They promise you the world. “You want toast- great, it does that too!” I guess we’re used to that. I’m not naive here- I understand the cogs of the IT Sales World, but for some reason NAC vendors go above and beyond. They just make crap up. They scratch, claw, lie and cheat their way into your heart- and your pocketbook.
Cut the fluff, do your research and find what works for you.
I won’t name names (yet) but at a recent security conference I sat aghast as I listen to a Sr SE compare his company’s proprietary NAC solution to 802.1X- as though they were competing against the technology. There were even charts, accompanied by “our product does X, Y and Z and – oh look- 802.1X can’t do that!” (Duh!). A Senior Systems Engineer did this- not a sales guy, or a product manager- an SE. I felt obligated to right this wrong, so I patiently waited until the end then took aim at him with a few targeted questions that got everyone around me nodding and re-thinking his idiotic pitch. I wanted to just look at him and say “you know better… ” But I didn’t have to. After precisely 2.5 of my questions, he decided he had run out of time (8 minutes early) and invited me to take my questions ‘off line’. LOL
Three weeks ago, I caved into a manufacturer that’s been trying to rope us into selling their NAC solution. To make a long story short, I asked the guy (a principal of the company) during his ‘technical’ presentation if their solution could interface with an external RADIUS server- about as basic a question as exists. He stumbled for a moment then told me how great the built-in RADIUS was. Unbelievable. (The answer turned out to be ‘no’). I gave up, thanked him for his time and deleted the rest of the fluff they sent.
As Alan (Chief Strategist for StillSecure) noted in a recent blog, many NAC vendors are buying their way into favour through ‘for hire’ recognitions and awards. Just more fluff for the cutting. I won’t bore you with more embarrasing examples, but I have a veritable poopload of them.
Then there are others I have the utmost respect for. We’ve had great success from a technical standpoint with Juniper, StillSecure and HP ProCurve. I think the difference here stems from a corporate culture towards standards and creating and understanding solutions that are truly interoperable. (I’ll jump on that soapbox later).
So… to all of you looking for NAC solutions… be warned and be weary of people that are engineers, trainers and so-called ‘industry experts’ that don’t know the difference between a RADIUS server and Active Directory, don’t understand what 802.1X is supposed to do, or anyone that promises you the world. There is no single NAC solution that will fit everyone- chart your environment and your goals and find what works for you.
# # #