Security vendor ConSentry Networks is among those trying to rise above the crowd and the NAC noise. The company recently boasted that it doubled its customer base in the last six months. It has also inked an OEM deal with networking giant Alcatel-Lucent to resell ConSentry's LANShield product line.
There are a number of reasons one vendor or another thinks its got what it takes to succeed with NAC. Internetnews.com recently chatted with Tom Barsi CEO of ConSentry Networks about what he thinks it takes to win with NAC.
Q: How do you differentiate against all the NAC noise?
We believe that NAC is a nice starting point but it's just a feature. I would argue that most NAC vendors will end up going away as you embed the functionality into the infrastructure.
We think we're uniquely positioned because we provide a single platform whether it is our control or switch which gives you ability to do the pre-admission and the post-admission piece.
When you just buy a standalone NAC solution typically it's just authentication and you have no control over where those people who are authenticated go on the network.
Q: There are a number of access control standards, including Microsoft NAP, Trusted Network Computing's Trusted Network Connect (TNC) and Cisco NAC. Is it important for ConSentry to be interoperable with those standards?
It is critical that the LAN security access control solution is standards based. We will interoperate with the leading solutions. We refer to this as the Switzerland approach where we want to interoperate with all of the best-of-breed solutions whether it is Microsoft NAP, Symantec or others.
Also in terms of the identity store, people already have authentication mechanisms in their network today where roles and policies reside. So we'll interoperate with Microsoft Active Directory, LDAP, RADIUS and others.
Q: What are the misconceptions or myths about what ConSentry does or doesn't do?
The first misconception is that NAC as a standalone solution is enough. It's not. What you also need in addition to the pre-admission piece is the post-admission piece. You want to be able to control where users go on the network. You want to control who gets access to resource. You want to control the outbreak of a potential zero-day worm.
Ultimately where this is going is down to the wire closet, and you'll want to secure every port. ConSentry is now the first secure switch in the industry. The only way to lock down your LAN is to make control pervasive. And the only way to make it pervasive is to secure every port.
Q: What are the barriers to adoption for ConSentry's solutions?
One of the biggest challenges for LAN security is first understanding the requirements. It's first about education.
Next step is helping the enterprise understand where their starting point needs to be, whether it's locking down their conference rooms or locking down a specific segment that supports contractors.
Beyond education, simplifying the deployment process has typically been the barrier.
Q: What surprises have you seen since you started off in this business?
What's unique for ConSentry is we originally set out the vision that ultimately the industry would need a secure switch that we would reach an inflexion point where we would no longer be updating the wire closet just for connectivity and speed.