The question is, should we take them seriously? Endpoint control has been around for a while now, for example on SSL VPNs to validate an Internet cafe PC before allowing it access to enterprise apps, in admission control systems from the likes of Enterasys, or in HP's Procurve switches to block a virus outbreak, but at last it's being integrated across the enterprise network.
The needs for it is clear: greater access means more vulnerabilites, especially as you get more remote and mobile users, both inside your organisation and from customers and suppliers, and as more devices move across the LAN's physical boundary.
On top of that, your users are accessing vulnerable - and untrustworthy - Internet resources, and even where there should be trust, it is not necessarily enforceable.
And when one of your systems is compromised, faster and more widespread networks also mean that threats spread faster. Hence the need for "zero-day" protection, to spot viral behaviour and put a clamp on it before it gets out of hand.
There are solutions - for example, Cisco's NAC programme makes use of some very clever agentless auditing technology from Qualys. And once you have endpoint security you can also have a quarantined VLAN to which you connect problem clients, allowing them to be treated and have their defences brought up to date.
The problem is that most of the LAN security schemes so far remain proprietary. It's great that the Juniper scheme includes deep packet inspection, for instance, but it still relies upon a Juniper Infranet Controller using upgraded Juniper (ex-NetScreen) firewalls as enforcers, and it needs an agent on the PC too.
Similarly, the Enterasys approach needs Enterasys switches, and Cisco's NAC not only relies on third-party software tools, but only it supports relatively recent Aironet wireless devices and Catalyst switches. To be fair, Cisco reps have admitted that NAC is mainly aimed at the Cisco installed base - and that's not exactly a small target market...
There are other - multi-vendor and less proprietary - routes, such as the version of Network Access Control from Lockdown Networks, but these still rely on adding appliances to the network and then using managed switches for enforcement. And even though Microsoft's approach to secure networks might be hardware-agnostic, do we really expect it to be operating system and software-agnostic?
The thing is, integrated network security isn't the job of the firewall and IDS vendors, the operating system companies or the core network developers - it's the responsibility of all of them. The question is who's going to bang their heads together until it happens, and when?
Find your next job with techworld jobs