NAC growth sluggish as companies consider network security options

By Dennis Fisher, Executive Editor 19 Jul 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

I expect some form of NAC to be integrated into the infrastructure in the next three to five years. Pete Lindstrom, analyst, Burton Group

The market for enterprise NAC systems right now is a classic portrait of a market in its infancy. A handful of mostly large vendors, notably Cisco Systems Inc., Symantec Corp. and Vernier Networks, dominate the landscape at present, with a slew of smaller players scrambling to get into the team picture and attract the attention of potential customers.

But, despite the marketing hype from the vendors and the generally accepted potential utility of the technology itself, enterprise buyers seem to be taking a wait-and-see approach to large company-wide NAC deployments. More common are smaller, department-level deployments or installations at branch offices, which enable administrators to evaluate the system and its scalability before rolling it out to the entire organization.

Deploying NAC: What to consider when deploying NAC products: There have been some network access control (NAC) success stories, but there has also been a fair share of NAC frustrations and deployment issues. Essential elements of a NAC endpoint strategy: Don't make the mistake in believing that network access control is simply about endpoint security. In fact, it's about much more. Expert: NAC not a network security cure-all: NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry. NAC panel says technology may not add up: A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it.

This state of affairs is likely to change in the next two or three years, however, as Cisco completes the pieces of its NAC offering and enterprises begin deployments of Windows Vista and Longhorn Server, both of which contain pieces of the company's NAP (Network Access Protection) system. Organizations that either have a significant investment in Cisco gear or plan to roll out Vista and Longhorn in the near future likely are waiting for those offerings to be complete instead of going with one of the niche vendors, analysts and customers say.

"There's still a big question on the network side as to how detailed people will get on driving access across the network," said Pete Lindstrom, a senior analyst at Midvale, Utah-based Burton Group.

Still, the NAC market is no small affair, even at this early stage of its development. Analyst firm Internet Research Group predicts the NAC market will top $300 million in 2007 and should break the $1 billion barrier by 2010. Not all of that is going to go to Cisco and Microsoft. In fact, some large organizations already gone ahead with NAC deployments, rather than wait.

"We looked at the Cisco stuff, McAfee, Check Point and even ISS, but none of them was mature enough for what we wanted to do," said Sammy Spurlock, manager of security and disaster recovery at Standard Register, a large document services company based in Dayton, Ohio, that has deployed Symantec's Sygate Enterprise Protection. "I needed something that would help us comply with our audits, specifically around remote access. I use the agent to pull together all of the threads for our compliance efforts. I wasn't focused completely on access control, so this worked perfectly for us."

Another factor that is limiting the rate of enterprise deployments right now is the fact that many of the more advanced systems require the use of 802.1x, an authentication protocol that is not supported widely yet.

In the end, however, the larger vendors are likely to retain the lion's share of the market, as they almost always do.

"I expect some form of NAC to be integrated into the infrastructure in the next three to five years," Lindstrom said. "With the big boys like Cisco and Microsoft you really have to buy into their model directly. There will be room for the smaller players, but in big deployments the big vendors will have to win out, almost by default."

Tags: Network Access Control Basics,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Basics Symantec offers endpoint protection management, monitoring services Configuring access control lists What is the difference between a VPN and remote control? Quiz: Endpoint security on a budget Opinion: Gartner gets NAC wrong, again What security software should be installed on Internet café computers? What are the best network security books? Should the government reduce its external Internet connections? Trustwave acquires NAC appliance vendor Mirage Networks Product Review: Rohati TNS 100 Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Kerberos  (SearchSecurity.com) masquerade  (SearchSecurity.com) phreak  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary