The Mountain View, California-based company offers its technology in the form of a secure LAN switch and an in-line appliance. While it carries out network access control via a transient agent downloaded at connect time to the endpoint, the company is loath to be classified as a NAC vendor.
We see NAC as an important space, said Dominic Wilde, Nevis’s VP of product management, but we’re pushing the idea that NAC on its own isn’t enough. He said companies also need compliance, protection of intellectual property, and privacy, all of which he said can be achieved by bringing identity to the network layer.
He said traditional ID management is at the application layer, with attempts to control access at the network layer until now mainly being static network technologies such as internal firewalls and VLANs.
At the beginning of this year Nevis came to market with its switch and appliance based on its own ASIC technology. Wilde said that to the normal pre-admission NAC functionality of endpoint posture checking, they add ID-based access control and signature matching and anomaly detection for both Zero Day and known threats.
This triple set of functions, which Nevis referred to as Prevent, Control and Detect, is the company’s way of seeking differentiation in an increasingly crowded NAC market. While Cisco, Juniper, Microsoft, and Symantec lionize the technology and talk up their respective flavors, several start-ups have joined the fray over the last couple of years, including Lockdown, Mirage, InfoExpress, StillSecure, and ConSentry.
Wilde said the Control component of the Nevis offering involves integration with a customer’s existing directory infrastructure without adding latency or impacting network performance, and with no need to change back-end systems. ID-based access policy enables a company to craft policy based on business requirements rather than technology, so it’s really role-based access, he said. It also includes visibility and reporting for compliance purposes.
Nevis has a security ops center called Nevis Labs in China that develops the threat signatures for matching within the devices, and Wilde said the company can detect rootkits, Trojans, and botnet exploits that traditional AV cannot. And since both the switch and the appliance also carry out anomaly detection for the unidentified threats, Nevis can talk about doing both pre- and post-admission NAC.
Sitting above both switch and appliance in a network hierarchy, Nevis offers its LANsight management console, operating as a central element manager and policy system, which talks to the corporate directory and pushes out policy to the individual Nevis devices, where it is cached locally.
