Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Magic</strong> <strong>Quadrant</strong> <strong>for</strong> <strong>Network</strong> <strong>Access</strong> <strong>Control</strong><br />
http://www.gartner.com/technology/media-products/reprints/j...<br />
16 of 18 19/8/2553 15:31<br />
technology, which has enabled it to cost-effectively integrate basic IPS<br />
capabilities in the LAN. Organizations that need the benefits of an in-line<br />
approach to NAC and can accept dealing with a geographically remote support<br />
organization should consider Nevis. Organizations that are located in India or<br />
China should consider Nevis.<br />
Return to Top<br />
Strengths<br />
Nevis' in-line positioning enables it to en<strong>for</strong>ce granular user-based policies<br />
by dropping and filtering packets — a flexible approach to adding identity<br />
awareness to the network.<br />
The IPS capabilities in the LANen<strong>for</strong>cer products enable strong post-connect<br />
NAC functionality, using both signature and anomaly-based detection.<br />
LANen<strong>for</strong>cers provide application detection and control capability <strong>for</strong><br />
applications that companies typically seek to limit, including instant<br />
messaging and other peer-to-peer applications, as well as gaming and<br />
streaming audio/video applications.<br />
Return to Top<br />
Cautions<br />
Outside of India and China, Nevis has a small presence and low market<br />
visibility.<br />
The requirement to deploy appliances in-line can be expensive, particularly<br />
in network topologies where the Nevis appliances are only partially used<br />
(<strong>for</strong> example, if many ports are left unused). Often, it is not cost-effective<br />
to deploy Nevis appliances in small remote offices or to en<strong>for</strong>ce NAC in<br />
VPNs.<br />
Despite its increased market penetration in India and China, Nevis will be<br />
challenged to sell its LAN switches and NAC appliances against established<br />
network infrastructure vendors, such as Cisco, HP and Juniper.<br />
Return to Top<br />
Sophos<br />
In May 2010, Apax Partners, a private equity firm, announced plans to acquire<br />
70% of Sophos. The deal gives Sophos additional financial backing, and should<br />
have limited impact on Sophos customers in 2010. Sophos offers two NAC<br />
solutions (both are based on technology from its 2007 acquisition of End<strong>for</strong>ce).<br />
Sophos' EPP suite, Endpoint Security and <strong>Control</strong>, provides basic NAC policy,<br />
reporting and en<strong>for</strong>cement capabilities. Sophos' NAC Advanced solution, which<br />
requires a separate agent and management console, provides more-advanced<br />
features, such as custom policy creation, stronger reporting capabilities and more<br />
en<strong>for</strong>cement options (including support <strong>for</strong> 802.1X). Sophos' NAC solutions are a<br />
reasonable choice <strong>for</strong> Sophos customers. Larger customers, with<br />
more-sophisticated needs, should evaluate the NAC Advanced solution.<br />
Return to Top<br />
Strengths<br />
Basic NAC functions are embedded (at no extra charge) in Sophos' Endpoint<br />
Security and <strong>Control</strong> suite, although this version does not support VPN<br />
environments (the NAC Advanced Solution is required <strong>for</strong> VPNs).<br />
The Sophos policy server acts as a RADIUS proxy and provides very flexible<br />
and granular support (<strong>for</strong> example, configuring vendor-specific attributes<br />
and subattributes) <strong>for</strong> interoperating with policy en<strong>for</strong>cement points.<br />
Return to Top<br />
Cautions<br />
Sophos is behind its major EPP suite competitors (McAfee and Symantec) in<br />
delivering an integrated NAC and EPP solution. Its NAC Advanced solution<br />
still requires a separate agent and management console, whereas Symantec<br />
and McAfee offer integrated NAC agents with their EPP solutions.<br />
Although Sophos has made progress in selling to larger accounts, the<br />
majority of its client base are SMB customers and are less likely to adopt its<br />
enterprise-class Advanced NAC offering.