A lot more than plug and play

Security analysts believe firms interested in network access control (NAC) products will quickly discover the technology is far from plug and play. As a result adoption of NAC (in its various vendor flavours) will be slow.

Due to the complexity of NAC architectures, analysts believe even heading to a NAC-in-a-box solution requires substantial investment that may even spread over several years and as a result have poured cold water on 2007 being labelled as "the year of the NAC".

Mark Bouchard, affiliate analyst with Australian firm Hydrasight, said there will continue to be a lot of noise around NAC in 2007, and even a fair amount of investment, but nowhere near the projections.

"Even if an enterprise chooses to avoid the more complex NAC architectures (eg from Cisco, Juniper or eventually Microsoft), and instead decides to favour a NAC-in-a-box solution, it still has to write a lot of policy and come up with a lot of associated processes to extract all significant value from its investment," Bouchard said.

"Many shops I talk too are being very diligent in terms of evaluating what's out there (and many are insistent on waiting for Microsoft to deliver on NAP), and in terms of coming up with a detailed plan for how they will use it, before they pull the trigger as after all, in most cases, it involves a very substantial investment.

"In my opinion there will continue to be a lot of noise around NAC this year, and even a fair amount of investment, but not as much as most pundits are projecting. In fact, because investments may be spread over several years, we may never have any given year that gets dubbed the year of the NAC."

In terms of future acquisitions in the security space, Bouchard believes the security industry will be dominated by the larger players; however a "great majority" of the innovative products are coming from the smaller players, but this does not mean they are the most competitive.

Bouchard said for the most part, smaller or niche security players are viewed as the innovators and often the first ones able to address a new problem.

"Most enterprises I deal with express a strong desire for stability in their vendors, and that's hard to get with some of the smaller players out there, however that doesn't mean they won't be buying some tools from the smaller folks," Bouchard said.

"If an enterprise wants to tackle something relatively new (eg information leak prevention) now, then they have little choice and clearly, enough enterprises have these sorts of immediate needs that a hefty population of smaller vendors can be sustained. Its just that strategic investments go to the large vendors; tactical to the small.

"I do believe the great majority of the innovation is coming from the smaller players, but that does not necessarily make them the most competitive. There are plenty of segments where the small guys are the only game in town, but the pricing/costs are still pretty high."