informa
3 min read
article

Lockdown Readies First NAP Product

New NAC appliance extends reach of Microsoft Network Access Protection to non-NAP systems

Lockdown Networks next week will unveil the industry's first third-party NAC product to integrate with Microsoft's NAP.

Lockdown Enforcer -- a network access control appliance -- is now shipping with support for Microsoft's Network Access Protection, says Rob Gilde, vice president of product development at Lockdown.

NAP is Microsoft's implementation of NAC, the emerging technology for vetting the security of end points before allowing them onto a network. Although there are many NAC products on the market, very few vendors have begun to implement NAP, which is still being tested at Microsoft before shipping with the Longhorn operating system later this year. (See Vendors Get the NAC, But Will Users?)

The combination of a NAC appliance such as Lockdown's with NAP-compliant software at the end points could be a powerful one, says Eric Ogren, security analyst at Enterprise Strategy Group. "There are a lot of benefits to having a NAC appliance, because it doesn't require software at the end points," he says. "So theoretically, the user could have NAP on all the Windows end points and then use Lockdown to enforce NAC on everything else."

That's exactly how Lockdown will position the NAP support, according to Gilde. The Lockdown appliance also offers advantages on the NAP server end, because it acts as an intermediary that normalizes the communication between the NAP server and non-NAP devices.

"It's sort of an 802.1x style of network security, without actually forcing all of the servers and end points to comply with 802.1x," he says.

In addition, Lockdown can help end users remediate non-compliant systems so they can get onto the network more quickly. "We'll get additional information to the end user and help them figure out what to do to get out of quarantine," Gilde says.

Lockdown is hoping that by delivering a working product next week, it can spur some Windows enterprises to move more quickly to NAC, without waiting for Longhorn to be shipped in volume. "We're letting companies get into NAC now, but they also know that they'll be able to integrate the NAP technology when it starts shipping," he says.

In fact, Lockdown believes it can ship all the pieces to NAC today, without requiring enterprises to wait for Microsoft, Cisco, or standards groups to deliver their respective products or specifications. (See IETF Trains Its Sights On NAC and Open-Source NAC.)

"We can work with NAP or Cisco NAC, but the fact is you don't need any of those things to do this stuff right now -- or ever," Gilde says. "We provide a complete solution in the absence of those technologies."

It would be possible to do many NAC functions using Lockdown's appliance-based approach, says Ogren. "But I think a lot of enterprises want the ability to provision it all through Microsoft and Active Directory, so there will probably be a lot more enterprises that go the NAP route, and use Lockdown along with it."

Lockdown Enforcer version 4.2.4 with Microsoft NAP support is shipping now at a price of $24,995 and up.

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • Lockdown Networks Inc.
  • Microsoft Corp. (Nasdaq: MSFT)