Advanced intrusion protection capabilities in these platforms include deep packet inspection, protocol anomaly detection, comprehensive buffer overflow and program flow control protection and the ability to isolate potentially malicious code. For network managers, some of these multi-layered solutions are a mixed blessing. Many have been stitched together from rapid acquisitions, not all of them smoothly. It's a hindrance that buyers have to watch for.

For example, Gartner report co-author Neil MacDonald notes that while Microsoft's latest desktop clients include a firewall, it isn't managed through its ForeFront suite but through Windows Server, which he calls "a huge oversight."

Derick Wong, Microsoft Canada's senior product manager for security and management products disagreed, saying all security and network management tools run through WinServer's Systems Centre operations manager.

The Gartner report also said McAfee needs to ­integrate its acquired technologies into a more ­cohesive solution, and criticized Symantec EP 11.0 for overlap with Symantec Critical System Protection and Symantec Compliance Manager, which use a separate management and reporting console.

With NAC part of many of these solutions, organizations may take a second look at it. And NAC's popularity may increase now that it's integrated with the just-released Windows Server 2008 in a component called Network Access Protection.

However, NAP only protects Windows Vista clients, although a plug-in for Windows XP clients will be out soon. Which leaves two views on network access control's future.

After examining his case studies, Hochmuth ­believes most organizations see NAC today as a technology that protects the network after a user has been authenticated.

But Forrester Research argued in a report last year that NAC does belong on the endpoint. Done right, the report says, it can give both pre- and post-admission device and user control.

NAC today has too many silos of policy, the authors wrote, resulting in disjointed policies. Despite the work of vendors, NAC still needs to be enforced by a multitude of infrastructure components - a policy for the VPN for external users and one for the WLAN or Ethernet switch for users inside the organization. Forrester also says today's NAC is too focused on prevention and not handling newly-emerging threats.

In Forrester's view host or software-based NAC, such as those found in the endpoint platforms, provide the best solutions because they can leverage other weapons in the defence arsenal. This comprehensive, rather than network-focused approach, will be the heart of NAC 2.0, it says.

There is still a role for NAC at the endpoint, agrees Patrick Wheeler, senior manager of endpoint complaiance at Symantec. "NAC in some ways has grown up from the initial view that it was about endpoint compliance and broadened its view," he says.

Perhaps this year hardware and software makers will add features to let it mature even more.