Network Access Control (NAC) sounds like something of a panacea\u2014: technology that can not only authenticate who is using your company's \n\nnetwork, but also ensure that users' methods of access are virus-free and fully comply with your company's corporate security \n\npolicies. And NAC has been getting a lot of press lately\u2014proponents tout its ability to keep corporate networks clean \n\nand healthy in ways that technologies of the past couldn't.As technologies like virtual private networks (VPNs), Ppersonal Digital digital Assistants \n\nassistants (PDAs) and wireless technologies proliferate, the situation at many companies has become untenable. Enter NAC. Many companies are beginning to see the technology as an answer to the network \n\naccess problem, especially for guest or contractor access, but also for remote and wireless users. "If you have a business partner visiting who needs Internet access to do a demo or a contractor temporarily working in \n\nyour offices, you want to be able to provide them with network access, but without potentially introducing malicious programs \n\nthey might have running on their systems to the network or giving them access to the entire \n\nnetwork," explains Paul Roberts, senior analyst for enterprise security at The 451 Group of New York. "NAC provides a way \n\nto ensure that when they connect to your company's network, they are who they say they are, their systems are up to date, and \n\nthey aren't infected with anything." But it's far from a perfect technology. Not only is it still maturing, but there are several competing factions and little \n\nin the way of industry standards, leading some to wonder if it might make sense to wait. Every company doesn't need it today, says Joel Snyder, senior partner at Opus One, a consulting firm in Tucson, Ariz. \n\nHowever, you should strongly consider it if you are worried about the authentication of people using your network, if you are \n\nconcerned about the status of endpoint security on your systems, or if you need stronger, more granular access controls at \n\nthe user level. But there are signs that companies are ready to adopt the technology. According to a February, 2008 report from The 451 \n\nGroup, enterprises are now ready to deploy NAC technology due to compliance issues, the need to lock down guest access and \n\nthreat of data loss. "It's definitely maturing," says Andrew Braunberg, research director for enterprise software and security at Current \n\nAnalysis of Sterling, Va. "Major players like Cisco and Trusted Computing Group have realized that they have to play nice \n\nwith Microsoft, so they now have interoperability agreements with Microsoft. That's just one example of how interoperability \n\nissues are being worked out. But it will take some more time. A Confusing PropositionNAC technology has grown in fits and starts since around 2001. Cisco was first out of the \n\ngate with technology that allowed companies to vet systems prior to admitting them to a network. Its technology resides in \n\nthe switching and routing infrastructure. Others soon followed. One of those was Microsoft, which took a different approach \n\nby adding the technology to the operating system layer, via its Network Access Protection (NAP) offering. Other pureplay \n\nvendors have since joined the fray, including Forescout, Mirage Networks, Bradford Networks and Vernier Networks. To make matters more confusing, each of these vendors comes at NAC in different ways. But to boil it down, there are \n\nbasically two options: Inin-Band band and Outout-of-Bandband. In-Band band (sometimes called Inin-Lineline) systems are \n\ninstalled between users and the rest of the network; that is, between access layer switches and core switches. This method prevents systems that don't comply with company policies from entering the network. Examples \n\ninclude Edgewall from Vernier Networks, LANenforcer from Nevis Networks and LANShield Controller from ConSentry Networks. \n\nIn-Band band systems are good choice when companies are forced to allow machines of unknown origin to connect to their \n\nnetwork, says John Pescatore, a vice president at Gartner. "When a contractor machine connects, he might have software you don't like, but you can't tell the contractor to delete \n\nthe software from his company PC. But if you had something in-line between the contractor and the network and the contractor \n\nstarted sending out dangerous things, you could just block it." The other option is out-of-band NAC. These products, which use the existing network architecture, allow networks to \n\ncommunicate with the switching infrastructure and block things anywhere on the network. That's especially useful for \n\ncomplicated network architectures, Pescatore says. Vendors with out-of-band NAC options include Mirage Networks and Bradford \n\nNetworks. Which way you go, and which vendor you settle on, will depend on several factors. The first \n\nstep, Roberts says, is determining your immediate needs. Based on the answer, you'll know whether you need to deploy NAC now \n\nor later, and you'll know whether to consider an in-line or out-of-band solution. The next step is looking at your existing vendors to see if that vendor has a compatible NAC solution. If you're a pure \n\nCisco shop, for example, it would make sense to go with Cisco's Network Admission Control (C-NAC). Similarly, if you are \n\nplanning to upgrade to Microsoft Vista or Longhorn soon, you should strongly consider \n\nMicrosoft's NAS solution. Heterogeneous environments are probably better off with a pureplay vendor, Pescatore says. Yet another option might be \n\nTrusted Computing Group's Trusted Network Connect (TNC), which was developed using open standards. But whether you choose to wait or move forward, chances are that your company will be using some type of NAC solution \n\nbefore too long. According to Gartner, the NAC market reached $225 million last year and is expected to grow to $440 million \n\nby the end of 2008. Growth will continue until 2010, when it is expected to reach $700 million, and flatten after that as NAC \n\nbecomes more of a standard offering in all types of technology.