- Network Controller
- Technical briefs
- Security one pagers
Simplify IT operations
The Network Controller simplifies the management of enterprise networks.
Context-aware network access control
With the inevitability of BYOD in enterprise environments now a foregone conclusion, implementing traditional security posture based Network Access Control (NAC) is no longer sufficient (if it ever was). Enterprises must rapidly implement context-aware access controls or be left vulnerable to an ever increasing number of advanced persistent threats.
Context-aware NAC is a method of improving the security of an enterprise network by restricting the availability of network resources to endpoint devices based on their type, location, identity, operating system as well as whether the device is employee or corporate owned.
The Network Controller provides a flexible, robust, context-aware network access control solution out-of-the-box. Devices are detected and inventoried in real-time as they attempt to connect to the network, a device profile is created or validated and appropriate network access is granted. Post access monitoring enables continuous validation of context-aware security policies.
Context-aware behavior enforcement
Once a device is on the network, you can’t just forget about it. Uncontrolled or poorly secured ports are classical security holes. Non-authenticating devices such as printers, VoIP phones, IP cameras and sensors must be controlled. MAC address authentication provides a first level of defense, but MAC addresses are easily spoofed by any would-be attacker.
The Mancala Network Controller enforces MAC authentication, but also dynamically checks the device profile to add extra layers of security. MAC spoofing attempts are detected when the known device profile fingerprint no longer matches the MAC address attempting to access network resources. Context-aware rules ensure that devices behave in a pre-defined manner. For example, printers can do “printer-like” things.If a printer tries to access WikiLeaks, an alert or enforcement mechanism is immediately triggered.
Migrations to identity-aware 802.1X deployments are frequently delayed due to the complexity of migration, port by port and device by device. The Network Controller largely automates this traditionally very manual and labor-intensive process: only exceptions to default policies need manual configuration.
Network Controller “learning” and “migration” modes enable simple and progressive site-wide deployment, with no disruption, and the dashboard-style monitoring interface allows the administrator to oversee the process as devices migrate to 802.1X.
With the evolution of collaboration models, enterprise networks need to incorporate flexible provisioning of guest access for external consultants and visitors without submerging IT support under an avalanche of change requests.
The Network Controller supports out-of-the-box guest access deployments, separation of traffic, and flexible control models from open to unique guest access passwords. The Network Controller’s REST API enables easy integration into existing management and security systems.
The Network Controller’s open rule architecture enables solution partners and customers to extend the out-of-the-box rule set to address domain specific problems.
Custom rules may leverage all relevant internal data objects and events to trigger custom alert or enforcement mechanisms or build upon those already included.