NAC questions nag at big security vendors

Symantec, McAfee acknowledge technology still a challenge

Symantec and McAfee appear to be bumping up against a common wall when it comes to one component typically found in security software suites: Network access control.

Companies are buying NAC-style functionality in suites from these two market leaders—but they're just not using it much.

(Read more about the move toward security software suites.

"NAC was very hyped but it's difficult to deploy," acknowledges Patrick Wheeler, Symantec's product manager for endpoint compliance. "The policy is difficult. There are phases for network access control and the easiest thing to do is 'audit' only. That's what most are doing. They're not enforcing or blocking."

McAfee's DeWalt concedes NAC is "still a nascent area." (Compare NAC products.)

Darrell Rodenbaugh, senior vice president of McAfee's mid-market business unit, adds: "NAC probably won't play a significant role in the mid-market in the near term."

Some of McAfee's most enthusiastic endpoint-security customers just aren't sold on it.

"We're licensed to use it with McAfee but we've only taken tentative steps with it," says Paul Baltzell, director of distributed services for the State of Indiana. "NAC is of interest but it makes us nervous. The potential is definitely there to shut down users, shut them out of the network. NAC is something we're playing with but we're looking at Cisco NAC also. We're not sure."

Gartner research director Lawrence Orans says Cisco has more traction on NAC because it tends to be a decision made by the network team inside an organization. But he adds that about 80% of Gartner's clients who use any vendor's NAC use it mainly for "guest networking."  

This first phase is simply to ask ‘Are you one of us, yes or no,'" Orans says. About 15% use NAC for "endpoint base-lining — to see if it's got patches, or antivirus or a personal firewall," he says, adding, "but very few use it for quarantining."

The most ambitious users of NAC can be found in university environments, Orans notes, because IT administrators have found it to be a huge help in the management challenges they face in protecting campus networks where students and others bring their own laptops.

That's the case at Iona College where at the start of every new academic term, the network access controller — CybergateKeeper from vendor InfoExpress — checks every computer seeking to gain access to the campus wireless network.

It then installs the InfoExpress NAC software agent, which makes sure every student is running the appropriate antivirus software and has updated patches, says Dimitris Halaris, associate vice provost for IT.

The InfoExpress agent makes sure that the antivirus software the college requires — Symantec's Norton AntiVirus — is on every student's machine and up to date, and quarantining does occur. This process has been in place since last summer and "it has alleviated the need to have 15 people hands-on on a moving day," Halaris says.

A few years ago the college tried the Symantec NAC but at the time it didn't support enough operating systems to work well in the campus environment, Halaris says.

Join the discussion
Be the first to comment on this article. Our Commenting Policies