Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Magic</strong> <strong>Quadrant</strong> <strong>for</strong> <strong>Network</strong> <strong>Access</strong> <strong>Control</strong><br />
http://www.gartner.com/technology/media-products/reprints/j...<br />
10 of 18 19/8/2553 15:31<br />
NAC market. The two main elements of the renewed strategy are an increased<br />
focus on 802.1X <strong>for</strong> controlling guest access and a new NAC appliance that<br />
consolidates functionality that is presently distributed among multiple NAC<br />
appliances. Cisco customers should consider the new NAC appliances once these<br />
products become available. Gartner expects that the new solutions will be<br />
shipping be<strong>for</strong>e year-end 2010.<br />
Return to Top<br />
Strengths<br />
Cisco's renewed focus on 802.1X in wired networks will enable it to deliver<br />
basic and inexpensive guest network access, thereby addressing the<br />
primary NAC requirement <strong>for</strong> most enterprises.<br />
AnyConnect, which combines VPN, NAC and other security technologies into<br />
a single endpoint client, will help Cisco grow its installed base of NAC<br />
endpoint software. Cisco has a strong market share in the VPN market, and<br />
when its customers upgrade to AnyConnect, they will also be installing the<br />
embedded NAC software.<br />
The combination of Cisco's profiling solution (NAC Profiler) and its guest<br />
networking solution (NAC Guest Server) make <strong>for</strong> a strong approach to<br />
guest networking. NAC Profiler (Great Bay Software is the OEM provider)<br />
discovers and monitors nonauthenticating devices (<strong>for</strong> example, IP phones<br />
and printers), thereby easing the process of supporting endpoints that are<br />
non-NAC capable. NAC Guest Server (this technology is also licensed from<br />
an OEM provider) provisions guest accounts and monitors guest activity on<br />
the network. (Note: functionality from NAC Profiler and NAC Guest Server<br />
will be included in Cisco's new NAC appliance.)<br />
Cisco's long-term strategy of embedding identity awareness into its Catalyst<br />
switches (a component of its TrustSec strategy) will enable it to support<br />
identity policies more granularly and more flexibly than most of its NAC<br />
competitors.<br />
Return to Top<br />
Cautions<br />
Be<strong>for</strong>e making further investments in Cisco's current family of NAC<br />
appliances (NAC Appliance 33XX Series, NAC Profiler and NAC Guest<br />
Server), Cisco customers should wait <strong>for</strong> Cisco to publicly announce its<br />
plans to upgrade these solutions and offer investment protection.<br />
Although Cisco's updated TrustSec positioning is a good start, it still needs<br />
improvements to its NAC marketing and branding. For example, Cisco needs<br />
to clarify the role that Secure <strong>Access</strong> <strong>Control</strong> System (ACS) plays in its<br />
broader NAC strategy.<br />
Despite a stated partnership with Microsoft, dating back to 2004, Cisco still<br />
does not support the Microsoft NAP protocols or the equivalent TNC<br />
specifications. Thus, Cisco software is required on Windows desktops to<br />
per<strong>for</strong>m anything beyond the most basic endpoint baselining functionality.<br />
Return to Top<br />
Enterasys<br />
In 2008, the Gores Group purchased Siemens Enterprise Communications and<br />
merged it with Enterasys (which it already owned). Since then, Enterasys has<br />
struggled to gain market share (currently 1% to 2%) in the wired network<br />
infrastructure market, its core competency. Enterasys offers out-of-band (NAC<br />
Gateway) and in-line (NAC <strong>Control</strong>ler) components. The NAC <strong>Control</strong>ler enables<br />
NAC <strong>for</strong> older third-party switches that do not support 802.1X or RADIUS-based<br />
authentication. The Enterasys solution per<strong>for</strong>ms endpoint baselining via agents<br />
(permanent and dissolvable) and agentless technology. The primary usage case<br />
<strong>for</strong> Enterasys NAC is Enterasys switch and wireless LAN customers, although the<br />
solution is capable of supporting non-Enterasys environments.<br />
Return to Top<br />
Strengths<br />
Enterasys' main product strength remains the flow-based technology in its<br />
S-Series and N-Series switches. NAC policies can be applied <strong>for</strong> each<br />
unique flow (by tracking the source/destination address pairing). For<br />
example, granular policies can be established to implement bandwidth rate<br />
limits or trigger deep-packet inspection.