Security vendor Sophos has thrown down a gauntlet of sorts to its rivals, by bundling basic network access control (NAC) with its enterprise anti-virus client for the first time.

Sophos already has a wide range of security functions in its all-purpose security client – anti-malware, firewalling, and some application filtering – but with the launch of Sophos Endpoint Security and Control 8.0 it has added capabilities that can tie down 'endpoints', as they are known in security jargon, to a new degree of sophistication.

Putting NAC into software once thought of as a barrier to security threats such as viruses is a new, if predicted, departure. For managed PCs, the free upgrade will let admins constantly assess the state of patching and the software health of a machine against company defined policies, blocking access if necessary. Visiting or 'alien' laptops from third parties can be blocked until a downloadable web-based agent has been run.

According to Sophos, most admins still have little idea what state a PC or laptop might be in at the point it connects to a network, and no way at all of assessing the laptops of third-party partners and contractors.

For those requiring more finely tuned control, the company is planning a separate product, Sophos NAC Advanced. This will do much the same job as Endpoint Security and Control as regards policy enforcement, but to an advanced level of refinement. Specific pricing wasn't available for this upgrade, but is was described as being in the order of around "30 percent" extra on top of buying a licence for the all-in-one client.

"NAC has been touted as the answer to this problem, but has often been beyond the reach of most companies in terms of budget and resource," said John Shaw of Sophos.

"Its [Endpoint Security and Control’s] integrated NAC and application control technology gives administrators the confidence that all the computers on their network are updated with the latest security patches and are only running authorised software," he said.

Shaw also pointed to research by Forrester that had found that 40 percent of companies had tried NAC, all but four percent backing off in the face of the complexity it added to network management. Putting a simple level of NAC in the desktop security client would help the technology reach the mainstream, he claimed.

It is just over a year since Sophos acquired Endforce, from where it got the core endpoint technology in the latest release.