« Is NAC clawing its way up the "slope of enlightenment"? | Main | Iron Man was just not very magnetic to me »

May 02, 2008

Stiennon says NAC is dead - I must be in heaven!

That gadfly of the security world, Richard Stiennon says NAC is dead. In fact he says NAC actually never was and never will be. Of course, this is the same Richard Stiennon who said IDS was dead so many years ago. If NAC is only half as alive as IDS has been, I would be very happy. Why do I call Richard a gadfly? Because Richards MO is trying to find what the next hot thing is and to jump on it, then another hot thing comes by he runs to that and so on and so on. He thought anti-spyware was big and joined Web Root, after a relatively short time there he left. He than took a whirl at his own analyst firm, when a few others were forging a new breed of analyst firm and after a short time doing that moved on again. He then was CMO at Fortinet and again after a short time left there too. Now he is the CEO of an MSSP (hey, I hear SaaS is the next big thing), how long this will keep his attention or the powers that be keep him on is anybodys guess. But if past track record is any indication, Richard will hop on the next big thing sometime next year. I mention this because fundamentally I think Richard's attention span or maturation horizon is why he does not see that NAC is marching on.

As you can probably guess I strongly disagree with Richard's opinion on this one. However, to understand why, some clarification is necessary:

1. Richard is mixing metaphors with Network Admission Control and Network Access Control. Both are NAC. Admission control was coined by Cisco, access control was first used by Gartner I believe. Richard seems to indicate that admission control is bad, access control or at least some definitions of it are OK. More importantly, Richard uses admission control as a code word for pre-connect health checks, access control for identity based and post-connect control. I think both are very important and as I have said many times a good NAC solution needs all of these.

2. NAC vendors being depressed, etc. Yes Richard some NAC vendors not making it are depressed and having lay offs and hard times. That is the way of capitalism and competitive markets I am afraid. There are winners and losers. I would bet that even in the $500 million /year UTM market that you spent a whole year in, there are some vendors who are just not making it and would be classified as depressed.

3. Gartner says several NAC vendors are getting traction. They recently released a marketscope on NAC and sorry Richard, but StillSecure is one of the few out of 17 vendors which was given a positive rating, the highest rating Gartner gave. BTW Richard in that same marketscope your "buddies at Gartner" estimated the NAC market at $225m for 2007 and expect 100 percent growth in 2008. In case your calculator is not handy Richard, that should put NAC around the $450m mark in 2008. Not that different than the number for the UTM space that you use in your article. Hopefully that will allow you to put your "magnifying spectacles" away, unless there is something else that you would want to make look bigger than it is.

4. NAC being created by Cisco in 2003 to solve the worm problem. Richard, perhaps that is why Cisco did NAC. BTW, they announced in like November or December, 2003. We released Safe Access in April 2004. It was under development for at least 12 months before that. We did not call it NAC of course, our working title was endpoint policy compliance. Richard today Safe Access solves that same problem, endpoint policy compliance. We have not deviated from our original plans around this from day one. It is purpose built to solve a problem that customer after customer told us was they wanted a solution to. Maybe that is why we have had success with the product.

We did not jump on the latest, hottest thing bandwagon. In fact I have found that companies and people who jump on the latest big thing, inevitably fail. You cannot time the stock market or the technology market. The NAC market is a perfect example of this. Companies who have taken products that were not successful in another incarnation and morphed them into a NAC product are the companies that are failing. Maybe I am more of an EF Hutton type than you are Richard, but I believe in building a company the old fashioned way. Find a problem that customers are willing to pay for a solution for. Then build that solution and bring it to market and work hard making it the best it can be. If you did your research right and you built the right product, the market will come to you. It may take longer than you think, but if you keep at it, cream always rises to the top and quality always wins. You cannot win running to the next big thing, see through what you start to the finish. Richard if you want to consider that some free advice, take it!

5. NAC is only for the .edu market. Again Richard take some time to dig in here. Yes the edu market is a big adopter of NAC. But let me give you some other examples. Any network that will have a large number of unmanaged visitors or guests is going to be fertile ground for NAC. That includes the government sector, where many users are contractors or visitors. I know you have much disdain for the federal governments IT security practices Richard, but if you spend a little time (there is that phrase again) digging in to what they are doing, you will see that NAC does indeed solve a real security problem for them and is why we have had a great deal of success in the government vertical.

Richard no one ever claimed that NAC is a reason to avoid other security tools. Just the opposite, NAC should work with and leverage your existing network infrastructure and security technologies.

6. NAC does not tie you down to one vendors eco-system if you don't want it to. The TCG/NAP interoperability and now the new IETF standards are bringing one standard to NAC. It does not tie you down, but frankly in case you haven't noticed with all of the moving around, Microsoft already has you pretty tied to one vendors eco-system and frankly Cisco has you pretty tied to another. Don't be so naive Richard.

BTW, I notice you like what ConSentry and Nevvis do without quarantine. While neither of those companies are apparently setting the world on fire as secure switches, you should check out our white paper on a phased approach to NAC that talks about NAC being more than quarantine. You can get it here.

Authors note: BTW Richard while I am chief blogger here at StillSecure, my official title is chief strategy officer and I have been working here for about 7 years now.

11:38 PM in NAC, Richard Stiennon |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/547509/28726070

Listed below are links to weblogs that reference Stiennon says NAC is dead - I must be in heaven!:

» Shimel's in Der Himmel from Rational Survivability
Nothing to see here folks. Move along... This is like a bad episode of Groundhog Day meets Back To the Future. You know, when you wake every day to the same daymare where one person's touting that features like NAC [Read More]

Tracked on May 03, 2008 at 01:38 PM

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In

Search

Lijit Search

disclaimer

  • The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Forbes.com

StillSecure, After all these years, the podcast

  • Podlogo

Categories

Currently Reading

  • Dale Brown: Strike Force: A Novel

    Dale Brown: Strike Force: A Novel
    I missed this in hardcover, but am looking forward to reading another military thriller from the master. He and Clancy are the masters. (***)

Read Recently

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About