article published on: http://security.tekrati.com/research/9588/

Enterprises are deciding that Network Access Control (NAC) solutions are not yet ready for prime time, according to a study by TheInfoPro. The analysts found significant declines in the number of Fortune 1000 enterprises implementing NAC solutions, as well as delays in timelines. They also found an uptick in the number of enterprises spenidng more than $500K on NAC. Overall spending increases projected for 2008 keep NAC perched as the No. 1 network security technology.

TIP announced that results from detailed interviews with Information Security decision-makers within Fortune 1000 sized enterprises indicate that the number of organizations that have NAC solutions in use has declined 25%, from 35% of those interviewed 18 months ago to 26% today.

During this same period, the number of organizations that to do not plan to implement these solutions has risen 14%, from 21% of those interviewed 18 months ago to 24% now. Market confusion over the capabilities and differences between provider offerings has driven an increasing number of organizations to push implementation into their long-term plans, accounting for 29% of those interviewed most recently compared to only 14% 18 months ago.

Despite the decline in implementation, the number of citations from organizations spending more than $500K on NAC implementations have nearly doubled, from 12% in Wave 8, six months ago, to 22% in Wave 9.

In addition, NAC, in all of its variations, appears to have the largest net positive planned spending increases projected for 2008, keeping NAC as the #1 Network Security technology on the Information Security Technology Heat Index®, which gauges the immediacy of end user needs and then weights them against spending.

“Enterprises considering implementation of NAC technologies are struggling to both deal with complexities and the differences between Network Admission Control as it was originally conceived and subsequent Network Access Control solutions being made available from numerous suppliers,” said Bill Trussell, TIP's Managing Director of Information Security Research. “In addition, many organizations feel that NAC has not lived up to its promises and have become frustrated with the lack of ROI, causing them to significantly modify or delay their implementation plans until the networking security solution providers are able to prove that their solutions represent a more mature technology.”

With regard to NAC, the following comment from an IT pro at a Fortune 1000 Energy / Utilities company best exemplifies current sentiment captured during the TIP survey: “We had plans to deploy it, but the technology is just not ready yet. We are not sure what the specific problems are, but all I can say is that it is not ready.”

Cisco continues to dominate the list of suppliers in use and in plan for NAC, followed by Symantec, Microsoft, and Juniper. Others mentioned as in plan vendors include ForeScout, Entrust, Nortel Networks, VeriSign, InfoExpress, Check Point, Aruba Networks, McAfee, 3Com, CSC, Vernier, Tripwire, Trend Micro, StillSecure, Sourcefire, Sophos, Novell, ConSentry Networks, and Avocent.

About this study

TIP's Wave 9 Information Security Study provides continuous market data on technologies, industry opportunities, and trends in the Information Security market. Over 150 Fortune 1000 end users were interviewed for the Wave 9 Security Study, providing commentary and insight on their security adoption plans, management strategies, and vendor performance.

Information Security Technology providers that were mentioned throughout the study include: 3Com, ActivIdentity, Aladdin, AmbironTrustWave, Application Security, Inc., Atos Origin, ASPG, Attachmate, Authentix, BearingPoint, Blue Coat, Blue Ridge Networks, BMC Software, BorederWare, Breach Security, Inc, Burton Group, Cenza, Cenzic, Check Point, Credent, Cyber-Ark, CSC, EDS, eEye, Enterasys, F5 Networks, Fluke Networks, F-Secure, Fujitsu Siemens, Gemalto, GuardianEdge, Liquid Machine, Microsoft, NetApp, Neohapsis, NeoScale, Nokia, Oracle, PassGo, Passlogix, PKWARE, Proofpoint, Protegrity, Rapid7, Reconnex, Red Hat, SafeBoot, SafeNet, Sana Security, SAP, ScriptLogic, Sentillion, Siemens AG, Sophos, Tata, Third Brigade, TriCipher, Utimaco, Vanco, Verdasys, Vontu, WhiteHat Security, Wipro, and ZixCorp.