The Ashimmy Blog

Rob Ciampa over at Trusted Network Technologies blog, Know Identity has an article up on the 31 Flavors of NAC and then another on waiting for the NAC standard. I was not familiar with Rob's blog until I read about it in the Daily Incite from Mike Rothman.  Looks like a decent blog and I have asked Rob to join the Security Bloggers Network.  A couple of comments on Rob's two articles though:

As Mike says, you need to get around the hyperbole that Rob throws up around TNT.  They are strong on the identity side of NAC and so have a big bias there.  However, Rob is right on about the Baskin-Robbins effect.  With all of the different types of NAC out there, it is just getting too confusing for most customers about what they are getting with NAC.  More importantly, I don't think they even know what they want. 

A perfect example is supplicants.  I have seen on recent deals where Cisco and Juniper are telling potential NAC customers that they really need to buy a NAC solution from a company that can give them a supplicant, because going forward that is going to be a huge factor in functionality and control. Of course the fact that Juniper (Funk) and Cisco (Meetinghouse) bought the only two commercial supplicants available is a factor here. This is why we need an open supplicant, but more about that later.  In another deal, I have seen where a NAC competitor who cannot do 802.1x NAC, tells the customer to stay away from 802.1x otherwise he is going to have to go install supplicants all over and what a mess that is.  Hey guys, Windows has a supplicant and to do 802.1x NAC, you don't necessarily have to install an additional supplicant.  Just smoke being thrown on both sides of the issue here.  I guess that makes Tutti Fruity Supplicant Crunch the flavor of the month!

Rob has another article up called "Waiting for the NAC "Standard". In it he makes the case that standards are a long way away, are no panacea and they may not even be effective.  I think again TNT's own market position dictates this view.  My attitude is: standards are coming, most of the market will rally behind them and customers like to buy standards based solutions.  This dictates the path we have taken, which is to support the standards to the best possible degree.  While they are not fully rolled out yet, investing in a product that has support for them, guarantees that you will have the benefit of protection now and standard based protection later.