While enterprises are interested in the concept of endpoint control and admission, they are not committing budget just yet. IT executives are looking at both aspects of endpoint control: admission/access at L2/L3 and also policy verification and remediation (is the AV up to date etc.).

Some companies are implementing "poor man's NAC" by using RADIUS or ACLs to restrict access to known hosts. Such solutions may provide some control but become quite unmanageable in large networks. Others are using their VPN clients to do some basic policy checks on endpoints.

But the vast majority are still waiting for Cisco, Microsoft and others to agree on standards and provide broadly interoperable and mature solutions.

Based on our research, the NAC/NAP/TNC space seems to be undergoing plenty of change and innovation. Unless you run a small and single-vendor environment, Nemertes Research recommends taking a wait-and-see approach.

More information on NAC, NAP, TNC and endpoint control in general will be available in Nemertes Research upcoming benchmark Security and Information Protection which is expected to be published starting in May 2007.