According to an Ogren Group report, the ability to detect and characterize users and devices connecting to the network, and enforce security policies based on real-time assessments, is being seen as an investable benefit for enterprises requiring security and compliance for mobile users. IT departments looking to secure the bring-your-own device (BYOD) phenomenon and other wireless initiatives are also finding a chord in NAC’s classic functionality.
“The NAC market has not only revived, it is experiencing a strong resurgence,” said Eric Ogren, president of the Ogren Group. “The NAC roots of segmenting guest and unhealthy endpoints from sensitive data are fueling growth along with BYOD and wireless initiatives plus demands for continuous endpoint compliance.”
The report found that several wireless-led requirements are fueling NAC resurgence, including: the increasing functionality available in tablets and mobile devices; the need to gain real-time visibility into all devices as they connect to the network, and to enforce security policies on the devices; the fact that IT executives now realize that security incidents are inevitable and are prioritizing more broadly based risk management efforts; the ubiquity of and preference for wireless connectivity; regulatory compliance rules; and the growth of Wi-Fi compliant devices for port-level authentication and control.
Eventually, the industry will undergo a name change toward something such as “continuous endpoint compliance,” to more accurately describe the new role of NAC solutions, the report predicted.
“The modern generation of NAC practitioners profiled in the report has evolved beyond roles-based user and device authentication and guest management,” the research firm noted. “It now includes pre- and post-connect features providing the real-time ability to assess, characterize and correct endpoint operating system and software, without adversely affecting operations.”
Despite the opportunity, the vendor landscape in the sector is rather limited: ForeScout, Juniper and Cisco lead the market, and together account for 70% of it. The rest is comprises smaller vendors like Aruba, Bradford, StillSecure and TrustWave.