NAC growth sluggish as companies consider network security options

Companies are taking a wait-and-see approach, hoping the technology's maturity will make it more cost effective.

The market for enterprise NAC systems right now is a classic portrait of a market in its infancy. A handful of mostly large vendors, notably Cisco Systems, Symantec and Vernier Networks, dominate the landscape at present, with a slew of smaller players scrambling to get into the team picture and attract the attention of potential customers.

But, despite the marketing hype from the vendors and the generally accepted potential utility of the technology itself, enterprise buyers seem to be taking a wait-and-see approach to large company-wide NAC deployments. More common are smaller, department-level deployments or installations at branch offices, which enable administrators to evaluate the system and its scalability before rolling it out to the entire organisation.

This state of affairs is likely to change in the next two or three years, however, as Cisco completes the pieces of its NAC offering and enterprises begin deployments of Windows Vista and Longhorn Server, both of which contain pieces of the company's NAP (Network Access Protection) system. Organisations that either have a significant investment in Cisco gear or plan to roll out Vista and Longhorn in the near future likely are waiting for those offerings to be complete instead of going with one of the niche vendors, analysts and customers say.

"There's still a big question on the network side as to how detailed people will get on driving access across the network," said Pete Lindstrom, a senior analyst at Midvale, Utah-based Burton Group.

Still, the NAC market is no small affair, even at this early stage of its development. Analyst firm Internet Research Group predicts the NAC market will top US$300 million in 2007 and should break the US$1 billion barrier by 2010. Not all of that is going to go to Cisco and Microsoft. In fact, some large organisations already gone ahead with NAC deployments, rather than wait.

"We looked at the Cisco stuff, McAfee, Check Point and even ISS, but none of them was mature enough for what we wanted to do," said Sammy Spurlock, manager of security and disaster recovery at Standard Register, a large document services company based in Dayton, Ohio, that has deployed Symantec's Sygate Enterprise Protection. "I needed something that would help us comply with our audits, specifically around remote access. I use the agent to pull together all of the threads for our compliance efforts. I wasn't focused completely on access control, so this worked perfectly for us."

Another factor that is limiting the rate of enterprise deployments right now is the fact that many of the more advanced systems require the use of 802.1x, an authentication protocol that is not supported widely yet.

In the end, however, the larger vendors are likely to retain the lion's share of the market, as they almost always do.

"I expect some form of NAC to be integrated into the infrastructure in the next three to five years," Lindstrom said. "With the big boys like Cisco and Microsoft you really have to buy into their model directly. There will be room for the smaller players, but in big deployments the big vendors will have to win out, almost by default."

Read more on Network security management