Portnox Cloud Product Review

Unlike most legacy on-premises and cloud-managed UAC solutions, Portnox Cloud can use an agentless architecture, doesn’t require any on-site appliances and can be up and running in as little as 30 minutes. Transparency in pricing is another compelling way Portnox brings value, as is only requiring you to pay for the components you need.

Portnox Cloud comprises four main components – RADIUS authentication, TACACS+, Zero Trust NAC and Conditional Access for Applications. All components are managed from a single intuitive cloud portal, which seamlessly combines them to deliver essential security features such as passwordless authentication, risk posture assessment, network device administration, and compliance enforcement.

Onboarding is swift and you can try it out first as a free 30-day trial with unrestricted access to all features. Once you have signed up, you are directed to create cloud RADIUS server instances for your company. Portnox uses N+2 redundant clusters for all wired, wireless and VPN authentication.

The portal furnishes you with unique RADIUS server IP addresses, authentication and accounting port numbers plus shared secrets which you use to configure your network access servers. Portnox has internet outages covered as you can optionally deploy its local virtualised RADIUS servers to avoid any service disruption.

Next, you integrate Portnox Cloud with your preferred authentication repository. There are plenty on its guest list including Microsoft Entra ID, Google Workspace and Okta Workforce plus local Active Directory and OpenLDAP instances.

A key feature of Portnox Cloud is certificate-based authentication. This method elevates an organisation’s security posture by preventing sharing credentials, reused/insecure passwords, and the ever-present danger of falling victim to a phishing or social engineering scheme. Standard credential-based authentication is supported (along with MFA), but certificate-based authentication is a superior option.

Portnox will provide each organisation with a root certificate, or they can import their own. Businesses worried about the complexity and scale of certificate deployment to endpoints can rest easy as Portnox Cloud supports products that leverage the SCEP (simple certificate enrollment protocol) such as Microsoft InTune and Jamf.

Portnox places employees and devices in groups that each have policies assigned to them to enforce access controls, privileges and requirements. Policies are highly flexible as they can, for example, use 802.1x to control wired network access, assign specific wireless SSIDs to group members or guests and define VPN access.

Available for Windows, macOS, Linux, iOS and Android endpoints, Portnox AgentP is a lightweight software agent that takes access controls to the next level. It provides streamlined onboarding, particularly where certificates for user and device authentication are being used, and can gather a lot more information about endpoints such as the OS, user, installed applications, and system configuration.

This extra information allows device risk policies that cover a plethora of options such as checking for unauthorised software, unencrypted disks, out-of-date antivirus, and more, when determining access. Other major benefits include automated endpoint remediation to ensure endpoints meet your criteria for network access and Portnox’s Conditional Access for Applications service which enables SSO for secure access to web applications.

Businesses concerned about the cost, complexity and management overheads associated with traditional NAC products will find Portnox Cloud very appealing. This unique cloud-native solution is simple to deploy and manage, doesn’t require additional infrastructure investment and is available in a range of competitively priced subscriptions.