20 Mar
NAC is Dead, Long Live NAC
It’s fitting that my first blog post would be about the misfortune of a former employer. Prior to co-founding Napera in 2006, I was at Lockdown Networks for a short time. Since the news broke this week that Lockdown closed their doors, I’ve been asked for my insight. Specifically, people want to know whether Lockdown’s failure is due to their inability to execute or due to a non-existent NAC market.
To fully understand Lockdown, you must first look at how they started. Lockdown (formerly Interact Networks) launched in 2003 with a vulnerability assessment product based on open source packages. I first met with them when I was at WatchGuard, but I didn’t see vulnerability assessment as a good opportunity.
When the NAC market started to heat up a year or two later, Lockdown turned their technology from the server and pointed it at the client, a move credited to Rob Gilde. The twist was that the Lockdown product would manage the access switches using SNMP and VLANs to quarantine computers while a health assessment was in progress. The new Enforcer product was essentially the original vulnerability assessment product with a multi-vendor multi-version switch manager bolted on.
Was Lockdown’s failure a result of a non-existent NAC market? I am confident it was not. In fact, one thing I learned at Lockdown is the significant customer demand for solutions in this space. I was often amazed at the amount of pain customers would endure in order to roll out a complex and immature product. They endured this pain because the Enforcer was one of the few products that claimed to solve their security problems in the manner they wanted it solved.
Alan Shimel’s comment that he doesn’t know why customers chose Enforcer is ironic. I can tell you first hand why customers decided Lockdown offered the best product. Customers wanted to use access switches to keep unknown and unhealthy computers from connecting to their networks and Lockdown built a product that let them do exactly that. This is not surprising when you look at market surveys regarding NAC and learn that customers want this technology baked into their networking gear. The Enforcer promised to add this technology to their existing gear.
So, why did Lockdown flame out?
If there were customers willing to pay for the product, why wasn’t Lockdown able to get this plane off the runway? There are many minor reasons, but ultimately it boiled down to the fact that the Enforcer product did not work as advertised.
Lockdown’s appeal was also Lockdown’s Achilles’ heel. Customers wanted NAC enforced at all of their switches – all the different brands, all the different firmware, even that old Cisco 2900 running an ancient version of CatOS. These switches weren’t designed to be manipulated so extensively over SNMP. Many product installs were delayed because of time spent uncovering obscure bugs in vendor switching software. A Forrester study quoted in Network Computing last year confirms this trend of overly complex NAC products not meeting customer expectations, showing that 40 percent of companies surveyed had started deploying NAC but only 4 percent completed their implementation.
Why wasn’t Lockdown able to overcome the technical hurdles?
I’m painting with a broad brush, but ultimately it boiled down to focus. In the early days of Enforcer there was a lack of focus on the new NAC opportunity. Instead, they allowed trickles of revenue from a dying vulnerability assessment product to steal their attention. Later it was the inability to focus on the sweet spot in their market – the switches that had the lion’s share of the ports. Instead, they took a shotgun approach trying to add support for every obscure switch needed for the next “big deal”.
Focus is key in a startup. The whole team has to be united around one purpose, and everyone on the team has to understand that purpose and what their individual role is in fulfilling it. From what I hear, Lockdown was starting to turn the corner on the stability of their product. Unfortunately, they ran out of runway before they got a chance.
During my time at Lockdown I had the opportunity to work with some bright people. I’m saddened that many of their lives have been turned upside down and I wish all of them the best of fortune getting back into the game.
Chris, your perspective on Lockdown’s failure is refreshing. I cannot judge whether it’s accurate but I appreciate that it goes beyond the “tiresome” unsupported cries that NAC has failed. Yes, the market is too immature to support 20+ companies but there is nothing new about that. The same pattern occurred with SSL VPNs. If worldwide end user sales were at least $100M in 2007(which I believe was not the case for network admission control) that would average only $2M per vendor – not enough to support R&D especially when short term revenue growth will be at best moderate – perhaps $125M in 2008. Only the very best can/will survive the slow but steady adoption rate for NAC. Or, those with substantial revenue streams from more mature markets.
Chris, great first post. Your point about focus is dead on. That’s something every startup struggles with, some better than other. I put some thoughts together a while back on a post about good revenue vs. bad revenue. You might enjoy reading it. http://www.theconvergingnetwork.com/2007/12/product-bistro.html
Chrisby, I think I speak for most of the guys when I say, it was an honor and a pleasure working with you. You are a man of honor, integrity and truthiness (if I may use a Colbert-ism). Your first post is intelligently written and well thought out, and I commend you for taking the high road. It was a terrible loss when you left and no doubt one of the contributing factors to our demise. If only you were allowed to do the job you were hired to do, I think things would have turned out a lot different…
Best of luck to you, B.A.R.F., Pete and any other ex-Lockdown employees that have a second go-around in Napera — hopefully learning from our mistakes. I too believe the NAC market is still viable and eventually somebody will get the magic formula right.
Chris welcome to the blogosphere.
Your comments on Lockdown were insightful and did not kick them when they were down I applaud that.
As you write your blog make sure to be honest with your readers and don’t write to hear yourself write. Please don’t use your blog to inflate your sales by leading your readers into believing that another company is great when it is actually your product as an OEM. Some bloggers have been known to do that. Try and be as neutral to the industry as possible. You don’t need bash your competitors to make yours look good. But, be honest and let us know what we should be looking for in a NAC solution weather it is yours or not.
We are looking for someone to learn from and not a just a new blogger that blogs for the sake of blogging. We are counting on you to be different. Good luck and I look forward to reading your blog.