Introduce Magic Quadrant for Network Access Control




NAC (Network Access Control) vendors are beginning to distinguish their solutions via their breadth of integrations withother items. Mobile device monitoring combinations are a demand to resolve the BYOD fad, as well as integrations with firewall softwares and other protection elements make it possible for sharing of contextual data.

Market Definition/Description




The “bring your own device” (BYOD) fad has actually changed the network access control┬ámarket. While the original chauffeur for Magic Quadrant Network Access Control was the should implement gain access to policies for Windows PCs, the main driver now is managing the access of personally possessed gadgets. Today, ventures are utilizing Magic Quadrant Network Access Control to adapt to the environments of heterogeneous endpoints, and also to decide which tools, and also which individuals, will obtain network gain access to. Magic Quadrant Network Access Control policies determine which gadgets are approved complete network accessibility, which are blocked from the network, as well as which ones are approved minimal network accessibility. Partnerships with smart phone monitoring (MDM) suppliers have actually become an essential factor in the Magic Quadrant Network Access Control market, as Magic Quadrant Network Access Control remedies count on input from MDM services for information regarding the condition and also setup of mobile devices.

Enterprises are progressively integrating their Magic Quadrant Network Access Control executions with various other protection components. Combinations with safety information and also event monitoring (SIEM) are one of the most usual, adhered to by combinations with next-generation firewall programs (NGFWs). A number of vendors give bidirectional combinations, to ensure that Magic Quadrant Network Access Control remedies can share information and also act upon notifies from these systems (for example, removing a gadget from the network). Some suppliers have likewise begun to integrate their Magic Quadrant Network Access Control options with innovative threat protection offerings to get rid of compromised endpoints from the network. Integrating with other network and security remedies is not a primary motorist for adopting Magic Quadrant Network Access Control, but enterprises are gradually implementing these combinations after the initial rollout of Magic Quadrant Network Access Control.

Bradford Networks

Bradford Networks is a privately held business based in Cambridge, Massachusetts, that has actually been providing NAC (Network Access Control) remedies because 2001. Its Network Sentry NAC item is offered in equipment home appliances, in an online appliance and as a cloud solution. Bradford Networks’ NAC items should be taken into consideration by enterprises with heterogeneous networks as well as wide mixes of endpoint gadgets.

Bradford Strengths

Bradford has a broad set of innovation partnerships. It has published a collection of APIs as a part of its Network Sentry SmartEdge Platform that makes it possible for other network and safety and security vendors to integrate bidirectionally with its NAC service as well as share contextual information. Numerous vendors in each of the following categories have actually integrated with Network Sentry: MDM, SIEM, intrusion avoidance systems (IPSs), NGFWs and progressed threat protection. Network Sentry can impose plans after obtaining signals from these systems.

Bradford provides an unique cloud-based analytics service that helps its clients evaluate patterns regarding tools and also customers that connect to their networks. Clients utilize this details to create network access plans and also to plan for wireless LAN ability.

Customers of HP’s and also Xirrus’ cordless LAN solutions can benefit from integrations with Bradford. HP has incorporated Bradford’s authentication component, and Xirrus licenses Bradford’s innovation, which it packages as its NAC option.


Cisco is locateded in San Jose, California. Its Identity Solutions Engine (ISE) policy server is RADIUS-based, which allows Cisco to sustain authentication in heterogeneous network infrastructure atmospheres (although advanced NAC attributes will require Cisco parts). ISE is available in hardware devices and as an online server. ISE software program is offered in three variations: The Base plan sustains 802.1 X and guest provisioning, as well as the Advanced plan supports endpoint baselining (pose assessment), granular identity plans as well as other extra innovative functions. A Wireless plan sustains innovative functionality for cordless devices only. Cisco wired as well as cordless consumers must take into consideration ISE, particularly when the Cisco AnyConnect endpoint client will certainly be in usage.

Cisco Strengths

ISE has several API-level combinations with MDM vendors (consisting of AirWatch and MobileIron) and SIEM vendors (such as ArcSight as well as Splunk), along with its assimilation with Lancope. Individually, Cisco’s System Exchange Grid (pxGrid) effort will widen its scope of partnerships for ISE. pxGrid will certainly make it possible for network and safety and security services to coordinate the sharing of contextual information (such as identity and area) with ISE. A minimal set of pxGrid integrations will be offered in 1H14, although Cisco should bring in much more modern technology partners in more markets to supply on its vision for pxGrid.

Tool profiling capacity is installed in Cisco switches and also wireless controllers (this could call for firmware upgrades), getting rid of the have to deploy profiling sensors in the network. The ISE server could identify as well as categorize endpoints utilizing design templates that are supplied by Cisco or specified by an administrator. ISE uses a mix of active and also passive profiling methods.

Cisco’s support of identity tags (which it calls TrustSec SGA) in the Ethernet framework (using an exclusive enhancement to the 802.1 AE requirement) enables its advanced clients to implement granular identity-based policies on some Cisco LAN, WLAN and also firewall products. Most organizations will certainly need framework upgrades to benefit from this feature.

Extreme Networks (Enterasys).

