Safe Access®, the world’s best, most secure network access control (NAC) solution, ensures that compromised, dangerous endpoints don’t get on your network and cause havoc. It thoroughly tests all endpoints — those belonging to guests, employees, contractors, partners, and students — to verify they are compliant with your security and access policies. Based on test results, Safe Access restricts non-compliant machines to segments of the network where they can’t cause harm.
Deploying Safe Access in a virtual or physical environment is quick and easy, with no hardware required.
- Why Safe Access
- Guest Access
- Endpoint Compliance
- Industry solutions
- IAV Integration
- How It Works
- Best NAC
- NAC optimized for the DoD
- DoD Certified
- How to buy - Partners
- SAT Team
- Tech Specs Summary
What we do
Most widely deployed NAC
We deliver it all
Safe Access is a complete NAC solution that stops unauthorized access, prevents malicious endpoint activity, and enforces your organization's security policies.
What do we mean by "complete" solution? We mean that Safe Access delivers a full range of NAC functionality: pre-connect testing, post-connect monitoring, enforcement and quarantining, identity-based management, remediation, and BYOD.
With Safe Access, you control how security policies are defined and enforced across your network. We help to establish and enforce the rules and criteria that devices must adhere to gain access, but ultimately it's your network and it's your rules. When devices don't meet your criteria, we provide you with highly informed enforcement options that can be applied globally or on a group-by-group or case-by-case basis — or all of the above. For example, when a machine fails policy testing, you can:
- Quarantine it to a segment of the network where it can't cause harm
- Deny access entirely
- Allow access for a specified 'grace period' during which the device will be remediated
- Grant it access (say, in the case of your senior executives)
Best part? It's all automated.
Making BYOD Safe and Secure
People are bringing their own devices into the office expecting to use them for daily work. This could be anything from smartphones to tablets and personal laptops to gaming systems. This makes it tough to keep your corporate network safe.
Safe Access allows you to block or allow these devices, either by type or individually. It can also allow you to give different network access to different devices. The choice is yours.
You can require that devices are compliant with your security policies before they gain access to your network, or you can deny them outright.
Safe Access can identify and manage a wide range of devices, including:
- Microsoft Windows
- Apple OS X
- Google Android
- Apple iOS
- Microsoft Windows 7 Mobile
- RIM Blackberry
- Network printers
- Xbox 360
- Playstation 3
- Nintendo Wii/DSi/3DS
Guests — a danger no more
Now, you can finally rein in the guests connecting to your network. You don't want them anywhere near your production environment, and Safe Access will ensure they don't get close.
What do I do about guests?
You can create temporary accounts for guests in Safe Access. Safe Access can give them access to only those network resources you want to allow. You can give them free run of your network, only specific internal sites, full Internet access, or limited Internet access: it’s your choice, and it’s very easy. Safe Access provides access to your guests without risking your network security.
How do I make contractors productive on my network?
Just add an account in your Active Directory server and Safe Access can identify contractors, get them tested, and ensure they are compliant before allowing them the proper access to your network.
Take the pain out of compliance
You already know how much of your job is driven by complying with the likes of NCUA FFIEC, PCI, HIPAA, GLBA, FISMA, SOX and your own internal security policies. Safe Access gets you into compliance and lets you prove it. Be it ensuring device configuration standards, verifying patch installation, controlling unauthorized access, managing daily automated security processes, or ensuring device security parameters, Safe Access lets you check the boxes that keep the regulators off your back.
Putting endpoints under the microscope
Safe Access applies thousands of checks against endpoints in seconds. Our Security Alert Team™ (SAT) can even create custom tests to meet your specific needs. We test in two completely interchangeable ways: agent or agentless. These testing options give you the flexibility to cover all the bases: in-office users, guests, road warriors, and wireless and VPN users. New policy compliance tests are continually being added to the test library, and you can easily create custom tests to meet organization-specific needs.
Point-and-click NAC policy definition
Safe Access' robust reporting capabilities let you meet the needs of auditors, managers and IT staff. Safe Access reports help you:
- Track and drive remediation efforts across your organization and prepare for audits.
