Network Access Control Buyer's Guide and Reviews June 2021

NAC
Network Access Control

Buyer's Guide and Reviews
June 2021
Get a custom version of this report...personalized for you!

Thanks for downloading this IT Central Station report.
Note that this is a generic report based on reviews and opinions from the entire IT
Central Station community. We offer a customized report personalized for you based on:
• Your industry
• Company size
• Which solutions you're already considering
It includes recommendations for you based on what other people like you are researching and
using.
It takes 2-3 minutes to get the report using our shortlist builder wizard. We recommend it!
Get your personalized report here.
2
Contents
Vendor Directory 4
Top Vendors 5-6
Top Solutions by Ranking Factor 7
Focus on Solutions
Cisco ISE (Identity Services Engine) 8 - 10
Forescout Platform 11 - 13
Aruba ClearPass 14 - 15
Fortinet FortiNAC 16 - 18
Sophos Network Access Control 19 - 21
Portnox CORE 22 - 24
ExtremeControl 25 - 26
Pulse Policy Secure 27 - 28
Appgate SDP 29
macmon Network Access Control 31
About This Report and IT Central Station 32
© 2021 IT Central Station

To read more reviews about Network Access Control, please visit:
https://www.itcentralstation.com/categories/network-access-control
3
Vendor Directory
Appgate Appgate SDP NetFortris NetFortris Secure Wi-Fi
Aruba Networks Aruba ClearPass OPSWAT MetaAccess
Auconet Auconet Network Access Control Portnox Security Portnox CORE
Cisco Cisco ISE (Identity Services Engine) Portnox Security Portnox Clear
Extreme ExtremeControl Pulse Secure Pulse Policy Secure
ForeScout Forescout Platform Ruckus Ruckus Cloudpath
Fortinet Fortinet FortiNAC Sophos Sophos Network Access Control
Genians Genian NAC Tempered Networks Tempered Networks
Impulse Point Impulse Point SafeConnect Trustwave SecureTrust Network Access Control
macmon secure macmon Network Access Control

4
Top Network Access Control Solutions

Over 507,935 professionals have used IT Central Station research. Here are the top Network Access Control vendors based on product
reviews, ratings, and comparisons. All reviews and ratings are from real users, validated by our triple authentication process.
Chart Key
Views Comparisons Reviews Words/Review Average Rating
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product IT Central Station on IT Central Station reviews
Bar length
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. The score is calculated as follows:
For each ranking factor of Reviews, Views, and Comparisons, the product with the highest count in each ranking factor gets a maximum 18
points.
Every other product gets assigned points based on its total in proportion to the #1 product in that ranking factor.
For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's points for reviews
would be 18 * 80% = 14.4.
Both Rating and Words/Review are awarded on a fixed linear scale.

For Rating, the maximum score is 28 points awarded linearly between 6-10 (e.g. 6 or below=0 points; 7.5=10.5 points; 9.0=21 points; 10=28 points).
For Words/Review, the maximum score is 18 points awarded linearly between 0-900 words (e.g. 600 words = 12 points; 750 words = 15 points;
900 or more words = 18 points).
If a product has fewer than ten reviews, the point contribution for Rating and Words/Review is reduced:
1/3 reduction in points for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews.
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
1 Cisco ISE (Identity Services Engine)
31,054 views 21,776 comparisons 17 reviews 621 words/review 7.9 average rating
2 Forescout Platform
3 Aruba ClearPass

5
4 Fortinet FortiNAC
5 Sophos Network Access Control
6 Portnox CORE
7 ExtremeControl
993 views 670 comparisons 1 reviews 638 words/review 8.0 average rating
8 Pulse Policy Secure
372 views 306 comparisons 1 reviews 282 words/review 7.0 average rating
9 Appgate SDP
3,927 views 3,134 comparisons 0 reviews 0 words/review
10 macmon Network Access Control
742 views 557 comparisons 0 reviews 0 words/review

6
Top Solutions by Ranking Factor

Views
VIEWS
1 Cisco ISE (Identity Services Engine) 31,054
2 Aruba ClearPass 18,251
3 Forescout Platform 14,888
4 Fortinet FortiNAC 9,052
5 Appgate SDP 3,927
Reviews
REVIEWS
1 Cisco ISE (Identity Services Engine) 17
2 Forescout Platform 15
3 Aruba ClearPass 9
4 Fortinet FortiNAC 8
5 Sophos Network Access Control 6
Words / Review
WORDS /
REVIEW
1 Portnox CORE 919
2 ExtremeControl 638
3 Cisco ISE (Identity Services Engine) 621
4 Sophos Network Access Control 506
5 Forescout Platform 500

