Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
Magic Quadrant for Network Access Control.pdf - WIT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Magic</strong> <strong>Quadrant</strong> <strong>for</strong> <strong>Network</strong> <strong>Access</strong> <strong>Control</strong><br />
http://www.gartner.com/technology/media-products/reprints/j...<br />
4 of 18 19/8/2553 15:31<br />
example, up-to-date patches and antivirus signatures) and may include the<br />
ability to detect installed malware. Various technologies may be used <strong>for</strong><br />
the baseline function, including agentless solutions (such as vulnerability<br />
assessment scans), dissolvable agents and persistent agents. NAC solutions<br />
must include a baseline function, but "reinventing the wheel" is not<br />
necessary. Baseline functionality may be obtained via an OEM or licensing<br />
partnership.<br />
<strong>Access</strong> control: The NAC solution must include the ability to block,<br />
quarantine or grant full access to an endpoint. The solution must be flexible<br />
enough to en<strong>for</strong>ce access control in a multivendor network infrastructure,<br />
and it must be able to en<strong>for</strong>ce access in both LAN and remote-access<br />
environments. En<strong>for</strong>cement must be accomplished either via the network<br />
infrastructure — <strong>for</strong> example, 802.1X, virtual LANs (VLANs), access control<br />
lists (ACLs) — or via the vendor's NAC solution — <strong>for</strong> example,<br />
dropping/filtering packets or Address Resolution Protocol (ARP) spoofing.<br />
Dynamic Host Configuration Protocol (DHCP) en<strong>for</strong>cement qualifies <strong>for</strong><br />
inclusion, provided that policy en<strong>for</strong>cement can be delivered via<br />
partnerships with two or more DHCP solutions. Vendors that rely solely on<br />
agent-based endpoint self-en<strong>for</strong>cement do not qualify as NAC solutions.<br />
Additional criteria:<br />
Solutions must link to remediation systems (<strong>for</strong> example, patch and<br />
configuration management), but they do not need to own core mitigation<br />
technology.<br />
The products with the required features and functions must be shipping as<br />
of 1 February 2010.<br />
The vendor must have at least $2 million in NAC sales during the 12 months<br />
leading up to 1 February 2010.<br />
Vendors Considered but Not Included in the 2010 <strong>Magic</strong> <strong>Quadrant</strong><br />
LAN Switch Manufacturers<br />
LAN switch manufacturers that base critical components of their NAC solutions on<br />
OEM technology or that resell NAC solutions from other vendors have been<br />
excluded from this <strong>Magic</strong> <strong>Quadrant</strong>. For example, Extreme <strong>Network</strong>s has not been<br />
included in our analysis, because its Sentriant AG200 NAC solution is based on<br />
StillSecure's Safe <strong>Access</strong> product. Alcatel-Lucent has not been included, because<br />
its approach to NAC is to resell the CyberGatekeeper solution from InfoExpress.<br />
Small or Midsize Business (SMB) Vendors<br />
SMB vendors that lack enterprise-class features and functions have been excluded<br />
from this <strong>Magic</strong> <strong>Quadrant</strong>. For example, NetClarity is a vendor that targets SMBs.<br />
Its NetClarity family of NACwall appliances use an agentless (no additional<br />
software on the PCs) approach to baseline the health of the endpoints. NACwalls<br />
are deployed out of band in LANs, so they install easily and are not in the line of<br />
traffic (no additional latency to the network). NACwall appliances interface with<br />
existing switches and firewalls to en<strong>for</strong>ce access control. ARP manipulation can<br />
also be used to en<strong>for</strong>ce access. Napera <strong>Network</strong>s, an SMB-focused vendor that<br />
previously sold a family of switches with embedded support <strong>for</strong> Microsoft <strong>Network</strong><br />
<strong>Access</strong> Protection (NAP), has shifted its strategy to offer a cloud-based<br />
subscription service that per<strong>for</strong>ms endpoint baselining.<br />
Microsoft<br />
Microsoft embeds NAC functionality (branded as Microsoft NAP) within its more<br />
recent operating systems (Windows 7, Vista and XP Service Pack 3) and within<br />
Windows Server 2008. Consistent with our practice from 2009, we did not include<br />
Microsoft in this year's <strong>Magic</strong> <strong>Quadrant</strong> because of the requirement that<br />
organizations need to upgrade to the required Microsoft products. None of the<br />
other solutions in this <strong>Magic</strong> <strong>Quadrant</strong> require a desktop operating system update.<br />
However, we will re-evaluate Microsoft and the market penetration of Microsoft<br />
NAP-ready endpoints in 2011.<br />
Return to Top<br />
Added<br />
Avaya (via its acquisition of Nortel's Enterprise Solutions unit).<br />
Avenda Systems<br />
HP (via its acquisition of 3Com)<br />
Nevis <strong>Network</strong>s<br />
Return to Top