Network access control still draws the crowds

Interest in NAC remained high at RSA conference

At this year's RSA Conference earlier this month, there were fewer sessions and displays devoted to NAC than at previous conferences, but interest in the technology still seemed to run high among 2008 attendees.

A panel about NAC's future packed a 250-seat meeting room to capacity, with most audience members indicating by a show of hands that they want Microsoft's version of NAC - network access protection (NAP) - to interoperate with Cisco's because they already use key products from both vendors.

The recent availability of all components of NAP is triggering renewed interest in the technology, which Microsoft and other NAC players looked to exploit at the show.

One NAC vendor, Bradford Networks, announced that it has a new appliance that imposes NAC on guest machines trying to gain network access. Great Bay Software made a similar announcement this week.

Also at the show, Microsoft hosted a booth with other vendors whose NAC gear either interoperates with NAP or makes NAP compatible with client machines running other-than-Windows operating systems. Cisco, which promises its NAP-compliant NAC gear will be out in a month or so, did not participate in the booth, which Microsoft dubbed "The 2008 NAP World Tour".

Yet despite the apparent interest at RSA, there is a wider impression that NAC isn't catching on, fueled by the demise of two NAC vendors (Lockdown Networks and Caymas Systems) over the past year and the repositioning of a third, Vernier Networks.

"There is a perception that NAC is struggling," says Lawrence Orans, an analyst with Gartner. He quotes sales of NAC gear for 2007 at US$225 million (NZ$285 million). He notes sales of IPS equipment was US$700 million and sales of firewall/VPN gear was US$3 billion. "NAC is not there, but a couple of hundred million is not bad," he says.

As NAC technology matures, it is becoming more widely deployed and better understood, and the major forces behind it - Cisco, Microsoft and to some extent Juniper - are getting their stories straightened out, says Phil Hochmuth, an analyst with Yankee Group.

"The window of opportunity that was open to NAC start-ups is closing because of this," Hochmuth says. "There won't be a long, glowing obituary for the overall NAC market, just a bunch of small death notices for vendors who cannot differentiate or interoperate with larger NAC standards or architectures. What's happened is that NAC is becoming what it's always been: a feature of enterprise infrastructure, not a stand-alone product or market itself."

As the market shakes out, one thing is clear: Rolling out NAC is difficult, according to Microsoft and Cisco panelists.

Microsoft has deployed NAP to 150,000 devices, and discovered that a large number of them don't meet NAP policies. "It's a lot harder to get to a state of compliance than you might think," says Khaja Ahmed, director of Microsoft's enterprise security group.

Still the benefits can be great, Ahmed says. "It's probably the biggest bump up in security you will get," he says, because devices will be forced into compliance each time they log on. "It's like a continuous audit."

Join the newsletter!

Error: Please check your email address.

Tags network accessrsaappliancesSpecial ID

Show Comments
[]