7
Cisco ISE (Identity Services Engine) See 21 reviews >>
Overview
Identity Services Engine is a security policy management platform that automates and enforces context-aware security access to
network resources. It delivers superior user and device visibility to support enterprise mobility experiences and to control access.
It shares data with integrated partner solutions to accelerate their capabilities to identify, mitigate, and remediate threats.
SAMPLE CUSTOMERS
Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer,
Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems,
New South Wales Rural Fire Service, Reykjavik University, Wildau University
TOP COMPARISONS
Aruba ClearPass vs. Cisco ISE (Identity Services Engine) … Compared 39% of the time [See comparison]
Forescout Platform vs. Cisco ISE (Identity Services Engine) … Compared 16% of the time [See comparison]
CyberArk Privileged Access Manager vs. Cisco ISE (Identity Services Engine) … Compared 8% of the time [See comparison]
REVIEWERS * VISITORS READING REVIEWS *
TOP INDUSTRIES TOP INDUSTRIES

Comms Service Provider … 33% Comms Service Provider … 18%
Computer Software Company … 20% Computer Software Company … 18%
Government … 8% Financial Services Firm … 11%
Financial Services Firm … 4% Government … 11%
COMPANY SIZE COMPANY SIZE

1-200 Employees … 13% 1-200 Employees … 30%
1001+ Employees … 70% 1001+ Employees … 46%
* Data is based on the aggregate profiles of IT Central Station Users reviewing and researching this solution.

8
Cisco ISE (Identity Services Engine) Continued from previous page
Top Reviews by Topic
VALUABLE FEATURES See more Valuable Features >>
In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now. ISE is
always very complicated to deploy because it's GUI-based. So they came up with this feature called work centers, that kind of
streamlines that process. That's a good feature in the product right now. [Full Review]
reviewer126
1278
The posturing is the solution's most important aspect. When a user connects his or her machine to the network, the first is for ISE to
check whether that machine is authorized, check that that machine is compliant with respect to antiviruses, whether it complies with
respect to Windows updates, et cetera. If not, a feature is on auto-remediation, so that the proper antivirus and Windows updates
ChrisWanyoi can be pushed to the machine. At the moment, ISE seems to integrate very well with a number of other technologies. It integrates
ke
well with Microsoft and inte... [Full Review]
The solution cuts down on the repercussions of getting malware or ransomware which happened to us four years ago. We regularly
took very aggressive snapshots and we were able to recover in an hour and 20 minutes without any loss of data. [Full Review]
Shawn
Connors
The ability to integrate our Cisco AnyConnect connections to the active directory has been great. Also, as a source of
authentication during the process of logging into Cisco AnyConnect has been very useful for us. [Full Review]
Sean Muller
ROOM FOR IMPROVEMENT See more Room For Improvement >>
An issue with the product is it tends to have a lot of bugs whenever they release a new release. We've always found ourselves
battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with
bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is
reviewer126 kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I
1278
would say that the bigge... [Full Review]
In terms of the improvements I need, they've already, according to my research, done those improvements with their new versions.
The features have already improved on their newer version, and that's why we need to update to that new version. What is required
is that Cisco needs to be doing health checks and following up with the customer to ensure that their Cisco partners have done the
ChrisWanyoi deployment right. That's something that has really helped us. Whenever a partner comes and does any deployment, we would, later
ke
on, engage Cisco for a health check, ... [Full Review]
Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different
things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds
errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on
Shawn 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that. I'd really like the solution to dive down a little deeper when
Connors
something's not profil... [Full Review]

