John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

NAC on the Standards Track

by John Pescatore  |  February 8, 2010  |  Submit a Comment

Back in January 2004, Mark Nicolett and I wrote a Gartner Research note “Scan, Block and Quarantine to Survive Worm Attacks,” basically describing what we later came to call Network Access Control. We (with Lawrence Orans joining the team) published an definition of “scan, block and quarantine”  as Network Access Control in “Protect Your Network Resources With a Network Access Control Process” later that year.

We defined NAC as a process because Cisco jumped in with what they called Network Admission Control and  Microsoft jumped in with Network Access Protection – different names, with different protocols and APIs, for basically doing the same thing – detecting when something connects to your network and getting some determination of the security status of what is connecting. This was followed by a few years of Cisco and Microsoft slooowly working together to get their NAC approaches to interoperate.

At the same time everyone except Cisco lined up behind the Trusted Computing Group’s Trusted Network Connect effort to define NAC standards, which was complicated by the IETF group starting up the Network Endpoint Assessment working group to also define NAC standards.  All this, of course, lead to years of confusion.

But, good news – the IETF has ratified two of the key TNC NAC protocols (PA-TNC and PB-TNC) as IETF standards. There are other key protocols that need to be ratified, then we have to enter the usual vendor build, interoperability test, rebuild cycles but this is a major step in the right direction. Look for meaningful interoperability in products towards the end of 2011, but start putting IETF NEA standards compatibility to any RFPs for NAC functionality.

This is good news for NAC implementations, but doesn’t mean the market for standalone NAC capability will rebound. As we said in the Gartner NAC Market Overview in December 2004:

However, as organizations progress through the technology refresh cycle and upgrade to solutions with built-in NAC functions, many will no longer pay extra for independent NAC solutions.

Network Access Control is getting easier to implement and easier to acquire – means less money spent on NAC as a separate procurement.

Submit a Comment »

Category: Uncategorized     Tags:

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment