It’s a NAC World For Network Security. Or is it?


Is network access control (NAC) the Holy Grail of network security?


A very long list of vendors trumpeted their NAC wares and initiatives at the RSA show this week. Many of the announcements struck similar cords with bold pronouncements of being the industry’s best, most complete or leading NAC initiative. The NAC parade included announcements and pronouncements from Microsoft, Symantec , Juniper, Sophos, TippingPoint, StillSecure, ConSentry, Nevis Networks,
Lockdown, Lockdown Networks, InfoExpress, Vernier Networks, Extreme
Networks
and many others.


Yet rising about all the NAC noise of the RSA show floor a new theme is
beginning to emerge that NAC is only a part, albeit an important part, of a
wider network security posture.


Microsoft, for instance, which trumpeted the fact that its Network
Address Protection Program (NAP) already has 100 partners. This despite the fact that NAP isn’t available as a shipping product yet and won’t be until Windows Server Longhorn is released later this year.


Though not all of Microsoft’s 100 NAP partners issued corresponding releases
announcing their NAP interoperability, a good number of them did. Lockdown
Networks announced that their flagship NAC solution, Lockdown Enforcer, now
has full support for NAP. Lockdown is also compatible with the
other two big access control frameworks, Cisco’s NAC and Trusted
Computing Group’s Trusted Network Connect (TNC).


Lockdown’s VP of Marketing Dan Clark argued that, as opposed to others among Microsoft’s partners, Lockdown is differentiated because the product is a purpose-built solution as opposed to a feature in an overall product designed for
something else.


The last two years has seen a dramatic explosion in the number of vendors
that claim to do some form of NAC.


“At the last RSA, the number of vendors who said they did NAC began to
explode,” Clark told internetnews.com. “When we started there was
just us and Cisco. By the end of 2005 there were maybe 15 companies that said
they did access control. By the end of RSA 2006 there were 60.”


In Clark’s opinion, however, this is the year when a shakeout in the market
is likely to occur.


“I think for the industry as a whole 2007 will be the year where the weaker
network access control players fade away,” Clark said. “It will be the year
that 40 of them give up on trying to market themselves as NAC and we’ll get
consolidation down to the real players with real solutions.”


Juniper Networks is also on Microsoft’s NAP partner
list, though Juniper has its own views on NAP and it’s own partners for its
TNC compliant Unified Access
Control (UAC) solution.


Karthik Krishnan, Juniper Networks’ UAC product manager told
internetnews.com that Juniper customers are not asking for NAP
because it is not a shipping solution. The plan is for UAC to interoperate
with NAP but, according to Krishnan, that is more of a technical line item for
whenever Windows Server Longhorn ships.


As far as NAC is concerned, Krishnan has a strong opinion there as well.


“The word NAC is much abused,” Krishnan said.


He explained that access control is only the first step in a wider plan
for networking security with the second step being a broader and
co-coordinated threat management approach.


Nevis Networks, which is also on Microsoft’s NAP partner list, went so far as
to say that even though they do NAC and are compliant with Cisco, Microsoft
and TNC, they are not in the NAC business. Dominic Wilde, VP of marketing,
argued that NAC is the past and what Nevis calls LAN security is the future.


Nevis announced a purpose-built LAN security appliance and switch that can
handle NAC this week.


“We don’t view ourselves as being in the NAC market though we think that NAC
and all the buzz that goes around it, is a good starting point,” Wilde said. “But we believe that NAC is part of a much bigger problem.”


For Wilde that means Nevis’ offering is more comprehensive than others since
the solution offers post-connect security with inline threat detection.


That being the case, Wilde admitted that Nevis’ solutions doesn’t do
everything needed quite yet either.


“We need to go deeper and do more application layer control,” Wilde said.
“We’re at network layer and we can do application control today, but we need
to do more of that and increase the functionality.”


Cisco , the company that coined the term NAC in the first
place, actually agrees that there is a lot of misplaced conjecture around NAC
and what it can and can’t do.


“It’s an unfortunate byproduct of a very rapidly evolving technology without
a lot of really well defined terminology,” Mike Nielsen, marketing manager
for threat control systems and solutions at Cisco said.


Cisco didn’t actually end up announcing any new NAC products at RSA this
week. Instead what they did was roll out a massive update
to their broad Self Defending Network architecture, which NAC is a member.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web