9
Cisco ISE (Identity Services Engine) Continued from previous page
It perfectly does everything we have been looking for it to do. I have not discovered any feature sets or items that are lacking. It's a
much more functional product than the old Cisco ACS that it replaced. That being said, during deployment, they shipped us the
Cisco ISE with the 3.1 operating system, which was incompatible with the license that we had purchased, which would only allow us
Sean Muller to go up to version 2.9. Because of this, we actually had to do a factory reset and a reload to the operating system — to an older
version of the operating system... [Full Review]
PRICING, SETUP COST AND LICENSING See more Pricing, Setup Cost And Licensing >>
It's an expensive solution when compared to other vendors. It's definitely more expensive than ClearPass. It's expensive, but the
issue, again, comes down to scalability. Because you can't virtualize the product, there's a lot of investment when it comes to your
hardware resources. Your CapEx is one of the biggest issues here. That's something Cisco needs to improve because organizations
reviewer126 are looking at reducing their hardware footprint. It's unfortunate that ISE is such a resource-intensive application to begin with. As
1278
it's not a properly virtualiz... [Full Review]
Cisco does not sell directly. They have authorized partners you need to buy through. I don't deal directly with the licensing and
therefore do not have any idea what the pricing of the product is. It's not part of my responsibilities. It is my understanding, however,
that it would be expensive for smaller organizations. Startups may not be able to afford these products. We don't really worry about
ChrisWanyoi pricing, as cheap might be expensive in the long run if you don't get a product that is right for your organization, or is more likely to
ke
break down over ... [Full Review]
We did a five year deal and it was very reasonable. I think for the Avast virus scan, I think we were paying $95 a machine for five
years, which nobody else could touch. And that includes all updates, technical support, etc. From the ISE side, I'm not really sure
what it costs because it was all encompassed in equipment we were buying and the ISE and the AMP and the open DNS. I know
Shawn that it was not more expensive than any of the things we had looked at with HP or BMC or other places. It was much more cost
Connors
effective. [Full Review]
We are running version 2.9 because version 2.9 of the ISE has a persistent license —it's a one-time payment. The latest version (3.1)
is only available if you do a yearly subscription. It's a licensed physical device; there is no subscription. If you want the latest
operating system, then you'll need to get an annual license. [Full Review]
Sean Muller

10
Forescout Platform See 17 reviews >>
Overview
ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-
traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and
orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional
security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s
solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate
workflows and enable significant cost savings.
SAMPLE CUSTOMERS
NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust
TOP COMPARISONS
Aruba ClearPass vs. Forescout Platform … Compared 33% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. Forescout Platform … Compared 32% of the time [See comparison]
Fortinet FortiNAC vs. Forescout Platform … Compared 7% of the time [See comparison]

Comms Service Provider … 24% Financial Services Firm … 20%
Computer Software Company … 22% Government … 16%
Government … 9% Energy/Utilities Company … 8%
Financial Services Firm … 5% Manufacturing Company … 8%


11
Forescout Platform Continued from previous page
There are so many to list: * The policies and what you can do with them is amazing. * The ability to narrow down devices online
versus offline. * Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or
router. This is very beneficial when assisting in tracing back physical connectivity, if needed. * The ability to move a device off the
SecEng390 network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity
4
issue. [Full Review]
The environment was easy to configure. The user management has been very easy for the most part. The initial setup is pretty easy.
Technical support has been very helpful. The stability overall is good. [Full Review]
Jonathan
Soto
The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a
small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement.
With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to
reviewer134 control every device on your network regardless of the make, model, and software running. This allows for end-to-end security. [Full
8908
Review]
I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening
to the wire and talking to networking devices. That is a huge reduction in configuration complexity. You can quickly filter your view
of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.
Avraham Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices. [Full
Sonenthal
Review]
When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add
what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want
to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at
SecEng390 a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some
4
premature clicking ... [Full Review]
The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective
and it's ultimately just too costly. We may have some problems with compatibility - specifically with Cisco switches. We have the
perimeter a Check Point firewall as an alarm for VPN connections. We have users integrating the VPN Check Point with Forescout.
Jonathan We can't seem to scale due to compatibility issues and price. [Full Review]
Soto
The product could be improved in different ways: * The speed of identification * More guest management features (i.e. extending
time frames) * Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or
merge these records if enough correlating data points exist, so as not to segment devices. Some of the features introduced into the
reviewer134 product line could have better documentation, which could provide for an overall better experience for administrators. [Full Review]
8908

12
Forescout Platform Continued from previous page
The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think
that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to
understand what each of them is. It would be nice to have more control over the format of the reports. Also, it would be nice if the
Avraham configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a
Sonenthal
Windows share. [Full Review]
The licenses are quite expensive. Ultimately, we couldn't afford the amount we needed, and therefore we are moving off the
product. We might have paid in the ballpark of $20,000 yearly for our licenses. I do not recall there being other fees over and
above the standard licensing fee. [Full Review]
Jonathan
Soto
We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple
virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility. [Full
Review]
reviewer134
8908
Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The
product is complex so do not skimp on training, certification, and professional services. [Full Review]
Avraham
Sonenthal
The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying
for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access. [Full
Review]
reviewer134
8911

13
Aruba ClearPass See 9 reviews >>
Overview
ClearPass Policy Manager provides secure network access in a world made up of mobile and IoT devices. It features ultra-scalable
AAA with RADIUS and uses contextual data based on every user and device to enforce adaptive policies for wireless, wired or
VPN access.
SAMPLE CUSTOMERS
Consulate Health Care, Los Angeles Unified School District, Science Applications International Corp (SAIC), San Diego State University,
KFC, ACTS Retirement-Life Communities
TOP COMPARISONS
Cisco ISE (Identity Services Engine) vs. Aruba ClearPass … Compared 56% of the time [See comparison]
Forescout Platform vs. Aruba ClearPass … Compared 25% of the time [See comparison]
Fortinet FortiNAC vs. Aruba ClearPass … Compared 8% of the time [See comparison]

