The network access control (NAC) marketplace is crowded and highly
Security vendor ConSentry Networks is among those trying to rise
above the crowd and the NAC noise. The company recently
boasted that it doubled its customer base in the last six months.
It has also inked an OEM deal with networking giant Alcatel-Lucent to
resell ConSentry’s LANShield product line.
There are a number of reasons one vendor or another thinks its got
what it takes to succeed with NAC. Internetnews.com recently chatted
with Tom Barsi CEO of ConSentry Networks about what he thinks it takes to
win with NAC.
Q: How do you differentiate against all the NAC noise?
First and foremost our products are real and have been shipping for inline
network admission control for over a year.
We believe that NAC is a nice starting point but it’s just a feature. I
would argue that most NAC vendors will end up going away as you embed the
functionality into the infrastructure.
We think we’re uniquely positioned because we provide a single platform
whether it is our control or switch which gives you ability to do the
pre-admission and the post-admission piece.
When you just buy a standalone NAC solution typically it’s just
authentication and you have no control over where those people who are
authenticated go on the network.
Q: There are a number of access control standards, including Microsoft NAP,
Trusted Network Computing’s Trusted Network Connect (TNC) and Cisco NAC. Is
it important for ConSentry to be interoperable with those standards?
It is critical that the LAN security access control solution is standards
based. We will interoperate with the leading solutions. We refer to this as
the Switzerland approach where we want to interoperate with all of the best-of-breed solutions whether it is Microsoft NAP, Symantec or others.
Also in terms of the identity store, people already have authentication
mechanisms in their network today where roles and policies reside. So we’ll
interoperate with Microsoft Active Directory, LDAP, RADIUS and others.
Q: What are the misconceptions or myths about what ConSentry does or
The first misconception is that NAC as a standalone solution is enough. It’s
not. What you also need in addition to the pre-admission piece is the post-admission piece. You want to be able to control where users go on the network. You want to control who gets access to resource. You want to control the
outbreak of a potential zero-day worm.
Ultimately where this is going is down to the wire closet, and you’ll want to
secure every port. ConSentry is now the first secure switch in the industry.
The only way to lock down your LAN is to make control pervasive. And the only
way to make it pervasive is to secure every port.
Q: What are the barriers to adoption for ConSentry’s solutions?
One of the biggest challenges for LAN security is first understanding the
requirements. It’s first about education.
Next step is helping the enterprise understand where their starting point
needs to be, whether it’s locking down their conference rooms or locking down
a specific segment that supports contractors.
Beyond education, simplifying the deployment process has typically been the
Q: What surprises have you seen since you started off in this business?
What’s unique for ConSentry is we originally set out the vision that
ultimately the industry would need a secure switch that we would reach an
inflexion point where we would no longer be updating the wire closet just
for connectivity and speed.
The good news is that we haven’t changed that vision and it’s playing out in
terms of the marketplace.
The surprise is probably the number of folks that are trying to get into the
game of LAN security. It’s clearly customer driven. Enterprises are demanding
that they get LAN security, and we think we’re well-positioned to solve that