Companies buy network access control products because of security concerns over outsiders accessing their networks and compliance with Payment Card Industry regulations, but an Infonetics Research survey found it’s usually the networking professionals who have to install the gear.
In most organizations with separate networking and security departments, there’s often a “blurring in terms of responsibility,” said Jeff Wilson, principal analyst for network security at Campbell, Calif.-based Infonetics.
“Typically security guys set the requirements and they help translate policies initially,” he said. “The networking guys are actually responsible for writing policies in whatever policy editing tools come with the solution and then monitoring day-to-day the products.”
In the survey, Infonetics asked users for their perceptions on the major vendors making network access control (NAC) gear, including Cisco, Juniper, F5, McAfee, Microsoft and Symantec.
Juniper Networks Inc. of Sunnyvale, Calif., which makes Unified Access Control (UAC) 2.0, scored the highest in price-performance ratio, Wilson said.
UAC 2.0 supports 802.1X port-level authentication, which can keep clients from getting network access before they are assigned IP addresses. The vendor uses firewalls as enforcement points and it complies with Trusted Network Connect, which is promoted by Trusted Computing Group.
Cisco Systems Inc. of San Jose, Calif. has a NAC Network Module for its Integrated Services Routers. Wilson said Cisco was perceived by respondents to the survey to have the most secure technology.
“It wasn’t surprising that Cisco came out on top just because Cisco’s really the driving force behind NAC,” Wilson said. “They were the ones who educated the world about it.”
One major selling point for NAC products is they help prevent insecure clients, such as guests’ laptops, from accessing networks unless they comply with corporate policies.
One vendor included in the survey was Symantec Corp. of Cupertino, Calif., whose products include Network Access Control 11.0. Symantec says this blocks or quarantines non-compliant devices so they cannot access the network, and tests to see if they have the right patch levels, service packs, anti-virus and firewall functions.
But Cisco is the “gorilla” of the market, and the networking giant’s early entry into the NAC market is unusual for the firm, Wilson said.
“Usually they wait until a market is established and then they enter it,” Wilson said. “They’re so big and powerful already so the fact that they led the charge in NAC, it doesn’t surprise me that people think of them first in security, but you do tend to pay a heavy solution cost with Cisco so Juniper beats them in price performance.”
You do tend to pay a heavy solution cost with Cisco so Juniper beats them in price performance.Jeff Wilson>Text
Companies often buy NAC products because they need to comply with regulations such as Sarbanes-Oxley and Payment Card Industry Data Security Standard (PCI DSS), Wilson said.
PCI DSS stipulates that all companies accepting credit cards must protect their networks with firewalls and encrypt users data.