NAC market failures spark some aggressive marketing

Vendors get aggressive on winning NAC customers, while some companies wonder whether NAC is really the answer.

The battle to win business in the still-emerging market for network access control (NAC) is hotting up, with Forescout Technologies offering large inducements to customers of competing NAC suppliers.

Forescout's buyback programme was originally targeted at users of NAC products from Lockdown Networks, which closed for business in March, but this has now been extended to customers of Vernier Networks (which has also ceased its NAC business and renamed itself Autonomic), ConSentry, Cisco, Juniper and others.

We see the UK [NAC] market coming online this year
Ray Wizbowski
VP of marketingForescout
Ray Wizbowski, vice president of marketing for Forescout, said that companies switching to Forescout's appliance from another NAC supplier could expect credits worth anywhere between £2,000 and £13,000.

"We see the UK market coming online this year," he said. "We see interest in the market, and we see budget in place. We wanted to let people who are frustrated by a previous purchase to allow us to talk to them and get a foot in the door. We want people to see how easy it is to deploy a Forescout platform."

The main aim of network access control is to enforce security policies and prevent users connecting into systems without the right security controls in place. NAC systems typically check to ensure the user machine has up-to-date anti-virus installed and has been properly patched, and may also limit what the user can do if they are working in an unsafe environment, such as a WiFi hotspot.

With industry giants like Cisco and Microsoft endorsing the concept, and user groups such as the Jericho Forum underlining the need for a 'de-perimeterised' approach to security, the scene looked set for a boom in NAC products.

But the demise of Vernier and Lockdown, which cited "overall economic trends and slower than predicted adoption of NAC technology" for its woes, reflected a general impression that some NAC technologies had not delivered on their promise.

Wizbowski put much of the blame on Cisco for raising expectations too early in the market. "Cisco was pushing an immature technology that didn't work. It was cobbled together from a variety of acquisitions," he said. By contrast, he said Forescout's CounterACT appliance, which plugs into a network switch and mirrors traffic, can start delivering useful information as soon as it is installed.

"Forescout does device discovery, pre- and post-connect policy enforcement, remediation services, and all the reporting," he said. "Within a day, companies are already able to write policies, look at them in Monitor mode, and then if they want, turn on Enforcement mode. They derive value from that first day of deployment."

Grahame Smee, managing director of Cohort Technology, one of Forescout's UK distributors, said that the NAC story needed to be explained better to customers: "Like any technology, NAC covers a lot of features. You have to articulate that set of features into business benefit – and that is what a lot of people struggle to do."

He said IT budgets are currently quite tight, and so resellers need to focus on the concrete benefits of putting in a NAC system. "All customers think they are different. Many just want it as a network access auditing tool, just to know who is doing what and when. Other people want the full absolute control of who gets into their network."

He added that he was recruiting new resellers for the Forescout product, and said he had been contacted by former Lockdown resellers as well as current Cisco resellers.

One company that will not be handling Forescout is Global Secure Systems, a distributor and consultancy that handled the Vernier product line until recently. Managing director David Hobson said his main concern was to look after the existing Vernier customer base, and offered the promise of continued support. "Vernier have clients around the world. The products have been taken over by one of the senior technical staff, and the new company is going to provide support, development and back-up. It is not nearly as drastic as it was originally depicted."

Doubts cloud NAC market development

But Hobson revealed some doubts about how the future NAC market would develop. "I'm asking whether it is NAC we are looking for or application access control. It is obviously very important to do client checking and to make sure machines are properly patched and so on, but I think this could end up moving into the switch as part of the core infrastructure."

He said he had been contacted by Forescout distributors but added: "We won't be rushing to get into bed with them."

He also offered his own explanation for NAC not being as dynamic a market as once predicted. "Budgets are not overflowing, and security and network managers have other demands on their money. Ever since the HMRC breach, data leakage prevention seems to be taking a higher priority at the moment with company boards."

One of Forescout's targeted companies, ConSentry Networks, also claimed to be unworried by the buyback programme. "Forescout offers an out-of-band solution that is quite intrusive," said Alex Raistrick, ConSentry's director of Northern Europe. "People buy us for different reasons. They are not on our radar."

Read more on Hackers and cybercrime prevention