Comms Service Provider … 28% Comms Service Provider … 25%
Computer Software Company … 19% Energy/Utilities Company … 19%
Government … 6% Healthcare Company … 13%
Retailer … 5% Manufacturing Company … 13%


14
Aruba ClearPass Continued from previous page
The solution is extremely stable. We find that at the end of the projects we manage, all functionalities perform quite well. We've
tested it a lot and find it to be overall a very good solution. It's excellent in terms of securing local networks for our clients. [Full
Review]
reviewer136
4637
The most valuable feature for us is the policy compliance. They have an API that assists you in checking whether a machine has
specific clients. For example, we check whether the EDR is updated and whether there are specific clients whose machine should
be allowed to connect to the network. [Full Review]
Security5e3
7
A very important feature for me is its support of a multi-tenant solution on deliverables. For instance, I have three customers, or
three users, and I want each customer to have his own portal and his own database to manage their subscriber for reporting and for
provision. [Full Review]
it_user6888
96
The solution needs to upgrade its user interface. Right now, it's not so user friendly, and it's an aspect that my clients' wish was
improved upon. The solution is quite large and complex in scope. If a person isn't familiar with the solution, they can quickly get
overwhelmed with everything. [Full Review]
reviewer136
4637
The user interface should be improved. The logs and how the logging mechanism works can also use an upgrade. It should also
have better reporting, we were trying to do the reports and didn't manage to do them because technically we couldn't. Better
documentation on the API would be useful as well. [Full Review]
Security5e3
7
Aruba needs to improve and the processes must be clear. I also believe the marketing is very important, as well as to split the
database to be more specific, like having a user name, access point name or site name. [Full Review]
it_user6888
96
I would like the area of managing wired technology to be improved. Wireless is very good but I'm still struggling a bit to do my end
to end configurations in the wired technology area. The Virtual Machine for the Clearpass sometimes has issues with loosing the
management IP [Full Review]
David
Kariuki

15
Fortinet FortiNAC See 10 reviews >>
Overview
The proliferation of Internet of Things (IoT) devices, has made it necessary for organizations to improve their visibility into what is
attached to their networks. They need to know every device and every user accessing their networks. IoT devices enable digital
transformation initiatives and improve efficiency, flexibility, and optimization. However, they are inherently untrustworthy, with
designs that prioritize low-cost over security. FortiNAC provides the network visibility to see everything connected to the network,
as well as the ability to control those devices and users, including dynamic, automated responses.
SAMPLE CUSTOMERS
Isavia, Pepperdine University, Medical University of South Carolina, Columbia University Medical Center, Utah Valley University
TOP COMPARISONS
Cisco ISE (Identity Services Engine) vs. Fortinet FortiNAC … Compared 35% of the time [See comparison]
Aruba ClearPass vs. Fortinet FortiNAC … Compared 29% of the time [See comparison]
Forescout Platform vs. Fortinet FortiNAC … Compared 20% of the time [See comparison]

Comms Service Provider … 25% Financial Services Firm … 29%
Computer Software Company … 21% Government … 14%
Government … 7% Educational Organization … 14%
Educational Organization … 5% Manufacturing Company … 14%


16
Fortinet FortiNAC Continued from previous page
There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is
different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When,
Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution
Boller provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It
Anyiine
really is a good solution. [Full Review]
The most valuable features of the solution are the user-friendliness, the graphical interface, and the technical support. The interface
is very nice and the customization is good. Overall, our clients seem to be quite pleased with the product. [Full Review]
Rupsan
Shrestha
Compliance checks are a good feature. Compliance check is for windows updates and for antivirus updates, etc. Security is also
good. No guest can enter without credentials, such as usernames and passwords. You have full visibility, which is very good. [Full
Review]
SamerKiwan
We are only consultants, so we implement FortiNAC for our customers. The good part about FortiNAC is that it works seamlessly
across either public cloud, private cloud, a hybrid one or on premises. So, depending on the client's requirements, I usually suggest
that they go for public cloud where they have remote locations, and that they go for an application where they have a large
reviewer123 deployment, adequate network and technical staff to support the requests. The features we generally propose is basically agent-
2502
based authentication and the agent case solu... [Full Review]
I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via
FSSO or Certificate management he has to have a persistent agent. The admin UI is not that good. It could be better matched and
more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a
Boller FortiAuthenticator to build it. The other thing would probably be the visibility granular. For example, when I have a user at a
Anyiine
particular branch, I can't tell what SSIDs the... [Full Review]
For our organization and our clients, the price is the main concern. They should work to make it more competitive. Customization
could be improved in future releases. [Full Review]
Rupsan
Shrestha
The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to
facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup. [Full Review]
SamerKiwan

