You might be knowing more than 90% of the attacks , infections comes from within the LAN from our trusted computers.
You say they are trusted because they are employee of your compant thats it..
You configure your firewall and everything from external threats and attacks but do you exactly do to make sure your employees are doing what they are supposed to do.
What applications they are running,Do they have any AV installed or have they removed themare they on the latest patch andAV defs or they are just hiding from Administrators..
An Adminstrator wants his netowork to be completely secred and Patched up..but do the employees care aout what defintion or patch they have..they think its Admins jobto check these things..
One Un-Patched/un-secure computer is enough to bring down the whole company without compliance check.
Symantec Network Access Control helps you acheive this compliance..
eg: A Field engineer /Sales Employee has been out for a month..he has not updated his definitions or patch..he has his laptop infected with bots
Then he logins to the network saves some files to your server including the bot..
Now the bot can control over your network..
When you have SNAC in place it wont allow an unpatched pc, old definition PC to connect to your critical servers.
First they will connect to a Remidiation VLan/Server to get these updates and become totally safe to be able to login to the network.
Think about the VPN clients who don't even come to office to connect to the LAN..how to beleive they are patched up ? SNAC will do that for you..
You can control what application clients should run and what they should not..
You can do any compliance related Job to make sure the clients inside your netowork including VPN clients are the trusted ones..
It is all policy/rules based about what do you think your clients should be like and should be doing...if they don't obey they are thrown out of the netowork..
You can also do windows patch management.
SNAC is a independent product that can be integrated by SEP/SEPM..
So if you are using any 3rd party antivirus it will do the compliance check for it..