As organizations shift their business models to keep up with the technologically evolving world, their networks continue to grow more complex with the influx of new devices. In turn, security teams struggle to maintain visibility across remote, in-office, and hybrid work environments, increasing the potential for cyber criminals to gain entry into corporate networks without being detected.
This post explains how network access control (NAC) solutions can address these issues and how security teams can leverage this technology as their networks work to adapt.
What is Network Access Control (NAC)?
Network access control is a centralized approach to secure network access in which policies are enforced across all devices and users. The primary goal of NAC is to keep unauthorized devices or users from accessing a private network. This is often done with zero-trust access solutions that provide visibility into all devices on a private or corporate network.
Though NAC technology has existed for nearly two decades, a new generation of solutions is now needed to protect the modern, ever-sprawling attack surface – one that only grew more complex amid the rapid shift to remote work. This makes vital to have visibility into devices connecting from both inside and outside the network and an ability to automatically respond when/if devices are compromised.
With regulatory certifications and security best practices requiring organizations to establish and maintain control of all connected devices, network visibility and dynamic policy control are key. As an important part of a Zero Trust Access (ZTA) model for security, NAC enables IT teams to easily monitor network on-boarding and control access to network resources.
Network Access Control Solutions
A NAC solution’s primary function is to deny access to unauthorized devices or users while allowing authorized devices and users appropriate access. Additional functionality of NAC solutions includes the following:
- Authentication and authorization of users and devices
- Discovery of all devices on the network
- Device posture checking
- (same as next one) Quarantine of unsecured devices
- (same as previous one) Policy lifecycle management (what does this mean?)
- Overall security posture assessment
- Automatic policy enforcement for Incident response
- Guest networking access
- BYOD enforcement
- Device posture check during remote access (VPN)
Enforcing time and geography access policy
FortiNAC, Fortinet’s network access control solution, provides visibility across the network for every device and user, including internet of things (IoT) devices. It also extends control of the network to third-party products enabling for micro-segmentation policies and changing of configurations on switches and wireless products from more than 170 vendors. FortiNAC also leverages automation to react to events in seconds, containing devices before they can allow viruses or hackers to spread across the network.
Determining the Value of NAC Solutions
In the modern world, physical and virtual devices often repeatedly join and leave a network, and the devices themselves can vary greatly in their risk profile. Understanding the different use cases for this technology informs a more comprehensive NAC solution. Common use cases include:
- IoT: The use of IoT devices only continues to grow. This includes their use in Operational Technology (OT) settings, and connections to enterprise networks from home networks. Such devices can go unnoticed or unmonitored by older NAC solutions, making them a prime source of exploitation for cyber criminals. The right NAC solution will identify and monitor IoT devices, in addition to traditional devices.
- BYOD (Bring Your Own Device): With employees working remotely from personal computers or accessing the corporate network from personal phones, a proper NAC solution must also be able to handle permissions and authentication of unfamiliar devices attempting to access the network.
- Incident Response: In addition to simply controlling network access, a robust network access control solution should be able to respond to threats quickly and effectively. This is where automation comes into play. Automation in a NAC solution enforces security policies, shares contextual information, and isolates insecure devices at the point of connection to the network before they can do any damage.
- Contractors: Often, companies want to allow contractors, partners, or temporary workers access to only certain parts of the network. NAC can be used to maintain access privileges and prevent unauthorized access to certain parts of the network while ensuring guest users have smooth connectivity and a good experience.
- Medicine: In the world of healthcare, there is a growing reliance on the Internet of Medical Things (IoMT) devices. But healthcare is a highly regulated industry, and network compliance is vital. Properly structured NAC solutions can provide the necessary protection of sensitive personal data and medical records in a network with multiple users and IoMT devices.
- Compliance: Organizations can be fined if they do not meet regulatory requirements for their respective industries. NAC solutions can be considered a form of risk mitigation that helps enforce compliance controls under regulations such as HIPAA, SOX, or PCI-DSS.
In addition to the use cases described above, many organizations need NAC solutions to work across branch offices that may be located globally. FortiNAC, for example, can be implemented as part of a Secure SD-Branch solution, enabling customers to converge their security, WAN, and LAN.
Secure Your Network with FortiNAC
A robust network access control solution is vital for any modern network in order to protect against threats. FortiNAC works with the Fortinet Security Fabric to provide visibility, control, and automated response for every device connected to a network. Not only can it secure IoT and third-party devices, but it can be part of the security solution for any network, regardless of size or structure.
Discover how Network Access Control solution (FortiNAC) provides organizations with the ability to see and control all the devices and users connected to the network.