IBM on Monday made its biggest move to date in the emerging, yet still largely undefined, network-access control market when it announced it will integrate its newly acquired Internet Security Systems security management software with appliances from Mirage Networks that monitor the health of PCs and other endpoints connecting into and operating on corporate networks.
Mirage's appliances monitor endpoints before and after users log on to the network by requiring them to adhere to a company's network-access policies before admission and then checking that these policies continue to be followed by monitoring the behavior of these endpoints following admission. While the basic integration of security technologies wouldn't normally be a big deal, it's crucial in the network-access control space, where any attempt to clarify how NAC will actually work within corporate environments is largely welcome. The combination of Mirage's appliances with IBM's ISS Proventia Management SiteProtector software promises to make NAC a part of the bigger security picture.
"We were hearing from customers and prospects that they wanted network-access control integrated into the infrastructure," says Mirage CEO Greg Stock, who at one time worked for IBM's AS/400 division. "We asked what they wanted integrated most, and they said SiteProtector," he says, adding that the deal was in the works with ISS before IBM's $1.3 billion acquisition of that company in October.
Mirage, a relative startup, having launched in 2001, is beta testing its Endpoint Control appliances integrated with Proventia software and plans to make them available to the broader market in May.
Widely seen as the future of network security, NAC has been touted as a way to make sure malware-infected endpoints don't gain access to corporate networks. IBM has made overtures to this technology in the past, most notably an October 2004 partnership with Cisco to integrate IBM Tivoli software with Cisco's NAC technology to ensure that devices seeking network connectivity are in compliance with security policies. But the NAC deal with Mirage is IBM's first since buying ISS and represents a greater investment in the NAC market than the simple repurposing of existing management software.
The marriage of management software with software and/or appliances that have the power to permit or deny network access has picked up steam over the past few weeks, most notably with Symantec's $830 million bid for management software maker Altiris. Combined management and security technologies are essential for protecting networks without making them inaccessible, Symantec chairman and CEO John Thompson said during his keynote at last week's RSA Security Conference. "Today, the network perimeter can't be locked down," he said, later underscoring the importance of fine-grained security by noting that customers will stay away from the Web if they don't feel secure. "Confidence in the connected world will only come if and when the infrastructure, the information, and the interactions are protected and secure."
Symantec last week also expanded its Symantec Network Access Control software to include a scanning feature that works without the need to download software agents onto endpoints while also adding Mac OS X agent support and an integrated 802.1X supplicant.
NAC has for years been identified as a worthwhile pursuit when it comes to improving security, but the complexity of the technology, the slow emergence and embrace of standards, and a lack of consensus over what NAC actually is has kept significant deployments at bay. The integration of technologies that comprise network-access control--in this case security management and endpoint analysis--will go far in helping companies understand how NAC is supposed to work and how it fits with their existing investments in network security.