Startups Rush to Fill Network Access Control Void

A growing lack of NAC-compliant hardware from Cisco leaves room for vendors like Lockdown Networks and Vernier Networks to step in.

Not too long ago, NAC meant one thing: Cisco Systems Inc.s Network Admission Control technology. No longer.

With Cisco moving slowly to introduce NAC (network access control) features across its product line and the price of upgrading to NAC-compliant Cisco hardware steep, the ranks of NAC technology vendors are also set to swell, as a slew of small companies and startups bring NAC products to market.

Vernier Networks, of Mountain View, Calif., has seen sales of EdgeWall, its network access management appliance, soar since introducing the device in March. Revenue from EdgeWall sales doubled between the second and third quarters of this year, and the company has already shipped more than 400 units to 70 customers, said CEO Simon Khalaf.

In October, Vernier will release a new version of EdgeWall that allows the device to be placed behind VPN (virtual private networking) concentrators to screen VPN connections for malicious code or other violations of corporate security policy, he said.

Vernier initially targeted industries like health care, education and insurance, but said that demand has come from across the economy, including high technology, financial services and professional services companies.

/zimages/6/28571.gifChief Development Officer Charlie Giancarlo speaks about Ciscos initiatives. Click here to read the interview.

Lockdown Networks Inc., a Seattle-based maker of appliance-based vulnerability management technology, is seeing the same demand for its Lockdown Enforcer, a switch-based NAC product that the company debuted last week.

The hardware, which the company is promoting as a "turnkey" NAC solution, plugs directly into a companys switching infrastructure and scans systems that attempt to log on to the network for vulnerabilities, firewall configuration and compliance with user- and group-based security policies. Noncompliant systems are quarantined using VLANs (virtual LANs) created through the switch by Enforcer, company officials said.

While most NAC players enforce security policy at the network perimeter, still other companies are looking to bring NAC-like security policy checks onto the LAN.

ConSentry Networks, of Milpitas, Calif., will announce a new line of secure LAN controllers Monday that can control user access and malware outbreaks within internal networks, said Tom Barsi, president and CEO of ConSentry.

And Nevis Networks, a Santa Clara, Calif., startup, is preparing to release its first product later this year. The ASIC (Application Specific Integrated Circuit) appliance will allow enterprises to create a "personal DMZ" on each networked system to enforce security policies and prevent outbreaks, said Bill Scull, a former Sygate executive who is now senior vice president of marketing at Nevis.

NAC technology at the perimeter and on the LAN is hot because traditional LAN security products such as intrusion detection and prevention (IDS/IPS) technology and firewalls arent addressing the security threat posed by contractors, consultants and mobile workers whose actions cant be monitored or controlled, Scull said.

While Ciscos name is most closely associated with NAC, the companys NAC solution, which requires expensive upgrades to routers and switches and a separate desktop client, is far too costly and hard to implement for most companies, Khalaf said.

Next Page: Cisco gets some credit.