Virtual Machines Get the NAC

Network access control (NAC) has gotten so complicated, expensive and unmanageable that a new kid on the block wants to sell you virtual machinery to execute a little something it calls "effortless NAC."

Fresh off a Series A round of funding valued at $6.45 million, NAC startup FireEye Inc. says it will help enterprises guard against infected internal users without using quarantines, deploying software agents, or administering policies.

FireEye's 1U-rackmount appliance connects via span port or network tap to an adjacent Ethernet switch. Without obstructing network flow or adding to it, the appliance gets a copy of all traffic traversing that switch. Inside the FireEye appliance, so-called virtual machines replay the traffic, watching how it behaves with various Windows versions and flagging any anomalous reactions that usually signify malware's afoot. Devices exhibiting signs of infection get immediately quarantined till they can be cleaned, says Chad Harrington, VP of sales and marketing for FireEye.

"Other NAC approaches seem to be pretty painful. You have to push out software agents and they are not wildly accurate," Harrington said, adding that there are no software updates required with FireEye's and promising no false positives. "This is what we call effortless NAC -- no tuning or base-lining required."

While there's a user interface that lets IT staff take a closer look, most will prefer to be notified about any VM-detected anomalies via SNMP or email. Customers can also isolate infected users in a quarantined VLAN, blacklist them, or block certain traffic types of switch ports, depending on the nature of the malware's payload.

While there are no commercial customers for the FireEye appliance yet, UC Berkeley is considering putting it behind its Airespace wireless access points. General Motors Corp. also is thinking about installing the appliance in a lab environment, the vendor said. Market researcher Infonetics Research Inc. pegs NAC revenue at almost $4 billion by 2008, up from just $323 million last year.

No other vendor has combined NAC processes with VMs. And while customers aren't rushing to embrace any kind of virtualized network gear these days, the simplicity of FireEye's approach may win some converts, analysts said.

"If FireEye performs as expected, it stands a very good chance of changing the way security and inline defenses operate," said Scott Crawford, senior analyst with Enterprise Management Associates . "They're virtualizing the operation of systems at a very low level, which could redefine the way defenses are placed in the network."

The FireEye appliance will be available later this summer. Pricing hasn't been set, but will fall somewhere between $10,000 to $25,000 per box, the company said.

— Terry Sweeney, Editor in Chief, Dark Reading