8/23/2004 -- Last week, switching vendor Alcatel announced its Alcatel Quarantine Engine, a hybrid solution that’s enabled by a combination of Alcatel’s own OmniSwitch dynamic VLAN capability and the Sygate Secure Enterprise from network security specialist Sygate Technologies.

According to consultancy Forrester Research, network quarantine has been embraced by many network administrators as a last, best safeguard against infected client computers. The idea, analysts say, is that malicious packets from compromised systems can be effectively quarantined from healthy systems, thus preventing systemic infection. Network quarantine relies on a combination of intelligence and awareness at the port level -- Alcatel's specialty -- along with end-point support at the client. That's where Sygate comes in.

In this respect, Forrester argues, the Sygate partnership catapults Alcatel in front of rival Enterasys Networks and -- possibly until 2006 -- enterprise switching kingpin Cisco Systems Inc.

“By pairing its 802.1x-enabled OmniSwitches with Sygate's Secure Enterprise endpoint policy enforcement solutions, Alcatel closes in on rival Enterasys Networks,” write Forrester researchers Laura Koetzle and Robert Whiteley in a research brief. “Alcatel also gets a jump on enterprise switching champ Cisco, whose port-based quarantine solution won't be available for its Catalyst LAN switches until March 2005. Enterasys' port-based quarantine solution retains a slight edge over Alcatel's, because Enterasys' doesn't require 802.1x support and can use either Sygate's or Zone Labs' endpoint enforcement agent.”

The Forrester analysts believe that both Alcatel and Enterasys will make some inroads against Cisco, but won’t seriously affect its position as enterprise switching kingpin. “Cisco will deliver the port-based quarantine upgrades to IOS for its switches on schedule,” write Koetzle and Whiteley. “However, because users' Cisco maintenance contracts typically only allow IOS refreshes once or twice a year, firms may have to wait up to a year to roll out port-based quarantine. Thus, Alcatel and Enterasys' window for gaining market share could extend until March 2006.”

Similarly, Forrester thinks there’s an opportunity for both Alcatel and Enterasys to dislodge many users of the now-discontinued Cisco Catalyst 5500. “However, customers with newer switches will decide that they can afford to wait for Cisco's scheduled IOS rollout, because they'll want network quarantine administration functions integrated into CiscoWorks,” Koetzle and Whiteley write. -Stephen Swoyer