17
Fortinet FortiNAC Continued from previous page
The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better
integration with third-party solutions. The reporting capability needs to be improved. [Full Review]
Ahmed
Mahmoud
There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to
policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations,
Incidence response and reporting, then you have to go for an Plus or PRO license. [Full Review]
Boller
Anyiine
We're a Fortinet partner. I would recommend the product to others. Usability is a crucial thing for networking and this product offers
that. I'm not familiar with other NAC products. However, I think every organization should be implementing NAC. That does not
always mean just FortiNAC products. There are other NAC products as well. We are very fortunate to have access to such products
Rupsan that continue to help our customers. Overall, I'd rate the solution eight out of ten. [Full Review]
Shrestha

18
Sophos Network Access Control See 7 reviews >>
Overview
Sophos NAC Provides comprehensive, easy-to-deploy network access control that protects enterprise networks from the threats
posed by non-compliant, compromised, or misconfigured endpoint computers. The software solution is vendor-neutral and works
with existing network infrastructure and security applications. Computers are permitted or denied access to the network, based on
a centrally defined, policy-driven assessment - and isolated, quarantined for remediation, automatically remediated, or sent alerts.
Administrators can define and manage policies uniquely for managed and guest computers, including checking their security
status and ensuring that no unwanted applications are run.
SAMPLE CUSTOMERS
Rushmoor Borough Council
TOP COMPARISONS
Aruba ClearPass vs. Sophos Network Access Control … Compared 40% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. Sophos Network Access Control … Compared 29% of the time [See comparison]
Forescout Platform vs. Sophos Network Access Control … Compared 10% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
Comms Service Provider … 29%
Computer Software Company … 17%
Government … 10%
Media Company … 5%

19
Sophos Network Access Control Continued from previous page
The feature that I like the best is the level of security that it can provide. The interface is very user-friendly and it makes it easy to
manage the product due to the fact that you have complete control over the system and you can set up everything in a very easy
way. The solution is quite scalable. You can expand it if you need to. It's designed to be modular. We've found the solution to be
Marco- very stable. The performance is great. The installation is very straightforward. [Full Review]
VIVALDELLI
Sophos has an endpoint side, a firewall side, access control, and a phishing side. It is an entire network security solution. What
Sophos has done is integrate almost the entire OSI layer infrastructure. It gives me visibility across my infrastructure. It gives me
visibility into all the mobile devices that are on my network and into the security I have on those mobile devices. I also have visibility
IkechukwuO into my users, my servers, and into what is happening at all my gateways, as well as visibility on my switches. So it gives me a global
nwumere
view of my infr... [Full Review]
The feature I love the most is probably the wifi. The wifi control is fantastic and makes it very easy to administer. The security is also
top-notch. Since we've been using this product, we've not had any problems with regards to threats. I'm very happy with this
solution. [Full Review]
Darren
Hengherr
The solution offers very good visibility. The fact that it is a single management solution is quite useful. Whether it's on-premises or
on the cloud, we're able to manage it centrally. The solution is quite user-friendly. [Full Review]
Enoch
Richard
The interface on the cloud could be a bit better - just to give more performance on it. However, it's just a very little thing that can be
improved. Overall, the product has a very good level of quality. In terms of features, at this point it truly satisfies out needs and
nothing is really missing from the offering. [Full Review]
Marco-
VIVALDELLI
What needs to be improved on is the fact that Sophos consumes a lot of processor resources and, once it starts scanning, the RAM
utilization is very high. I am a little bit worried about where Sophos is. A system with 4 GB would struggle. Even when it scans
systems that have 8 GB, they struggle. Also, one of the things that Sophos has not been able to tidy up properly — and I asked them
IkechukwuO about it — is that it would be nice if a person who is using Sophos on mobile devices could connect to the office using some type of
nwumere
multi-factor authentication. I w... [Full Review]
We don't have much experience with the solution just yet. It's only been a few months. I'm not sure which features are lacking. A
few items are complex when it comes to handling the initial setup. The solution could offer more useful documentation. We found it
difficult to find metrics on the solution. They should work to make this more intuitive. [Full Review]
Enoch
Richard

