Network Access Control | Scope of our NAC solution

Experience more than just network access control

ARP-GUARD offers the perfect NAC solution to handle every issue

The ARP-GUARD NAC system guards and monitors your network by implementing your specific security policy companywide from a central point. Benefit from the maximum security identity checks for devices with ARP-GUARD fingerprinting. ARP-GUARD network access control ensures only authorized devices gain access to your network.

The unique and flexibly scalable sensor management architecture secures companies across all locations, from SMEs to large corporations.

As a central security application, ARP-GUARD also pools security information from other systems. ARP-GUARD detects, reports and immediately corrects network anomalies.

Network access control – protect your network against unauthorized access

Central control and regulation of all network accesses gives the administrator full control over the network. Benefit from real-time detection and notification of unrecognized devices. MAC addresses and certificates (802.1X) are used as unique device IDs. Fingerprints generated when the device is learned by the system further increase your network's security. All required actions can be defined for each individual user in the policy and centrally administered for the entire network – from instant port disconnection to assignment to a specific VLAN.

Locate and identify all devices connected to your network

The ARP-GUARD NAC system communicates with the network infrastructure to swiftly determine all systems located within the network and model the architecture in a graph topology. ARP-GUARD network access control detects all endpoint devices – regardless of their type and use. Keep track and control the location of all devices in your network at all times. Allowing you to benefit from simplified network planning and achieve the degree of transparency required for audits and inspections. The reporting feature logs all address changes and realignments to quickly locate and remedy interferences.

VLAN manager – convenient network segmentation

Use ARP-GUARD VLAN management to easily implement and manage network segmentation with virtual local area networks (VLANS). Segments with sensitive data receive additional protection, public domains are uniquely separated from internal ones and special access is only granted to guests and service providers. There’s no need to manually setup individual switch ports. ARP-GUARD automatically assigns ports to corresponding VLANs according to the policy. Employees can keep their environment/VLAN when they're on the go, travelling or working from different locations. VoIP phones and WiFi access points can also be successfully integrated with tagged VLANs.

Fingerprinting – intelligent profiling

The combination of various authentication methods such as MAC-based RADIUS and 802.1X offers maximum and flexibility. Expand your authentication capabilities with ARP-GUARD fingerprinting. Fingerprinting captures different attributes e.g. cryptographic keys and certificate, in order to uniquely identify a device. It is also capable of securely identifying devices that don’t support cryptographic processes by generating fingerprints based on certain device attributes.

Captive portal – secure and convenient guest access

The captive portal add-on controls access to a network from guest or third-party components such as smartphones or laptops. Targeted and restricted access can be established for third-party devices in every environment, whether LAN or WiFi. Accesses can be controlled at all times through the use of a dynamic firewall policy – even across separate locations – due to the sensor management architecture. Bring your own device (BYOD) is easy and convenient to implement. It grants private devices access to resources that have been explicitly approved for this use by the policy. Devices are authenticated using MAC/user passwords and LDAP e.g. for access to the active directory.

Endpoint – network integrity up to the endpoint device

The ARP-GUARD endpoint feature provides valuable assistance when it comes to implementing compliance requirements. During the authentication process, checks are carried out to determine whether the endpoint devices adhere to the security policies and can be deemed compliant in terms of security details e.g. status and pattern of the antivirus software or patch level of the operating system. These checks are performed via WMI, SNMP traps and syslog, interfaces to AV servers, IPS systems, etc. Client installation is not required. Devices that fail to meet the policy standards are isolated and can receive any necessary updates in a quarantine VLAN, for instance. Systems will only be granted access to the network areas after this step.

Sensor management architecture

ARP-GUARD sensor management architecture offers unrivalled scaling for NAC systems and simultaneous management of any number of locations from a central instance. Sensors facilitate effective integration without the need to install and purchase a system at regional offices. Enjoy flexibility and multi-client capabilities with the ARP-GUARD system.

Cluster – high availability for sensitive IT areas

The cluster add-on offers ready-to-work server replication that requires minimal investments in software and hardware. It assists ARP-GUARD network access control in achieving increased reliability and scalability for critical IT systems.