9 Top Network Access Control (NAC) Solutions

Drew Robb

NAC is an effort to create order out of the chaos of connections from within and outside the organization. Personnel, customers, consultants, contractors and guests all need some level of access. In some cases, it is from within the campus and at other times access is remote. Adding to the complexity are bring your own device (BYOD) policies, the prevalence of smartphones and tablets, and the rise of the Internet of Things (IoT).

NAC was the highest IT security spending priority in eSecurity Planet’s 2019 State of IT Security survey – and is also one of the technologies users have the most confidence in.

Jump to:

Minimum capabilities

According to Gartner, the minimum capabilities of NAC are:

  • Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints
  • Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access
  • Access control so you can block, quarantine or grant varying degrees of access.
  • The ability to manage guest access
  • A profiling engine to discover, identify and monitor endpoints
  • Some method of easy integration with other security applications and components

One trend to watch is the rise of zero trust security products. These new access control tools restrict access to just the data and applications users need rather than granting them access to the entire network, reducing the risk of lateral movement within the network. The market is still new, but Gartner expects sales of these products to begin to gain traction in 2021.

Top 9 NAC solutions

Impulse SafeConnect

Impluse SafeConnect offers automatic device discovery and can support anywhere from 250 to 25,000 endpoints and up with its scalable appliance architecture. The company started in education and has expanded to government and corporate markets.

Get an in-depth look at Impulse SafeConnect

Extreme Networks ExtremeControl

ExtremeControl is popular with education, entertainment, hospitality and healthcare customers and can scale to 200,000 endpoints. It offers a rule-based architecture to automate access based on use cases.

Get an in-depth look at Extreme Networks ExtremeControl

Auconet BICS

Auconet BICS offers network monitoring, asset management and other functions in addition to NAC. It plays well in large, complex implementations, with up to 60,000 devices identified per hour with 100% device discovery and implementations of more than 500,000 ports.

Get an in-depth look at Auconet BICS

ForeScout CounterACT

CounterACT plays well in regulated environments such as defense, finance, healthcare and retail. The company boasts implementations of more than a million endpoints, and the technology can protect medical devices too.

Get an in-depth look at ForeScout CounterACT

Pulse Policy Secure

Pulse Policy Secure supports up to 50,000 concurrent users in multi-vendor environments. It offers automatic deployment and threat intelligence options.

Get an in-depth look at Pulse Policy Secure

HPE Aruba ClearPass

ClearPass is especially suited for high-volume authentication environments, offering more than 10 million authentications a day, as well as distributed environments requiring local authentication survivability across multiple geographies.

Get an in-depth look at HPE Aruba ClearPass

FortiNAC

Fortinet acquired Bradford Networks and is integrating Bradford’s Network Sentry with FortiNAC. It offers traditional NAC features as well as new capabilities tailored to the Internet of Things.

Get an in-depth look at FortiNAC

Cisco Identity Services Engine

Services Engine supports up to 500,000 concurrent sessions and 1.5 million endpoints per deployment. It offers adaptive intelligence engines, automated detection and response, and machine learning.

Get an in-depth look at Cisco Identity Services Engine

InfoExpress CyberGatekeeper

InfoExpress CyberGatekeeper automates discovery and audits devices before granting network access. It is popular with educational clients; one uses it to cover 100,000 users across 200 campuses.

Get an in-depth look at InfoExpress CyberGatekeeper

Honorable mentions

SolarWinds Access Rights Manager includes AD/Exchange/SharePoint monitoring, auditing for Windows File Share, user provisioning and permissions analysis.

Cyxtera AppGate is designed around user identity, not IP address to build a multi-dimensional profile of a user or device, authorizing users before granting access to micro-segmented networks.

Genians provides visibility of all IP-enabled devices, whether wired, wireless or virtual, ensuring they conform to enterprise security and compliance.

NetShield (formerly SnoopWall) appliances target small and midsize companies, using agentless endpoint discovery with the ability to dynamically or manually block rogue assets. Also includes malware detection.

OpenNAC Enterprise discovers all devices connected to the network, as well as profiling, segmentation, and control of access.

Portnox Core checks the operating system type of connecting devices and applies the appropriate policy to the network access point.

Product feature breakdown

top nac vendors

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Top Cybersecurity Companies

Products Drew Robb - 0
Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...
Read more

Top CASB Security Vendors for 2021

Cloud eSecurityPlanet Staff - 0
Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...
Read more

Top Endpoint Detection & Response (EDR) Solutions for 2021

Products Paul Shread - 0
Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...
Read more

Top Next-Generation Firewall (NGFW) Vendors

Products Paul Shread - 0
Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...
Read more
Previous articleXDR Emerges as a Key Next-Generation Security Tool
Next articleCheck Point vs Palo Alto: EDR Solutions Compared

Related articles

ESET Product Review

Products Kyle Guercio - 0
Antivirus solutions have long been a staple of cybersecurity practices. However, antivirus is no longer enough to protect an entire organization's infrastructure.  Some antivirus solutions...
Read more

Kasada Product Review

Products Kyle Guercio - 0
Kasada is an automated bot detection and mitigation solution designed for enterprise web applications. Its aim is to stop bots from crashing websites, automating...
Read more

Crowdstrike Firewall Management Product Review

Products Kaiti Norton - 0
Crowdstrike's Firewall Management platform is a host firewall tool that centralizes defense against malware threats. It's a module within the broader Falcon endpoint protection...
Read more

About Us

Security buying guides, product reviews, tutorials, news, and analysis for IT leaders in small, midsize, and enterprise organizations.

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.