Bad news for NAC vendors that rely on agents

Clarifying issues surrounding this emerging security architecture

Enterprises are fed up with agents on their endpoints - very fed up. Part of the reason is that the more agents on an endpoint, the more demanding the task of maintaining them. Another part is the complaints that flood the help desk when something goes wrong, or doesn't go wrong yet an agent degrades performance of the endpoint.

Recently a network security consultant told the story of one of his clients who dumped the vendor that supplied a 300,000-seat antivirus software deployment. Why? Because every time the antivirus agent would update its signatures, it would download a completely new image of the library, not just the changes that had taken place since the last time.

That slowed down performance of the machines being updated every single day, generating complaints from end users. So many, in fact, that the situation signaled the death knell for that vendor in that account. Software from the replacement vendor updates only the changes.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Enterprises are fed up with agents on their endpoints - very fed up. Part of the reason is that the more agents on an endpoint, the more demanding the task of maintaining them. Another part is the complaints that flood the help desk when something goes wrong, or doesn't go wrong yet an agent degrades performance of the endpoint.

Recently a network security consultant told the story of one of his clients who dumped the vendor that supplied a 300,000-seat antivirus software deployment. Why? Because every time the antivirus agent would update its signatures, it would download a completely new image of the library, not just the changes that had taken place since the last time.

That slowed down performance of the machines being updated every single day, generating complaints from end users. So many, in fact, that the situation signaled the death knell for that vendor in that account. Software from the replacement vendor updates only the changes.

This state of affairs is bad news for NAC vendors that rely on agents, not that they slow things down with constant updates, but that they represent just one more agent to clutter up desktops and the lives of desktop administrators.

Hence the attractiveness of agentless NAC that checks out endpoints from the outside or sends down agents on the fly without demands for maintenance.

This is also good for NAP, Microsoft’s version of NAC, because one key component of NAP is the agent that comes with Vista clients and will be included in XP Service Pack 3.

As the security consultant says, it doesn’t matter how late Microsoft is with NAP, it’s going to be welcomed by a large number of businesses trying to streamline desktop operations.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.