Lockdown Networks: NAC vendor fails health check

A few NAC words are in order while friends of Lockdown Networks dry their tears over the companies passing. There are a more NAC vendors that have burned through VC capital that will also soon be facing difficult decisions.

It is stunning that Lockdown didn't even qualify for a fire sale, choosing instead to shut its doors as of March 18^th. It's also telling that a company can shut down and it takes a few days for word to get around - if a company with no business slams its doors shut, does it make any noise?

I have never been a NAC believer, but there may be some lessons here:

• When Cisco creates a market, it does not necessarily create a derivative market for private vendors. Even if you buy into the NAC concept, NAC has to be ubiquitous to be effective. Covering half your network really doesn't solve the health problem, and covering everything takes years for any distributed organization. Education is the exception vertical for NAC because of the nature of students and the tight locality of its networks, but the concept still does not scale well to the commercial enterprise world. NAC is an infrastructure play - all the companies jumping on the NAC bandwagon really just didn't get it.
• Security is all about allowing the business to perform efficiently. The great concept that Perfigo had of cleaning machines to free up IT somehow got twisted by security zealots into locking out non-compliant machines. But I digress. There are only a couple of vendors that should be considered for NAC: Cisco and Microsoft. Cisco belongs because the network is a great place for gathering intelligence and enforcing operational policies; Microsoft because simplifying management of Windows endpoints is a responsibility they own.
• Privately held NAC vendors need to come to terms with what their true value is. Lockdown promoted its policy management - instead of solving the problem themselves they tried to make it easier for IT to use other solutions. That's a tough approach. On the other hand, ConSentry is returning to its switch roots where they can offer NAC as a feature for competitive advantage. Nevis and StillSecure are also branching out. That may or not work, but it is certainly the more rational path to take.

Finally, many VCs expect a liquidity event within 5 or 6 years of initial investment. I see a lot of companies falling short of that goal. The math does not work out - there are several hundred security companies with goals of 100% growth chasing IT budgets with less than 5% growth. This could get ugly. There may be a trend in VCs refusing to throw good money after bad, especially in a down market.