- Focus patch management efforts on the most critical issues and zero-in on problem areas.
- Identify the segments of the network not covered by patch management or Windows updates.
- Ensure that all endpoints can be tested.
- Understand your exposure and risk from un-testable endpoints.
Deployment: 1 hour implementation
Every network is different, and every network is important to us. Your business needs determine how we deploy. We understand that security is a priority for your network and productivity is also a must. Therefore, we offer various methods of deployment to suit your needs.
- Virtual, hardware, and out-of-band implementation
- Various options for port level control
- No need to touch your switches
- Install the entire solution in one centralized location
- Full high availability and redundancy
- Both 802.1X and DHCP enforcement methods cover all wireless devices
Deployment options include:
Safe Access works with 802.1X in an easy-to-deploy phased configuration, for example:
- No supplicant needed, point your switches to Safe Access for authentication, and it does the rest.
- When you’re ready to phase in supplicants, you can do it at your own pace, and you can operate in a hybrid environment so you don’t have to cut over your network overnight.
- Stop allowing devices without supplicants for maximum security.
In addition, Safe Access provides several options for endpoint isolation:
- Traditional VLANs — if you’ve got VLANs deployed already, you can use them out of the box for things like testing, remediation, quarantine, production, and even to isolate infected endpoints
- Dynamic port level ACLs — you can restrict network access at the port level, and these controls can be specified fully within Safe Access, so you have one place to configure access for all your switches. This allows you to control access from Safe Access, so your security or information assurance team doesn’t have to get permission from your network team each time they want to change access controls
- Dynamic port level filters — you can push filters (groups of ACLs) to your switches ahead of time, and Safe Access will take advantage of those. This allows your network team to control access at the switch level, so your security team has no ability to alter port level access
- Most secure — prevents rogue devices from accessing your network
- Most flexible — Can be deployed with or without supplicants, and can provide fine-grained access control
- Most compliant — meets multiple compliance requirements, including DoD Secure Technical Implementation Guidance (STIG)
- Easy to deploy — minimal switch configuration required, and works with VLANs or port-based ACLs
- Easiest to deploy — just install an agent on your Windows® DHCP server and you’re done
- Can work with any DHCP server setup
- Quickest time to enforcement — can be deployed in about an hour in some cases
Inline - VPN
- Full inline protection – provides an inline gateway to protect your inbound network access points
How do I get my endpoints fixed?
Problem endpoints can be separated from others to await manual or automatic repair. To repair endpoints, Safe Access can work with an end user, your IT staff, your patch management system, such as SCCM, WSUS, LanDesk, HP, Radia, and IBM Tivoli, and can even fix some things itself through CLI. You can allow isolated endpoints to access as much or as little of the network as you like.
In the final stages of a Safe Access rollout, you implement your enforcement and quarantining strategies with "Innocent Until Proven Guilty" policies or the more stringent "Guilty Until Proven Innocent" policies. Initially, we recommend you manually enforce noncompliance and evaluate the process from both a technical and a business perspective. Only after you're certain that the process and user experience meet your expectations, should you turn on automated enforcement.
We're here for you
The network professionals on StillSecure's tech support team provide 24x7 support at multiple Security Operations Centers (SOCs) and have extensive experience guiding Safe Access customers through the phases of implementation. So don't worry—we'll be here for you throughout the rollout and beyond. Click here for support.
StillSecure's Safe Access is deployed heavily throughout the military and commercial sectors. Our customers range from the government and DoD to finance, health care, utilities, education, law, B2B and B2C industries.
Safe Access enables our clients to maximize productivity while keeping their networks secure and compliant to their industry specific audits. Whether it be HIPPA, PCI, FISMA, DIACAP, NCUA FFIEC (include your favorite alphabet soup combination) - or you just need to get endpoints and BYOD under control, Safe Access has it covered!
Safe Access Solution Provides Total IAV Integration
Used by most major military branches in the United States, Safe Access is the only NAC solution that allows users to set compliance policy by Information Assurance Vulnerability Alerts (IAVAs), tests against IAVAs natively, reports directly on IAVA compliance, and now provides the ability to research IAVA details by providing direct linking to the U.S. Cyber Command (USCYBERCOM) website. StillSecure's IAV compliance testing includes support for Microsoft Windows client and server operating systems, Microsoft Office, Adobe products, Blackberry Enterprise Server, and others.
