Microsoft is winning the battle for NAC, expert says

So Microsoft security comes out on top in this heated battle for network access control, security guru Joel Snyder says. But

this does make sense, since one of the main goals of NAC is to enforce security policy (and even remediation) on the clients and who better to control the clients than the company that owns most of them. But Microsoft "winning" seems like a win for everyone, since winning in this case really means interopability. From there, you can layer whatever technology you want on top, to perform any access control you need done for just about any client. It's just a little scary to think that Microsoft security is leading the charge here, given the reputation of the company and its security (though the comapny is the acknowledged workplace of many brilliant security folks). However in this case, makes sense. Here's a notable quote from this chat. (Click here for the whole transcript.)

"People seem to be willing to let Microsoft take a leading role in NAC. ... the key is that the desktop is EVERYTHING and Microsoft is making the right noises about standards and openness and making things work in the big picture. So we have already seen Microsoft and the Trusted Computing Group (TCG) get together, and I think it's only a matter of time before we also see the other vendors like Cisco at least have a good accommodation of the Microsoft Network Access Protection (NAP) framework."

"The NAP client is just a base. You don't just do everything that Microsoft says, right? They provide a great base and you build on top of that to meet your needs. If you're a small site, you stick with them. but if you have Symantec, then you layer their SEP11 on top of that using the NAP SHA/SHV. If you have McAfee, same deal. Sophos, same deal. We tested Avenda and Blue Ridge as well in the labs, all sitting on top of NAP. The reason you START with Microsoft is that they know more about their own O/S than anyone else, so that is going to maximize the ability to interoperate. And then you take your preferred end-point security partner and put it on top using the SHA/SHV model. It is totally clean and totally extensible."

Go to the Microsoft Subnet home page for more news, blogs, podcasts.

More Microsoft Subnet blog posts: Microsoft scores NBC videos for Zune Microsoft security report not that intelligent, Schiffman says IBM takes on SharePoint with Quickr Massive SQL-injection attack not Microsoft's fault, security official says

Yahoo shareholders angry over failed Microhoo

Plus, check out Microsoft Subnet's expert bloggers:Mitchell Ashley's Converging on Microsoft blogMitchell Ashley's Converging on Microsoft podcastTyson Kopczynski: Hidden Microsoft Kerrie Meyler: Managing Microsoft Ron Barrett: A Better Windows WorldGlenn Weadock: Windows Server 2008 Alex Lewis: Windows into Silicon Valley Brian Egler: SQL Server Strategies Scot Hillier: SharePoint DeveloperMore Microsoft Subnet bloggers

Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)