Perfigo’s flagship offering, CleanMachines, does pretty much what Cisco wants its NAC system to do. It checks computers for compliance with security policies when they try to connect to the network, and quarantines incompliant boxes to a remediation server.
According to Perfigo’s description of the product, which comprises a policy server and optional agent, CleanMachines can scan for backdoors, RPC vulnerabilities, shared folder, active services and spyware.
It also supports scanning for up-to-date running versions of Symantec, McAfee and Trend Micro antivirus and personal firewall software, and Windows patches and service packs from Windows 98 onwards.
Cisco said that Perfigo’s shrink-wrap approach has made it popular in medium-sized organizations, particularly in the education market. It remains to be seen whether CleanMachines’ technology will be built into existing NAC products or remain separate.
NAC comprises Access Control Server and Trust Agent. It currently is supported by Cisco routers, with more-important support for Catalyst switches and VPN concentrators planned for early next year.
Cisco recently announced that Microsoft will make its Network Access Protection technology compatible with NAC. Microsoft simultaneously delayed NAP until 2007, seen by some as the OS giant ceding leadership to Cisco.