In addition to our IAV compliance testing and reporting, Safe Access also allows authorized users to benefit from in-user interface (UI) links to the USCYBERCOM website.
Information Assurance (IA) is the strategic risk management of an organization's information systems, rather than the creation and application of security controls. In addition to defending against malicious hackers and viruses, IA practitioners have to consider a host of issues, including corporate governance, privacy, regulatory and standards compliance, auditing, disaster recovery, and more.
The USCYBERCOM website is the official source for all IAV definitions and is the central hub from which all DoD IAV updates are shared across the DoD for ongoing IT security operations and vulnerabilities.
How It Works
Safe Access detects your endpoints (mobile devices and PCs) and continually tests them against your security policy and controls what they can access on your network. Failed endpoints can be isolated, fixed or logged.
802.1X, DHCP, VPN, ACL, Inline, or Out-of-band enforcement. Pick and choose your enforcement method based upon your existing and/or future network infrastructure, either way Safe Access has you covered.
Why are 5 of the top 7 network switch vendors partnering with us for our Safe Access NAC technology? Why have 4 branches of the U.S. military rolled out massive Safe Access implementations? Why has Safe Access won so many of the top industry awards? Because, it is the world's best secure network access control (NAC) product.
- Largest NAC in the world / DoD
- Only virtually approved NAC in the DoD
- More licenses sold to the DoD than any other NAC
- Safe Access helps meet DIACAP compliance within the DoD
- Industry leadership recognized by SC Magazine & InfoTech Research Group
- Out-of-band enforcement
- Excellent BYOD coverage to identify and control
- First virtual NAC
- Multiple enforcement methods
- Network vendor agnostic
- Largest deployment of NAC in the world - 700,ooo+ users
- Most mature NAC product on the market
- Fastest testing engine available
- Performance and scalability for large enterprises
- Rogue device detection and enforcement
- Extensive device profiling
- Deepest compliance test library
- Prevalent in the health care, financial, technology, and education sectors
Safe Access is compliant, optimized and specialized for deployment in DoD-regulated environments. IAVA threat codes are natively supported within the product and are displayed throughout the interface within access policies, reports, and real-time testing and enforcement summaries. Specialized DoD-specific MD5 file system checksums are also baked directly into the product. Additionally, Safe Access is on the DISA UC APL, U.S. Army IA-APL, is U.S. Army Technology Integration Center approved (TIC-approved), and has an Army Certificate of Networthiness (CoN).
Safe Access is the most secure NAC product on the market. Other vendors have had to do damage control to deal with "NAC under attack" incidents, where vulnerabilities were discovered in their NAC platforms. Not Safe Access.
Safe Access has received security certification from a number of DoD organizations, including STIG certification and FIPS 140-2. It has also been designated as military-grade through Common Criteria Evaluation certification (CCE EAL 2). Safe Access has been approved by DISA for use in all DoD environments.
- U.S. Army IA Approved Products List (APL)
- U.S. Army Certificate of Networthiness (CoN)
- Common Criteria Evaluation (CCE) EAL Level 2
- CCE EAL Level 4+ (in process)
- Federal Information Processing Standard 140-2 (Level I) compliant
- U.S. Army Technology Integration Center (TIC) approved
- Voluntary Product Accessibility Template (VPAT) for Section 508
- End-user 508 Accessibility
- Agent Installer 508 Accessibility
- User Interface 508 Accessibility
- IPv6 support
Best IAV Integration
Safe Access is the only NAC that allows full Information Assurance Vulnerability (IAV) integration. Not only does Safe Access directly test for IAVs covering Microsoft Windows client and server operating systems, Microsoft Office, Adobe products, Blackberry Enterprise Server, and others, but it directly displays IAVs in its administration UI and reports. Compliance policies can be defined in terms of IAV checks rather than forcing you to guess and convert from other vulnerability numbering systems, and now all IAV checks have direct in-UI links to the IAV source: the United States Cyber Command website.
