A War of Words
Rather than focusing on the war of words over its capabilities spurred on by those competitors, the company is focused on adding to the reach of its products, making NAC a pivotal technology for controlling access to network resources both inside and outside the walls of enterprise businesses. While many products that claim to offer the same benefits of Cisco NAC only cover one type of technology, such as systems that merely validate PCs but that may not support wireless devices, the networking giant is hoping to expand on four functional areas to make its technologies even more powerful.By requiring all this of NAC systems, customers will then be able to use the network-based security technologies to do things such as authenticate users for access to enterprise applications inside of their operations. Adding new layers of functionality on top of NAC is one of Ciscos major initiatives for the products in the future. "With the mature deployments we already see, people arent just using NAC to verify users anti-virus status, theyre looking at where people are logging in from to see if theres misuse of sensitive data; they dont want workers looking at customer records logged on at the local Starbucks, so in that sense NAC wont just be about software on the machine, but also looking at behaviors," OConnell said. Other future NAC product features will seek to help administrators get a better grasp on their entire network security standing by pulling in information from anti-virus programs, intrusion detection systems and other stand-alone security technologies. Industry watchers observed that Cisco may have damaged some perceptions of its security efforts by appearing to use the market to increase demand for its traditional networking products, but said the firm is making headway in carving out a wider role in the market. Rivals may be using Ciscos product features to market their own technologies, but they are likely helping the company as much as taking business away, said Andrew Jaquith, analyst with Boston-based Yankee Group. "Cisco initially hurt themselves by positioning NAC as rip and replace, so people saw it as an effort to get more gear into peoples hands, but they have changed their approach significantly and are offering alternatives to people who dont want to do it that way," Jaquith said. "Smaller NAC specialists have tried to make hay of the previous strategy, but the reality is that NAC is about more than perimeter security; the battleground over hearts and minds will actually be won over the ability of vendors to provide both network admission and post admission behavior." Other analysts said that many customers are looking to adopt NAC today, and also keeping a close eye on the launch of Microsofts rival Network Access Protection technologies, expected to arrive in 2007. Cisco and Redmond, Wash.-based Microsoft have already announced a major project aimed at lending interoperability to their respective products. "We see the demand for NAC is real, but mostly in an overlay sense today," said Jon Oltsik, analyst at Enterprise Strategy Group, Milford, Mass. "After Microsoft ships NAP, and when people get serious about rolling out around the [Internet Protocol version 6] standard, there will be a lot of network upgrades, and that will be the time when Cisco really takes advantage of all of its different network capabilities."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.
Those tenets of pure NAC, as Cisco defines it, demand products that securely identify all types of devices, enforce consistent security policies, offer the ability to quarantine and remediate machines that are legitimate but lack some level of protection, and allow for central configuration and management to let administrators tailor their systems to their companys preferences.