A recent Gartner report says startup NAC vendors have about two years to make it before they are flattened by Cisco and Microsoft.

Well, maybe not flattened, but they’ll have a much tougher time of it. Vendors that sell just NAC will still have a chance among businesses that haven’t standardized on Cisco switches and routers or Microsoft servers and desktops, and among those that need advanced security capabilities to deal with new threats, according to “Dataquest Insight: Network Access Control Market, Worldwide, 2007-2012.”

“However, while enterprises continue to look for solutions to enforce policies on NAC, the high percentage of enterprise networks that are 100% Cisco combined with the increasing penetration of Vista on the desktop will narrow the addressable market for stand-alone NAC solutions after 2009,” the report says.

That’s because Gartner believes infrastructure-based NAC is getting more and more popular. “The maturation of infrastructure-embedded NAC will cause overall spending on stand-alone NAC tools to decrease considerably after 2009,” Gartner says.

Most NAC purchases today are for NAC appliances and NAC endpoint software, Gartner says. NAC endpoint software will fare better than appliances when infrastructure-based NAC takes hold, according to the report.

“Endpoint protection suite vendors that provide embedded NAC functionality are in a strong position provided that they can influence the network managers that typically drive NAC projects,” Gartner says. In many businesses, the decision about endpoint suites goes to desktop or perhaps security staff, not networking staff.

For customers looking at NAC this report indicates that in two or three years network-based NAC will be ready just about the time a NAC purchase today might be up for reconsideration (Compare NAC products).

Tim Greene is senior editor at Network World.