Sophos has bought Endforce a US developer of enterprise network access control (NAC) software.

Corporations use tools such as those developed by Endforce to limit what kinds of device can connect to their network. Typical applications include preventing connection of unauthorised Wi-Fi base stations to a corporate LAN, or ensuring that only laptops with fully patched operating systems can access network resources.

About 50 percent of large organisations had already deployed NAC by late last year, according to US market analyst Infonetics Research. That proportion will grow to nearly 60 percent by next year, with half of small and medium-sized organisations expected to follow suit by 2008, Infonetics said in a report published in November.

Although Sophos started life as an antivirus software developer, it has expanded its security offering for corporate customers through a string of recent acquisitions. Its range now includes application control and host intrusion protection.

Sophos plans to retain Endforce's 60 employees, and will continue to develop and sell the Endforce product range under the Sophos brand, the vendor said.

The deal is a sign that NAC is coming of age, and will add to the credibility of Sophos as a security vendor, according to Ovum analyst Graham Titterington.

He also speculated that Sophos might take advantage of Endforce's strong position with larger customers.

"We believe that Sophos intends to maintain open interfaces to rival vendors' products, it will clearly open up some attractive cross-selling opportunities for Sophos' existing product range and raise Sophos' market profile," he said.

Openness is a key issue in the network access control market. Two of the largest NAC vendors, Cisco Systems and Microsoft, announced plans last September to make their competing systems interoperable, while the Trusted Computing Group, an association of 140 vendors, continues to gather support for its non-proprietary Trusted Network Connect (TNC) architecture for endpoint integrity and trusted network access control.