In November 2013, Extreme Networks announced that it had finished its procurement of Enterasys Networks. Extreme, which is based in San Jose, The golden state, will certainly sell the Enterasys NAC service and also the broader Enterasys security item portfolio, including IPS and SIEM products. Enterasys’ NAC offering consists of out-of-band (NAC Portal) and also in-line (NAC Controller) appliances (likewise available as online devices). The primary use situation for Enterasys NAC is Enterasys button as well as WLAN clients, although the solution can sustaining non-Enterasys settings.

Extreme Networks (Enterasys) Toughness.

Enterasys’ tight combination of its NAC solution with its LAN switch item family makes it possible for granular policy enforcement. Policies could permit, deny, rate-limit and also apply other controls to traffic based on individual identity, time, location, end system and also individual groups.

Enterasys has a good BYOD approach. Its Mobile IAM element allows it to incorporate with several MDM solutions, including AirWatch, JAMF Software application, McAfee and also MobileIron.

Enterasys clients continually highlight the firm’s solution as well as assistance as toughness.

ForeScout Technologies.

ForeScout Technologies is a privately held company based in Campbell, The golden state, that markets the CounterACT family of hardware and virtual devices. Although ForeScout provides optional representatives, its clientless method reduces the assistance of Windows, Mac OS X as well as Linux endpoints. ForeScout must be considered for midsize and large NAC implementations.

ForeScout Technologies Strengths.

ForeScout has a strong collaboration strategy for integrating with other network and also protection suppliers. It has released a collection of APIs, referred to as ControlFabric, to allow these suppliers to integrate their remedies and also share contextual information with CounterACT. Vendors in these markets have actually used ControlFabric to incorporate bidirectionally with CounterACT: SIEM, NGFWs, MDM, vulnerability analysis as well as progressed risk protection. CounterACT can implement policies after getting notifies from these systems.

ForeScout has a strong BYOD method. In addition to sustaining combinations with several MDM vendors, it also sells a ForeScout-branded MDM option (an OEM of Fiberlink MaaS360; in November 2013, IBM introduced its purpose to acquire Fiberlink), as well as it supplies the ForeScout Mobile item. The last is an “MDM-lite” service that applies gadget plans and also records health and wellness and arrangement condition back to the CounterACT device. Customers continuously cite ease of implementation, adaptable enforcement approaches and also network visibility as primary selection criteria. ForeScout has several of the biggest active deployments of all suppliers.

Impulse Factor.

Based in Lakeland, Florida, and also founded in 2007, Impulse Point proceeds its concentrate on the college and also K-12 markets. Impulse Factor delivers its flagship SafeConnect service as a handled solution, which includes system tracking, problem determination and also resolution, updates to tool type, anti-virus and also OS profiling recognition, and also remote backup of policy arrangement data. All Impulse Point products could be executed as a hardware or virtual appliance. Education establishments should take into consideration Impulse Point.

Impulse Point Strengths.

Comments from Impulse Point customers continuouslies suggest that Safe Link could be rapidly carried out. Its Layer 3 method to enforcement eliminates the need to evaluate compatibility at Layer 2 (at the LAN switch level). The Identification Publisher attribute correlates device and customer identity information and also exports t to multiple third-party sources (such as AirWatch, Exinda, Procera Networks, iboss Network Safety and security, Palo Alto Networks as well as Fortinet), which allows identity-based plans. For example, for a details customer, the incorporated solution can stipulation just how much transmission capacity all of that individual’s tools are taking in, and also can apply the suitable plan. Impulse Factor clients continually point to the company’s service and support as toughness.


Established in 1993, InfoExpress is an independently held business based in Mountain Sight, California, that is greatly concentrated on the NAC market. Its CGX service is available as a hardware home appliance and also a digital appliance. Enterprises with a heterogeneous framework should consider InfoExpress.

InfoExpress Strengths.

CGX correlates information from several sources (for example, InfoExpress endpoint agents, Syslogs, Nmap data and also MobileIron) to enable more-granular NAC policies. By assessing when gadgets change state, CGX can impose the proper policy. For example, when a smart phone reported as stolen re-emerges on the network, CGX can quarantine the gadget. InfoExpress offers endpoint representatives for a wide range of running systems, including Windows, Mac OS X, Apple iOS, Android and Linux.

Dynamic NAC (an agent-based Address Resolution Protocol [ARP] enforcement service) and also numerous various other enforcement options aid promote execution of CGX throughout complex networks.

Wired as well as wireless network facilities.

Numerous LAN button and wireless LAN suppliers offer NAC options. A few of the network infrastructure vendors possess NAC modern technology, while others certify it from OEM suppliers.

The BYOD fad makes sure that ventures will continuously need NAC, specifically to manage access to cordless networks. Wireless LAN vendors will have to use some NAC functions, if not a full-blown NAC option, to please access control needs. Instead of develop their very own NAC capacities, numerous will certainly count on partnerships with NAC pure plays, as HP and Xirrus have finished with Bradford Networks.

Gartner anticipates to see more collaborations in between wireless LAN vendors and NAC pure plays in the 2014-2015 duration. As more facilities vendors installed NAC capability, NAC pure plays will certainly experience descending rates pressure when offering directly to enterprises.

Leave a Reply