Network access control (NAC) products debuted earlier this decade with a lot of hype, but confusion about the technology...
has meant slower-than-expected adoption -- and poor business for solution providers.
Now, despite signs that some smaller vendors are moving away from network access control products, some observers are seeing renewed channel opportunities as larger vendors make NAC part of comprehensive security solutions.
"It was slated to be the next big thing on the security market," said Aamir Lakhani, a senior consulting engineer for World Wide Technology, a Cisco Systems partner in St. Louis. "People thought it was going to be the be-all, end-all solution."
That was back in 2005, and while the buzz around network access control products has continued to this day, it never really came to fruition. One of the biggest roadblocks has been confusion about what exactly NAC entails. Some vendors use the term to describe specific technology that assesses the safety of a device trying to connect to a network, while others use it broadly and interchangeably with terms like intrusion detection.
"NAC is not a scientific enough term that everybody can agree on it," said Rich Langston, Symantec's senior network access control product manager.
The name itself is also a source of confusion. For Symantec and most others, NAC stands for "network access control." But Cisco calls its product Network Admission Control, and Microsoft's is Network Access Protection.
As hard as it is to define NAC, it may be even tougher to determine the success of network access control products, according to Paul Roberts, a senior analyst with The 451 Group.
"It's very difficult, because the largest players in the NAC space are companies like Juniper [Networks] and Cisco and Microsoft, and NAC is just one feature set for those very diversified vendors," he said. "It's hard to get a number on what just NAC sales are."
Roberts has talked to several smaller vendors that specialize in network access control products. Most are funded by venture capitalists, and although none have told him they are profitable yet, they do expect business to increase in 2008, he said.
"To hear from them, the numbers are going up, but there are also signs of distress," he said.
Vernier Network's quiet name change to Autonomic Networks may indicate that the Mountain View, Calif.-based company is looking to dissociate itself from its history in network access control products, Roberts said. Another NAC specialty vendor, Austin, Texas-based Mirage Networks, "may be getting to the end of their rope as well," he said.
Larger vendors, on the other hand, have the product portfolios and built-in customer base to succeed in the NAC market.
As needs have changed over the years, Roberts said, "Most companies are looking at access control technology … as part of the overall security that they've already got."
Lakhani agreed, saying, "Companies that can provide a complete end-to-end solution have an advantage."
Regardless of how NAC is defined, the ultimate goal is to enforce network access policies. And the best policy enforcement happens when network access control products can communicate with other security and networking software and appliances, said Brendan O'Connell, Cisco's network access control product marketing manager.
"It's easier for us to put together solutions," he said.
Integrating NAC into a customer's existing infrastructure is one of the biggest channel opportunities. Lakhani said a lot of Cisco's Network Admission Control customers often combine the product with Cisco's NAC Profiler and NAC Guest Server, but it also integrates "pretty easily" with other vendors' products.
Symantec has made its network access control product an optional upgrade built into the new Symantec Endpoint Protection 11.0. All it takes to perform the upgrade is "a simple five-minute install" of a disc on a server, but there are several phases to optimizing Symantec NAC for work with the rest of the suite, Langston said.
"The way we'd recommend that customers adopt NAC, there's three or four steps," he said. "And each step is an opportunity."
Despite slow growth of the NAC market, "there's general agreement that the core value proposition for access control is a good one," Roberts said. "The next 12 or 18 months are going to be a good time to be out there selling NAC into the enterprise."