Magic Quadrant for Network Access Control.pdf - WIT

More documents

Recommendations

Info

Magic Quadrant for Network Access Control http://www.gartner.com/technology/media-products/reprints/j... 4 of 18 19/8/2553 15:31 example, up-to-date patches and antivirus signatures) and may include the ability to detect installed malware. Various technologies may be used for the baseline function, including agentless solutions (such as vulnerability assessment scans), dissolvable agents and persistent agents. NAC solutions must include a baseline function, but "reinventing the wheel" is not necessary. Baseline functionality may be obtained via an OEM or licensing partnership. Access control: The NAC solution must include the ability to block, quarantine or grant full access to an endpoint. The solution must be flexible enough to enforce access control in a multivendor network infrastructure, and it must be able to enforce access in both LAN and remote-access environments. Enforcement must be accomplished either via the network infrastructure — for example, 802.1X, virtual LANs (VLANs), access control lists (ACLs) — or via the vendor's NAC solution — for example, dropping/filtering packets or Address Resolution Protocol (ARP) spoofing. Dynamic Host Configuration Protocol (DHCP) enforcement qualifies for inclusion, provided that policy enforcement can be delivered via partnerships with two or more DHCP solutions. Vendors that rely solely on agent-based endpoint self-enforcement do not qualify as NAC solutions. Additional criteria: Solutions must link to remediation systems (for example, patch and configuration management), but they do not need to own core mitigation technology. The products with the required features and functions must be shipping as of 1 February 2010. The vendor must have at least $2 million in NAC sales during the 12 months leading up to 1 February 2010. Vendors Considered but Not Included in the 2010 Magic Quadrant LAN Switch Manufacturers LAN switch manufacturers that base critical components of their NAC solutions on OEM technology or that resell NAC solutions from other vendors have been excluded from this Magic Quadrant. For example, Extreme Networks has not been included in our analysis, because its Sentriant AG200 NAC solution is based on StillSecure's Safe Access product. Alcatel-Lucent has not been included, because its approach to NAC is to resell the CyberGatekeeper solution from InfoExpress. Small or Midsize Business (SMB) Vendors SMB vendors that lack enterprise-class features and functions have been excluded from this Magic Quadrant. For example, NetClarity is a vendor that targets SMBs. Its NetClarity family of NACwall appliances use an agentless (no additional software on the PCs) approach to baseline the health of the endpoints. NACwalls are deployed out of band in LANs, so they install easily and are not in the line of traffic (no additional latency to the network). NACwall appliances interface with existing switches and firewalls to enforce access control. ARP manipulation can also be used to enforce access. Napera Networks, an SMB-focused vendor that previously sold a family of switches with embedded support for Microsoft Network Access Protection (NAP), has shifted its strategy to offer a cloud-based subscription service that performs endpoint baselining. Microsoft Microsoft embeds NAC functionality (branded as Microsoft NAP) within its more recent operating systems (Windows 7, Vista and XP Service Pack 3) and within Windows Server 2008. Consistent with our practice from 2009, we did not include Microsoft in this year's Magic Quadrant because of the requirement that organizations need to upgrade to the required Microsoft products. None of the other solutions in this Magic Quadrant require a desktop operating system update. However, we will re-evaluate Microsoft and the market penetration of Microsoft NAP-ready endpoints in 2011. Return to Top Added Avaya (via its acquisition of Nortel's Enterprise Solutions unit). Avenda Systems HP (via its acquisition of 3Com) Nevis Networks Return to Top
Magic Quadrant for Network Access Control http://www.gartner.com/technology/media-products/reprints/j... 5 of 18 19/8/2553 15:31 Dropped Aruba has terminated its licensing agreement with Bradford Networks, which was the OEM of Aruba's Endpoint Compliance Systems appliance. Aruba is re-evaluating its NAC strategy. ConSentry effectively went out of business in August 2009 (although its website, at the time of this Magic Quadrant's publication, is still operational and makes no mention of the company's change in status). Return to Top Evaluation Criteria Ability to Execute The Ability to Execute criteria are: Product/Service: An evaluation of the features and functions of the vendor's NAC solution. Because the most common usage case for NAC is guest networking (blocking unmanaged endpoints from the main network, and granting them limited access or Internet access only), those solutions with strong support for guest networking will score strongly. Support for endpoint baselining and, to a lesser extent, identity-aware networking is also an important part of this criterion. Ease of use and the overall quality of the management and reporting features will be important considerations. Those solutions that support a variety of enforcement options (for example, VLAN steering, ACLs, DHCP and others) will score more highly than solutions with limited enforcement options. Overall Viability: Viability includes an assessment of the vendor's overall financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue to invest in an NAC solution. Sales Execution/Pricing: The vendors' capabilities in all presales activities and the structure that supports them. The ability of vendors to succeed in their target markets is important. Vendors that target large enterprises should demonstrate success in winning NAC deals of 10,000 endpoints and more. Vendors that target SMBs should demonstrate a high volume of smaller and midsize deals. Market Responsiveness and Track Record: Ability to respond, change direction and be flexible as market dynamics vary. This criterion also considers the vendor's history of responsiveness, including how quickly it responded when the primary focus on NAC shifted from endpoint baselining to guest networking. Marketing Execution: This criterion assesses the effectiveness of the vendor's marketing programs and its ability to create awareness and "mind share" in the NAC market. Those vendors that frequently appear on client shortlists are succeeding in marketing execution. Customer Experience: Quality of the customer experience based on reference calls and input from Gartner clients. Operations: The ability of the organization to meet its goals and commitments in an efficient manner. Past performance is weighted heavily. Note — this criterion will not be evaluated for the NAC Magic Quadrant. Table 1. Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product/Service High Overall Viability (Business Unit, Financial, Strategy, Organization) High Sales Execution/Pricing Standard Market Responsiveness and Track Record Standard Marketing Execution Standard Customer Experience High Operations No rating Source: Gartner (July 2010) Return to Top Completeness of Vision
Page 1 and 2: Magic Quadrant for Network Access C
Page 3: Magic Quadrant for Network Access C

Magic Quadrant for Network Access Control.pdf - WIT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?