Start Me Up: New NAC Offerings Gaining Attention

While Microsoft and Cisco Systems hammer out the details of their strategies for delivering network access control, many startups have begun selling their own NAC offerings to companies eager to deploy the technology today.

Providing simple, cost-effective NAC offerings, these startups are beginning to attract attention from solution providers. "There is definitely a window here, because the Microsoft story doesn't come together until [Longhorn Server and Windows Vista], and Cisco's [NAC] requires you to update all network hardware," said Ted Dinsmore, managing director at Conchango, a solution provider with offices in in New York and London.

For example, Consentry Networks, a Milpitas, Calif.-based startup, aims to consolidate much of the complexity of NAC into a single box. Leveraging existing systems and tying into existing identity stores such as Active Directory to simplify deployment of NAC are central to Consentry's NAC strategy, said Michelle McLean, senior director of product marketing.

Unlike Cisco's NAC, which requires companies to upgrade their switches, companies can deploy Consentry's NAC offering without making any changes to existing infrastructure, McLean added. Tom Duffy, president and CEO of Igxglobal, Rocky Hill, Conn., said that Consentry provides an economical way to deploy NAC. "They show ROI by working with legacy switching environments and scale for [companies] that want growth, and they address the client issue with automation, which is key," said Duffy, adding that Consentry also gives users the ability to build user-based policies. Sunnyvale, Calif.-based Infoblox is another NAC vendor gaining favor with VARs. Infoblox uses the Dynamic Host Configuration Protocol (DHCP) in an innovative fashion to control network access, according to Dave Shackleford, director of security solutions and assessment services at Vigilar, an Atlanta-based solution provider. Without having to install any intermediary hardware such as a switch, or end-point clients, Infoblox's NAC offering can authenticate users and systems before providing them with a valid IP address. The product is based on various policies that can be set from the Infoblox appliances, Shackleford said. Mirage Networks, an Austin, Texas-based NAC startup, packages NAC functionality within a single box as opposed to relying on third-party scanners, said Peter Bybee, CEO of Network Vigilance, a San Diego solution provider. "We like Mirage because it's a somewhat infrastructure-independent solution that doesn't require deep switch integration for containment or mitigation. This is critical for us because it lowers the integration and infrastructure costs," said Bybee.

Mirage's NAC solution handles realtime threat detection, containment and end-point policy enforcement before and after admitting users to the network, which is an important differentiator, said Bybee. "Other [NAC] solutions only offer one or the other or don't include the network with regard to realtime threat protection, only on the perimeter through a NAC policy check," he said.

The NAC startups' window of opportunity is likely to remain open for the foreseeable future because anything that can be done to reduce NAC's complexity is a major benefit, said Chris Labatt-Simon, president and CEO of D&D Consulting, Albany, N.Y.

"Solutions that can overlay access control on existing legacy networks are definitely a need," Labatt-Simon said. "The whole idea of pushing a [NAC] solution on top of the switch is the future."