Security experts predict rough sailing ahead for network access control (NAC) vendors, as illustrated by Vernier Networks' announced name change and directional shift earlier this month. But in recent interviews, NAC providers say they have a recipe for survival -- with manageability is the main ingredient.
They admit the NAC market has become bloated in recent years, fueled by speculation that every big enterprise would clamor for NAC technology to satisfy regulatory rules and harden networks against data thieves. But demand has lagged behind expectations because NAC is seen as expensive and complicated and companies want the technology baked into their larger IT infrastructure. Therefore, IT pros are happy to sit back and see if Cisco and Microsoft will meet their NAC needs.
But Rich Mogull, a former Gartner analyst and founder of independent security consultancy Securosis, noted that Microsoft and Cisco haven't successfully provided all the manageability and functionality customers want, and that there's opportunity for vendors that can understand that.
It's the manageability, stupid
One vendor who claims to understand what Mogull is saying is Check Point Software Technologies, which offers NAC via its existing firewalls, VPNs, endpoint security and other products. Gaurav Marwaha and Yoni Lebowitsch, two of the vendor's product managers, boast that Check Point's integration efforts are not a knee-jerk reaction to current events.
"We've done this as an integrated offering for years," Marwaha said. "NAC frameworks haven't been as successful because of the upgrades needed, and our solution was to offer something that wouldn't require a significant upgrade. We're pushing minimally-invasive NAC."
As for the Cisco-Microsoft effect on the market, they said Check Point is unfazed. Lebowitsch said Cisco has pushed NAC via its Self-Defending Network concept for awhile now, but that they've had a lot of trouble getting the management part down. That, he said, is where Check Point fills the gap. "We have been known for years for having one of the most evolved security management platforms around," he said.
LANDesk Software takes a similar approach in that it offers NAC capabilities as part of its larger security suite. Devin Anderson, business line manager for security solutions at LANDesk, said his company is taking wait-and-see attitude with Microsoft and Cisco and that for now, his customers' interest in NAC is "pretty minimal." That being the case, he said the best way to compete in the NAC market is by emphasizing manageability.
"The vendors who are positioned unfavorably are those who are strategically centered around NAC," he said. "If you base your model on NAC adoption, you'll fail or do what Vernier did. The big companies will succeed because NAC isn't where they're making their money. The winners will have adaptable solutions that can bridge across the different pieces of the network; and those who can help manage what the big boys have."
Sticking to their guns
Not everyone agrees that stand-alone NAC vendors are headed the way of the dinosaur, of course. One contrarian is Dan Clark, vice president of marketing for NAC vendor Lockdown Networks.
Lockdown recently announced it is updating its Lockdown Enforcer product for better manageability, with new features designed to simplify the initial setup, enable more flexible user and device registration and expand on Enforcer's assessment and auto-remediation capabilities. The company also announced it was releasing an updated, high-performance 2U platform capable of supporting very large enterprise deployments.
But Clark disputes the notion that vendors will disappear if they remain solely focused on NAC. On the contrary, he believes companies that'll go away are the ones who offer NAC as a feature rather than as a product. So while it's important to address enterprise demands for more manageability, he said Lockdown is sticking to its guns.
"You have to separate the products and companies where NAC is a feature from where NAC is a real product," he said. "I think those who offer NAC as a feature will go away because they'll find it's too hard to sell when you're not offering it as a full solution, and the survivors will be those who were fully focused on NAC."
For Clark, his current customer base is proof that there's still plenty of room for standalone NAC vendors to thrive. He said many of his customers are Global 100 companies, and that a key to Lockdown's success has been in attracting big companies doing big rollouts.
"It took longer than expected to attract those customers, but we're have them now," Clark said. "It goes to show that the proof is in the pudding."