Network Access Controller (NAC)

as a Service

Stratejm is an MSSP Partner of Fortinet (www.fortinet.com). Stratejm has integrated the FortiNAC solution to provide an out-of-band “overlay” approach to providing visibility and control to what is connected to the managed network infrastructure. By using the real-time data from the switches, routers, controllers, or access points within the network Sentry can identify, and classify each and every device connecting. Network Sentry can be deployed using an “802.1x like” functionality, negating the need to manage supplicants, RADIUS services, infrastructure upgrades and significant configurations.

The ability to detect and assert network segmentation immediate on connection ensures isolation or role- based network policy limits or permits as expected. Wired switches can leverage Mac-Notification traps as a real time notice of a host connecting or disconnecting. Wireless solutions can support Mac-Authentication or 802.1x process with response mechanisms providing VSA attributes to isolation, or segment hosts as needed. VPN solution also use a RADIUS based mechanism to enforce hosts to restricted access groups, that may limit or permit control, again based on.

Network Sentry offers a policy-based security automation and orchestration platform that enables discovery of every endpoint and network infrastructure device, provides contextual awareness for implementing dynamic network access control, and the ability to contain a cyber breach through automated threat response. By automating the complex threat triage process and rapidly responding to security alerts, Network Sentry minimizes the risk of unauthorized access to corporate assets and intellectual property, protects the brand, and reduces the impact, time, and costs of containing cyber threats.

The architectural flexibility of Network Sentry enables the solution to be deployed as a hardware appliance, a virtual appliance, or a cloud service — ensuring that Network Sentry adapts to the unique needs of any network environment.

Some of the key feature and benefits of Network Sentry are:

Visibility

  • Continuous view of all endpoint devices on the network – Reduce attack surface with knowledge of known and unknown endpoint devices
  • Discovery of all network infrastructure devices – Detect and prevent risky network infrastructure changes
  • Automated guest management – Enable self-registration to shift workload from IT staff

Controls

  • Monitor security posture of each endpoint device – Enforce compliance with corporate and regulatory mandates
  • Dynamic configuration using “EasyConnect” – On-board thousands of endpoint devices concurrently
  • Role-based dynamic network access control – Enable logical network segmentation to control access to sensitive data

Response

  • Correlate and prioritize security events – Rapid triage of security events to generate actionable alerts and enforce endpoint containment
  • Policy-based Automated Threat Response – Reduce containment time from days to seconds
  • Built-in analytics – Accelerate forensics effort by analyzing historical data tied to a security event

How it works?

Using a centralized and highly scalable architecture, Network Sentry leverages the built-in commands of network switches, routers and access points to establish a Live Inventory of Network Connections and enforce control over network access. It seamlessly integrates with authentication technologies such as 802.1X, RADIUS, and Active Directory to automatically determine if a device is corporate issued or employee owned, and the appropriate level of network access for the user of that device.

The flexibility of the architecture enables the solution to be deployed as a hardware appliance, a virtual appliance, or a cloud service — ensuring that Network Sentry adapts to the unique needs of any network environment.

Collecting Asset Information
  • Poll operations allow Network Sentry to periodically query network infrastructure to determine devices that have connected, or that have been disconnected
  • Leveraging Mac-Notification or Link State Traps, Network Sentry can be alerted to the addition, or removal of devices to the network.
  • Through third party “trust point” integrations, Network Sentry can identify, and use classifications defined by systems such as IPAM, MDM, Inventory Control systems
  • Device profiling can leverage methods such as DHCP fingerprinting, Active Scan operations, open TCP/UDP ports, Mac OUI, VLAN, SSH, Telnet, SNMP, location, and passive scan options.
  • Through Active Directory integration, Network Sentry can leverage passive registration and scan options to identify hosts, and users connecting to the network through a domain join.
  • Distribution of a persistent agent
  • Captive Portal
Integrations

Network Sentry minimizes the risk of unauthorized access to corporate assets and intellectual property, protects the brand, and reduces the impact, time, and costs of containing cyber threats. To make it cost-effective, Network Sentry delivers this functionality by integrating with leading third-party networking, security, directory and mobility products using its underlying SmartEdge Platform. This open platform provides a REST-based Application Programming Interface (API) that enables bi-directional communication to and from Network Sentry to extend visibility, control and response to the edge of the enterprise network.

Collecting Configuration Information

Network Sentry can leverage scan policy to identify operating system, OS version, patch detail, hostname, adapter(s) associated to host, application inventory, Antivirus and Antispyware operational, and current definition status, Domain membership, certificate validation, and custom scan operations including running process(es), services, registry key value, file presence, etc.

Asset Classification

Using Adapter, Host, User, or Application detail, with wildcarding capability administrators can create User/Host profiles as granular as required to assert network access, endpoint compliance, or authentication policy.

Asset Responsibility Mapping

Network Sentry can leverage single sign on operations, or captive portal functions to directly associate the user that has possession of a host or has logged into a host. Such association can be further leveraged to deliver appropriate network access or endpoint compliance validation.

Newly provisioned devices can be added to the network within 15 Minutes after opening a ticket.