I think port security is what determines whether or
not a box is allowed onto the network. If you know that
all of your conference room jacks are patched into
switch X blades Y-Z, then you apply security to those
ports. If you have a *NIX box in a server room, you
obviously drop the mcafee security requirement for that
port. I havent read through the documentation but that's
my guess.
The corporate network security market is looking for
a way to ensure that only machines with up to date
security policies (AV, FW, IPS) are allowed on the
network...with ways to distinguish printers, from
workstations/servers... etc...