The network access control market has come a long way in a relatively short time—since 2000 or so—but it still has a long way to go before it hits mass adoption. Before the technology becomes a hot-selling commodity, two things need to happen: A single set of industry standards must emerge, and solutions must become so turnkey they won’t need the expertise of a VAR.
Until that happens, VARs that sell, implement and maintain NAC solutions to secure network access for their customers can continue to enjoy healthy product margins, as well as a steady stream of presale consulting and pos-sale maintenance revenue.
“NAC is a very lucrative area for us,” said Tim Hebert, president and CEO of Atrion Networking, a solution provider that markets NAC solutions from Cisco and Bradford Networks. Atrion, Hebert said, makes about 60 cents in consulting and maintenance work for every dollar it makes on NAC hardware sales.
“We make money not only by implementing and maintaining NAC solutions but by helping clients define security policies up-front,” Hebert said.
Clients often don’t know what NAC is or how to implement it, but they understand the need to protect their networks, he added. Mark Miller, president of M&S Technologies, a ConSentry Networks and Juniper VAR, calls NAC a high-growth technology delivering value that customers readily understand.
“The products we work with are easy to learn and maintain, provide good margins and give us plenty of opportunities for consulting revenue,” said Miller. “The big change in the market is that many companies understand the technology and see a dual role for it: stopping data leakage and controlling network access.”
What is NAC?
NAC controls a network’s entry point through rules based on security policies. When a new device tries to connect to a network, it is “interrogated.” The device cannot access network unless it complies with preset policies, which might include being properly configured and having up-to-date anti-virus software and patches determined by a network administrator.
Only devices that meet all the qualifications are allowed access. Some NAC solutions include an automatic remediation process that fixes noncompliant nodes before granting them access.
NAC can be managed from several places. For example, agent software on the network’s endpoint devices can perform a self-check connecting to a network. NAC also can be administered from the network equipment itself—by a server or even the network’s routers and switches.
NAC comes in three flavors: agent-based (such as Symantec Network Access Control); appliance (such as Cisco’s NAC Appliance) and intelligent switching (such as ConSentry’s LANShield Switch). Not surprisingly, each has its pros and cons, its boosters and detractors.