20
Sophos Network Access Control Continued from previous page
This solution needs to including machine learning and AI functionality to assist with intrusion prevention. In Indonesia, there are a lot
of false positives. For example, many websites from our government and local industries are blocked by the IPS. More advanced
security features could be added. I would like to be able to fully customize the reports. [Full Review]
reviewer134
5065
The licensing is modular. That means, you typically buy a base license and then add on what you need to increase its functionality.
If you want to, for example, install a main gateway, or if you want to increase your data just to improve the level of security, you can
buy some additional licenses just for these specific needs. This is up to you and it just depends on what you want to have and level
Marco- of security. If you like, you can start with a base solution, and after, you can buy an additional module according to your needs. It's
VIVALDELLI
not mandatory to ... [Full Review]

21
Portnox CORE See 4 reviews >>
Overview
Portnox CORE provides 100% actionable visibility and control of all devices that are connected to the enterprise network. As a
software-based Network Access Management (NAM) platform, Portnox CORE’s patented solution allows for efficient management
of the security and compliance challenges that organizations face in a smart and simple way.
SAMPLE CUSTOMERS
EL AL Israeli Airlines, Channel 10 News, Wales Millennium Centre, The College of Management Academic Studies
TOP COMPARISONS
Forescout Platform vs. Portnox CORE … Compared 33% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. Portnox CORE … Compared 25% of the time [See comparison]
Fortinet FortiNAC vs. Portnox CORE … Compared 17% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
Financial Services Firm … 8%
Manufacturing Company … 5%

22
Portnox CORE Continued from previous page
The most valuable feature of the product in our case is the network visibility. The product gives us a very good view of what's
happening on the network and we can take action proactively. It also provides security. Our network isn't open to everyone in the
organization. It's open only to people who have a real need to work on the network. The product helps us control that access. It also
ChiefSystem helps that the product is self-sufficient. We don't need to allocate employee resources to the maintenance and monitoring unless
Engineer9
something goes wrong. It is all au... [Full Review]
Profiling to me is the solution's most valuable aspect. It gives you an extra edge, and you've got visibility on the status of the
endpoints that are connected to your network. It becomes very easy for you to quickly update, and be able to see the level of
availability that you have in the environment. It becomes very easy for you to manage your goals before they can even cause any
Joseph issues. For a network access control solution, Portnox is a very good solution. It offers great integration in heterogeneous
James
environments that have a number of different ... [Full Review]
NAS view page gave a virtual graphical view of the switches, similar to the physical view, and just like how you see the ports on
them. There is an add-on feature for application control to kill unwanted applications when launched on a user's device. It has a
feature to check the compliance state of computers. An example is for an antivirus. It checks if it was installed, installed but not
reviewer989 running, or not installed, then it defines policy action based on compliance status, which it applies. It supports a good number of
748
known antivirus products. It h... [Full Review]
In our case, the product does what it's meant to do. I don't see any real need for improvement here, at least not for our needs. The
interface is very convenient and provides very good security for exactly what we need the product for. It's a simple solution and we
haven't had any problems with it for the past six or seven years. I don't know that we really have any pain points with the product or
ChiefSystem I'd be aware of them. There are a certain number of false positives on occasion where we get an alert and really nothing is wrong,
Engineer9
but generally, those is... [Full Review]
I don't have any negative feedback in regard to the product as a whole. It's worked well for us and has very good features. If the
solution stayed as is, I'd be very happy with it. However, if there was a change to the solution, it would be interesting if the Portnox
team could include aspects of End-user behavior analytics (EUBA), with an aspect of AI to the already great profiling. But I already
Joseph think quite highly of it. [Full Review]
James
This solution reports a certain number of false positives, but it generally has to do with the configuration. The licensing is based on a
per-port price, even when you are not using all of the ports, and this is something that could be improved. Better integration with
our firewall, so that we can create policies that would block ports that are in a state of attack, would be a helpful inclusion for the
Principcon6 next release of this solution. [Full Review]
7
Areas that Portnox CORE can improve include: * Support for unmanaged switches (or hubs) and other brands of network devices.
These kinds of devices are still in use in organisations, especially SMEs who cannot afford to buy a managed switch. * The licensing
module. This should be reviewed to count the number of devices instead of port numbers of total switches. There is a case for this
reviewer989 where not all ports for a switch are used by devices. Unused ports are calculated in the license, then the customer pays for license
748
for those unused ports. [Full Review]

23
Portnox CORE Continued from previous page
As far as pricing, we only pay for support on a yearly basis. There are no other costs after you initially pay for the licenses. The only
exception to that is if you need to add devices to the system. If you add to the system you need to license more ports. You need to
pay for the additional licensing. Other than that it essentially works by itself so it is like having another employee for the cost of
ChiefSystem support. I don't know the exact prices but I know the product is not cheap. [Full Review]
Engineer9

