Subscribe in a reader
NAC Attack Part 2: Collaborations of convenience
As we resume the NAC series, let's take a look at how the BigCo's (Cisco, Juniper, Microsoft, Trusted Computing Group) are collaborating in the NAC market to magnify their impact. For this post and the architectural discussions as well, I'll be referring heavily to a series of posts that John Gallant of NetworkWorld has done on the topic.
In his first post (http://www.networkworld.com/weblogs/vortex/2006/011732.html), John sizes up the NAC opportunity and scopes out the players. John's observation about the amount of collaboration in this early market is spot on. NAC is different than most other markets that we've seen and he sums it up very nicely in this quote:
Also interesting about this intro is that John jumps to Phase 2 as I described in NAC Attack, Part 1 almost immediately. He pays very little attention to the endpoint admission part of NAC that is really driving the market. I think this is a little misdirected only because Phase 2 (flow control) is hard, much harder than endpoint admission. So I think we'll see folks opt for the path of least resistance initially and build towards the holy grail of real-time automated policy (my Phase 3).
Finally, if I'm looking for areas to build on what John has written, he doesn't include Symantec or McAfee in his series, only assessing the big networkers and Microsoft. Last time I checked, both of the big security players had strategies here. Symantec bought Sygate mostly for the NAC technology and McAfee has been building on its EPO (enterprise policy orchestrator) functionality to add NAC-like capabilities. I won't dive deep into these two until later, but they do exist and they do plan to play in the NAC space.
John wraps up his piece assessing the level of Barney partnerships that each group (or vendor) has announced. Again, these are clearly partnerships of convenience and if you read between the lines you should get a feel for how the battle is shaping up. But, don't be confused about Microsoft and Cisco collaborating closely on paper. Let's be very clear about the fact that both are fighting for control of the enterprise infrastructure and this collaboration is not long lived. Microsoft is not going to have a product widely deployed enough to matter until 2008, so they need Cisco to legitimize their plans. Cisco has a product now and knows that Microsoft doesn't - so there is no benefit to them of telling Microsoft to pound sand yet. But they will, it's just a matter of time.
Next up, I'll assess how John sizes up Cisco's strategy.
In his first post (http://www.networkworld.com/weblogs/vortex/2006/011732.html), John sizes up the NAC opportunity and scopes out the players. John's observation about the amount of collaboration in this early market is spot on. NAC is different than most other markets that we've seen and he sums it up very nicely in this quote:
"...in this fight there is not only the customary clawing for high ground and accumulation of weapons (technology, marketing hype, etc), there is also an extraordinary alliance-building effort underway - one that involves virtually every major player in the IT eco-system as well as dozens of smaller companies."NAC really touches all aspects of the network, so many of the big vendors realized pretty early on that homogeneity is not reality (despite Cisco's best efforts) - so some level of cooperation is required. Even if these are clearly collaborations of convenience (alliteration alert :-), they are important. Any vendor that comes to market with an architecture that requires wholesale upgrade and cannot provide a customer-controlled migration will have a limited chance for success.
Also interesting about this intro is that John jumps to Phase 2 as I described in NAC Attack, Part 1 almost immediately. He pays very little attention to the endpoint admission part of NAC that is really driving the market. I think this is a little misdirected only because Phase 2 (flow control) is hard, much harder than endpoint admission. So I think we'll see folks opt for the path of least resistance initially and build towards the holy grail of real-time automated policy (my Phase 3).
Finally, if I'm looking for areas to build on what John has written, he doesn't include Symantec or McAfee in his series, only assessing the big networkers and Microsoft. Last time I checked, both of the big security players had strategies here. Symantec bought Sygate mostly for the NAC technology and McAfee has been building on its EPO (enterprise policy orchestrator) functionality to add NAC-like capabilities. I won't dive deep into these two until later, but they do exist and they do plan to play in the NAC space.
John wraps up his piece assessing the level of Barney partnerships that each group (or vendor) has announced. Again, these are clearly partnerships of convenience and if you read between the lines you should get a feel for how the battle is shaping up. But, don't be confused about Microsoft and Cisco collaborating closely on paper. Let's be very clear about the fact that both are fighting for control of the enterprise infrastructure and this collaboration is not long lived. Microsoft is not going to have a product widely deployed enough to matter until 2008, so they need Cisco to legitimize their plans. Cisco has a product now and knows that Microsoft doesn't - so there is no benefit to them of telling Microsoft to pound sand yet. But they will, it's just a matter of time.
Next up, I'll assess how John sizes up Cisco's strategy.
I agree that infrastructure security and information security are different things and different disciplines. Read my Pragmatic Security post (search for it in the top right search box) to get more detail on that. What you have to do secure information is different than network, servers and endpoints. But this has nothing to do with Cisco kool-aid, it has to do with the logical evolution of security capabilities from a perimeter centric perspective to one that factors in all of the parts of a company's computing infrastructure. As I mentioned, Phase 2 of the NAC process is hard, and at least initially will require homogeneity to work effectively.