May 24, 2010, 11:33 AM — After spending four months in the lab testing the 12 leading network access control products, we've come to this conclusion: Five years of hype, buzzwords, white papers, product launches, standards battles and vendor shakeouts have resulted in very little in the way of clarity. Agreement on what NAC really means and the right approach to NAC remain as elusive today as in 2005, when the first NAC products burst on the scene.
Our head-to-head comparison of specific NAC products from industry heavyweights such as Microsoft, Cisco, HP, Juniper, McAfee and Symantec, will appear in the June 21 issue of Network World. In this report, we analyze the barriers that have impeded the deployment of NAC within enterprise networks.
Network access control, which we're defining as a combination of authentication, end-point security checking and access control, emerged in response to the problem of mobile end users plugging infected laptops back into the enterprise network. NAC was intended to solve real problems and answer real questions: who is connecting to my network? Are they healthy? Can I control where they go? Can I shut them off if they misbehave?
Typically in our industry, products tend to coalesce over time towards common approaches and common feature sets. For example, today's Ethernet switches from different vendors are largely substitutable. Swap out an HP ProCurve switch for Enterasys and the switch is probably going to work in your network. But NAC hasn't worked out that way. The products bear very little similarity to each other. With very close inspection, a network manager might be able to find two or three products that can be compared head-to-head. But finding comparable products is difficult, and doing so pre-supposes that the network manager already knows the feature set and capabilities that they want.
There's no such thing as "best of breed" in NAC, because for the 12 vendors we evaluated, there are nearly 12 different "breeds" of NAC product.
Barrier No. 1: Politics gets in the way
A particularly difficult issue is finding a product that will be compatible both politically and technically with the network. Because NAC combines features of security, network management and desktop management, a NAC deployment faces significant organizational challenges on top of any technical challenges.