LAV OR Gateway Enforcers, etc... and Remediation)

Thanks :-)

teiva-boy's picture

 Well for one you can ensure that each machine plugging into your network has a minimum level of security.

Think about it, you could ensure that the following conditions are met
AV engine enabled
AV def's less than 10 days old
Latest critical MS hotfixes installed
SP whatever for Windows is installed.

If all of the above are true, let 'em in.
If false, you can remediate and automatically get them to the right version.

The Starter edition of NAC for SEP is only a small incremental cost, I would reccommend it strongly.  I've seen it quoted at less than $10 a user.

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) "We backup data to restore, we don't backup data just to back it up."

Vikram Kumar-SAV to SEP's picture

You might be knowing more than 90% of the attacks , infections comes from within the LAN from our trusted computers.
You say they are trusted because they are employee of your compant thats it..
You configure your firewall and everything from external threats and attacks but do you exactly do to make sure your employees are doing what they are supposed to do.
What applications they are running,Do they have any AV installed or have they removed themare they on the latest patch andAV defs or they are just hiding from Administrators..

An Adminstrator wants his netowork to be completely secred and Patched up..but do the employees care aout what defintion or patch they have..they think its Admins jobto check these things..

One Un-Patched/un-secure computer is enough to bring down the whole company without compliance check.

Symantec Network Access Control helps you acheive this compliance..
eg: A Field engineer /Sales Employee has been out for a month..he has not updated his definitions or patch..he has his laptop infected with bots
Then he logins to the network  saves some files to your server including the bot..
Now the bot can control over your network..

When you have SNAC in place it wont allow an unpatched pc, old definition PC to connect to your critical servers.
First they will connect to a Remidiation VLan/Server to get these updates and become totally safe to be able to login to the network.
Think about the VPN clients who don't even come to office to connect to the to beleive they are patched up ? SNAC will do that for you..
You can control what application clients should run and what they should not..
You can do any compliance related Job to make sure the clients inside your netowork including VPN clients are the trusted ones..
It is all policy/rules based about what do you think your clients should be like and should be doing...if they don't obey they are thrown out of the netowork..
You can also do windows patch management.
SNAC is a independent product that can be integrated by SEP/SEPM..
So if you are using any 3rd party antivirus it will do the compliance check for it..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

P_K_'s picture

Organisations that deploy Symantec Network Access Control Starter Edition can experience multiple measurable benefits, including:

• Reduced propagation of malicious code such as viruses, worms, spyware and other forms of crimeware

• Lowered risk profile through increased control of unmanaged and managed endpoints accessing the corporate network

• Greater network availability and reduced disruption of services for end users

• Verifiable organisational compliance information through near real-time endpoint compliance data

• Minimised total cost of ownership based on an enterprise- class centralised management architecture

• Verification that endpoint security investments such as Symantec AntiVirus™ and the client firewall are properly enabled

• Integrates seamlessly with Symantec™ Endpoint Protection

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

bjohn's picture

Doesn't MS offer free NAC starting with Win 2008?

What makes Symantec's version of NAC so special?

Bekir's picture

addition to those above:

It provides basic user management. You're at the command prompt of all clients, you can run scripts (cmd, vbs, powershell), collect information, get the juice out of your network

you imagine ! :)

Best regards,
Bekir Burak Durmaz