Startups Rush to Fill NAC Void

A growing lack of NAC-compliant hardware from Cisco leaves room for vendors like Lockdown Networks and Vernier Networks to step in.

Not too long ago, NAC meant one thing: Cisco Systems Inc.s Network Admission Control technology. No longer.

With Cisco moving slowly to introduce NAC (network access control) features across its product line and the price of upgrading to NAC-compliant Cisco hardware steep, the ranks of NAC technology vendors are also set to swell, as a slew of small companies and startups bring NAC products to market.

Lockdown Networks Inc., a Seattle-based maker of appliance-based vulnerability management technology, is seeing huge demand for its Lockdown Enforcer, a switch-based NAC product that the company debuted last week.

The hardware plugs directly into a companys switching infrastructure and scans systems that attempt to log on to the network for vulnerabilities, firewall configuration and compliance with user- and group-based security policies. Noncompliant systems are quarantined using VLANs (virtual LANs) created through the switch by Enforcer, company officials said.

Vernier Networks Inc., of Mountain View, Calif., has seen sales of EdgeWall, its network access management tool, soar since its launch in March. Revenue from EdgeWall sales doubled from the second and third fiscal quarters of this year, said CEO Simon Khalaf.

Next month, Vernier will release a version of EdgeWall that allows the device to be placed behind VPN concentrators to screen SSL (Secure Sockets Layer) VPN connections for malicious code or other security policy violations, Khalaf said.

While Ciscos name is most closely associated with NAC, the companys NAC solution, which requires expensive upgrades to routers and switches and a separate desktop client, is far too costly and hard to implement for most companies, Khalaf said.

In fact, some executives are happy to credit Cisco with driving customers to their door.

"[Cisco] NAC has been great for us," said Khalaf. "Cisco has done a lot of education and raised awareness about the [NAC] issue, but [Cisco] NAC is a solution that requires significant infrastructure changes."

/zimages/3/28571.gifIntel and Cisco are teaming up to help companies defend against security threats. Click here to read more.

Schlumberger Ltd., an oil-field services company in New York, did a four-month evaluation of Ciscos NAC technology but decided to go with Lockdown after Ciscos Security Agent software conflicted with applications Schlumberger was running internally, said Mario Chiock, a senior IT security adviser at Schlumberger. "Cisco promised a lot last year, but they havent delivered yet," Chiock said.

Ciscos NAC already does, or will, support nearly every router and switch platform the company sells, including products it no longer sells, company officials said. Cisco is also planning to standardize its NAC technology through an open forum, likely next year, and deliver an agentless NAC technology in NAC2, an upcoming release, officials said.

Even when the Cisco technology is mature, Schlumberger would have to replace the bulk of its Cisco networking infrastructure to take advantage of the new NAC features.

"We have 1,900 [Cisco] switches that will never be upgradable," Chiock said.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.