Safe Access is available through a number of resellers and integrators, and via a number of U.S. Government contract vehicles. Please contact StillSecure at 303-381-3801 for further information.
- GSA schedule
- CHESS / ITES-2H (U.S. Army contract vehicles)
- Encore II (DISA, DoD contract vehicle)
Partners: CDW, Dell, Ironbow, Copper River IT, Mad Security, AITC, HP, Advantaged Solutions, Synnex, Aneukor
What our customers are saying
“Andrews Federal Credit Union chose StillSecure Safe Access because it was by far the simplest, yet most effective NAC solution we tested. The installation took very little time and did not require any upgrades to our network infrastructure. The fact that Safe Access helps me with NCUA and FFIEC NAC compliance guidelines, provides BYOD and guest access control and can be deployed in a virtual environment made my decision an easy one.” Bill Wallace, Information Security Manager, Andrews Federal Credit Union.”
“We use Safe Access for one reason, and one reason only - it helped us stop anyone, or anything, from accessing our network without proper authorization — We chose StillSecure’s NAC product because it’s the most comprehensive and effective one on the market, and it provides the same level of network access security that the Department of Defense uses.”
“Safe Access reaches well beyond what competing NAC technologies can offer. StillSecure was up and running within a matter of hours. Safe Access has taken the tedious legwork out of enforcing how, where and under what criteria devices gain access to our network. Our network visibility has improved tremendously and we now have control over every user, activity and device on our network.”
“As a college, the safety and security of our students and their personal records is our utmost concern. For this reason, we use Safe Access for all guest access for the ease of installation and to help prevent rogue access to our network. The StillSecure team goes above and beyond to protect our IT assets and prevent threats to our network, allowing us to focus on what we do best: educating the leaders of tomorrow.”
Your challenges, our solutions
- Conquer your endpoints — Safe Access provides the fastest, most in-depth testing. It quickly assesses your entire network, including USB devices, so you know what every endpoint is up to
- BYOD bringing you down? — We safely and easily integrate mobile and other brought-from-home devices into your network
- Guest Access — not sure how to manage guests and contractors? Safe Access allows you to specify where on the network each user is allowed to go and ensures that they don’t compromise your network
- Escalating costs — we reduce your IT and hardware costs with virtualization, no additional network costs, auto-remediation, and ease of install
- Easy to deploy — Safe Access can be up and running, and quarantining non-compliant endpoints in as little as an hour
- Move to 802.1X in stages — you can have a minimal 802.1X deployment up and running quickly, and layer in more security over time
- Fully virtualizable — run your entire NAC infrastructure in a virtual environment, reducing costs and hassle
- DoD certified — DISA UC APL, Common Criteria EAL2, and FIPS 140-2 level 1 compliant
Your challenges, our solutions
Our Security Alert Team™ (SAT) ensures your network is protected by the most cutting-edge security and technology. SAT constantly monitors and distributes rule sets that satisfy industry-standard security benchmarks such as the Department of Defense (DoD) IAV.
We can configure your Safe Access NAC solution to check for updated SAT rules as frequently as every hour, or you can download rule updates on demand, ensuring up-to-the-minute protection.
Tech Specs Summary
|Flexible testing, flexible enforcement||
|Multiple endpoint testing options||
|DoD STIG compliant||
Awards & Recognition
StillSecure’s VAM – Take control over network vulnerabilities
StillSecure’s VAM vulnerability management platform identifies, tracks, and manages the repair of network vulnerabilities across the enterprise. Much more than just a vulnerability scanner, VAM provides regulatory compliance, integration with your existing IT systems and processes, an architecture that easily scales while providing centralized Web-based management.
And we can work with you to have it up and running in just 30 minutes. Choose our pre-installed VAM appliance, or use your own hardware.
- Highly scalable — scan thousands of endpoints a day.
- Identify vulnerabilities and how to correct them, and verify they’ve been remediated.
- Ensure everyone knows what they’re supposed to work on and track their progress with VAM’s vulnerability workflow management system.
- Easily accomplish goals from VAM’s powerful and extremely flexible user interface.