UK-based antivirus vendor Sophos announced Thursday that it plans to acquire Endforce, an endpoint security policy compliance and network access control (NAC) software maker.
Sophos said it plans to plans to add Endforce's NAC to its product line up. Terms of the deal were not released.
Security experts say that more companies are seeking ways to improve identity and access control by implementing two-factor authentication, smart cards and tokens. NAC appliances and software allow firms to restrict the data that each particular user can access, as well as implement anti-threat applications such as firewalls, antivirus software and spyware-detection programs.
"Sophos is capitalizing on fact that NAC is not going to be a stand alone phenomena," said Robert Whiteley, senior analyst at Cambridge, Mass.-based Forrester Research. "To compete with the likes of McAfee, Symantec, Cisco, and Microsoft they've recognized that they're going to have to have this key element."
Standards are emerging. Cisco's Network Admission Control consortium and Microsoft's Network Access Protection have agreed to ensure that products they develop will be compatible. The Internet Engineering Task Force (IETF) standards body is also working on a set of standards to ensure compatibility.
Users care most about Microsoft because Microsoft is building NAP into Longhorn and Vista, while ensuring that it's compatible with Cisco, Whiteley said. Since the friction over compatibility is decreasing, software based approaches provided by vendors such as McAfee, Symantec and now Sophos, will prove to be more popular, he said.
"Administrators demand the option of choosing a NAC provider without the risk of disrupting installed systems, and Sophos is prepared to meet that demand ahead of our competitors," Steve Munford, CEO of Sophos said in a statement.
Columbus, Ohio-based Endforce can deploy its NAC appliances in environments of greater than 10,000 users. The software tends to work well for very distributed enterprises where people work remotely, Whiteley said.
The acquisition of a NAC solution completes a year in which Sophos added application control and host intrusion prevention (HIPS) to its endpoint security products. The company also recently launched an all-in-one Web security appliance that provides content security, application control and URL filtering.
Sophos said it will maintain the Endforce operation and expand its engineering, product development, sales and support to include the existing staff. Endforce products will continue to be developed and sold under the Sophos brand.