24
ExtremeControl See 1 review >>
Overview
ExtremeControl lets you manage secure and automated access for both, BYOD and IoT devices from one convenient dashboard.
It makes it easy to roll out granular policies across your wired and wireless networks to meet industry and company compliance
obligations. Identity based network access control keeps unauthorized people and devices from accessing your network.
SAMPLE CUSTOMERS
Street Crane, Robert Bosch, Molex Chengdu, Weir Valves & Controls UK, Renault, AESSEAL, Ducati, Alexander Dennis, UK Ministry of
Defence, Manz
TOP COMPARISONS
Aruba ClearPass vs. ExtremeControl … Compared 40% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. ExtremeControl … Compared 24% of the time [See comparison]
Forescout Platform vs. ExtremeControl … Compared 19% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
University … 10%
Healthcare Company … 7%

25
ExtremeControl Continued from previous page
The most valuable aspect of the product is that I can know which end users are using which features, the type they are using, and
the kind of traffic coming through, even when we're in our network. I have that recognition which is great. [Full Review]
MohamedSa
lah1
The product could be improved by allowing us to control all users in the network, overall layers, end to end. I'd like to have access
to more information on the traffic passing through. The product has been sufficient for our needs, meaning that I'm able to configure
additional devices at the same time and as I see fit. I haven't seen other products to get a comparison but I would like to see more
MohamedSa integration with other products and possibly more revisions. [Full Review]
lah1

26
Pulse Policy Secure See 1 review >>
Overview
Pulse Policy Secure (PPS) is a next-gen NAC that enables organizations to gain complete visibility, understand their security
posture, and enforce roles-based access and endpoint security policy for network user, guest and IoT devices. Leveraging core
network, mobile and security infrastructure integrations, Pulse NAC solution can streamline endpoint compliance and remediation,
BYOD onboarding and IoT security, as well as automate threat response to mitigate malware, rogue device, unauthorized access
and data leakage risks.
Pulse Policy Secure is a full featured NAC that has been designed for easy deployment, convenient scalability and rapid time-to-
value. Through configuration and policy creation wizards, PPS empowers administrators to... [Read More]
SAMPLE CUSTOMERS
Entegrus
TOP COMPARISONS
Aruba ClearPass vs. Pulse Policy Secure … Compared 33% of the time [See comparison]
Forescout Platform vs. Pulse Policy Secure … Compared 19% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. Pulse Policy Secure … Compared 19% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
Manufacturing Company … 6%
Retailer … 6%

27
Pulse Policy Secure Continued from previous page
The initial setup is a bit complex. The documentation needs to be improved. There are a lot of details that are missed which makes
it confusing. The ability to handle SAML integration for authentication is also not that straightforward. The ability to handle the
server authentication documentation is poor. The GUI needs to be a bit better. It could be updated. It needs to be better organized
reviewer158 and more accessible. The integration with other vendors needs to be improved upon. [Full Review]
4621

28
Appgate SDP
Overview
Appgate SDP is a leading Zero Trust Network Access solution that simplifies and strengthens access controls for all users, devices
and workloads. We deliver secure access for complex and hybrid enterprises by thwarting complex threats, reducing costs and
boosting operational efficiency.
The full suite of Appgate solutions and services protects more than 650 organizations across the government, fortune 50 and
global enterprises.
SAMPLE CUSTOMERS
United States Air Force
FINRA
Weight Watchers
Rackspace
DataDog
SageNet
Verdant
Norwegian Cruise Line
VoiceBase
The Third Floor
TOP COMPARISONS
Zscaler Internet Access vs. Appgate SDP … Compared 9% of the time [See comparison]
Cisco IOS SSL VPN vs. Appgate SDP … Compared 8% of the time [See comparison]
Check Point Remote Access VPN vs. Appgate SDP … Compared 6% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
Government … 10%
Financial Services Firm … 7%

29

30
macmon Network Access Control
Overview
The Network Bundle consists of 6 modules - NAC basic, Advanced Security, VLAN, 802.1X, Guest Service and Topology. It
provides profound protection for your corporate network and is a centralized security authority that protects your network against
intrusion from unauthorized devices, and ensures the complete overview of all your devices.
SAMPLE CUSTOMERS
Somerset NHS Foundation, Stepchange, Volkswagen, Vivantes Healthcare, MBDA Weapons, APS engineering
TOP COMPARISONS
Aruba ClearPass vs. macmon Network Access Control … Compared 47% of the time [See comparison]
Cisco ISE (Identity Services Engine) vs. macmon Network Access Control … Compared 30% of the time [See comparison]
Fortinet FortiNAC vs. macmon Network Access Control … Compared 11% of the time [See comparison]
REVIEWERS *
TOP INDUSTRIES
Government … 12%
Retailer … 7%

31
About this report

This report is comprised of a list of enterprise level Network Access Control vendors. We have also included several real user reviews posted on
ITCentralStation.com. The reviewers of these products have been validated as real users based on their LinkedIn profiles to ensure that they
provide reliable opinions and not those of product vendors.
About IT Central Station

The Internet has completely changed the way we make buying decisions. We now use ratings and review sites to see what other real users think
before we buy electronics, book a hotel, visit a doctor or choose a restaurant. But in the world of enterprise technology, most of the information
online and in your inbox comes from vendors but what you really want is objective information from other users.
We created IT Central Station to provide technology professionals like you with a community platform to share information about enterprise
software, applications, hardware and services.
We commit to offering user-contributed information that is valuable, objective and relevant. We protect your privacy by providing an environment
where you can post anonymously and freely express your views. As a result, the community becomes a valuable resource, ensuring you get
access to the right information and connect to the right people, whenever you need it.
IT Central Station helps tech professionals by providing:
• A list of enterprise level Network Access Control vendors

• A sample of real user reviews from tech professionals
• Speciﬁc information to help you choose the best vendor for your needs
Use IT Central Station to:
• Read and post reviews of vendors and products

• Request or share information about functionality, quality, and pricing
• Contact real users with relevant product experience
• Get immediate answers to questions
• Validate vendor claims
• Exchange tips for getting the best deals with vendors
IT Central Station
244 5th Avenue, Suite R-230 • New York, NY 10001
www.ITCentralStation.com
reports@ITCentralStation.com
+1 646.328.1944

32

Network Access Control Buyer's Guide and Reviews June 2021

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Access Control Buyer's Guide and Reviews June 2021

Uploaded by

Copyright:

Available Formats

NAC

Network Access Control

Get a custom version of this report...personalized for you!

Get your personalized report here.

Top Vendors 5-6

Top Solutions by Ranking Factor 7

Cisco ISE (Identity Services Engine) 8 - 10

Sophos Network Access Control 19 - 21

Pulse Policy Secure 27 - 28

macmon Network Access Control 31

About This Report and IT Central Station 32

© 2021 IT Central Station

Aruba Networks Aruba ClearPass OPSWAT MetaAccess

Auconet Auconet Network Access Control Portnox Security Portnox CORE

Extreme ExtremeControl Pulse Secure Pulse Policy Secure

ForeScout Forescout Platform Ruckus Ruckus Cloudpath

Fortinet Fortinet FortiNAC Sophos Sophos Network Access Control

Genians Genian NAC Tempered Networks Tempered Networks

macmon secure macmon Network Access Control

© 2021 IT Central Station

Top Network Access Control Solutions

Views Comparisons Reviews Words/Review Average Rating

Both Rating and Words/Review are awarded on a fixed linear scale.

1 Cisco ISE (Identity Services Engine)

© 2021 IT Central Station

5 Sophos Network Access Control

8 Pulse Policy Secure

3,927 views 3,134 comparisons 0 reviews 0 words/review

10 macmon Network Access Control

742 views 557 comparisons 0 reviews 0 words/review

© 2021 IT Central Station

Top Solutions by Ranking Factor

1 Cisco ISE (Identity Services Engine) 31,054

2 Aruba ClearPass 18,251

3 Forescout Platform 14,888

4 Fortinet FortiNAC 9,052

5 Appgate SDP 3,927

1 Cisco ISE (Identity Services Engine) 17

5 Sophos Network Access Control 6

1 Portnox CORE 919

3 Cisco ISE (Identity Services Engine) 621

4 Sophos Network Access Control 506

5 Forescout Platform 500

© 2021 IT Central Station

Cisco ISE (Identity Services Engine) See 21 reviews >>

REVIEWERS * VISITORS READING REVIEWS *

TOP INDUSTRIES TOP INDUSTRIES

COMPANY SIZE COMPANY SIZE

© 2021 IT Central Station

Cisco ISE (Identity Services Engine) Continued from previous page

Top Reviews by Topic

VALUABLE FEATURES See more Valuable Features >>

ROOM FOR IMPROVEMENT See more Room For Improvement >>

© 2021 IT Central Station

Cisco ISE (Identity Services Engine) Continued from previous page

© 2021 IT Central Station

Forescout Platform See 17 reviews >>

REVIEWERS * VISITORS READING REVIEWS *

TOP INDUSTRIES TOP INDUSTRIES

COMPANY SIZE COMPANY SIZE

© 2021 IT Central Station

Forescout Platform Continued from previous page

Top Reviews by Topic