Business & Technology
Convergence of IoT and Access Control Technology
Today, Fortinet completed the acquisition of Bradford Networks. This blog provides an overview of the reasons Fortinet believes that more investment is required in this nascent space.
Fortinet has consistently led in the area of segmentation—it’s a core value of the FortiGate solution set—but the enterprise has been changing, with mobility at the heart of the connected experience. Ensuring burdenless, consistent access policies for the enterprise, and a high-quality user experience for employees, contractors, and visitors are at the heart of today’s business exchange, and cannot be impeded.
In this same moment, businesses are harnessing the opportunities of IoT, which is driving digital transformation. The sheer volume of devices—whether IoT, Corporate, or BYOD—seeking wired and wireless enterprise network access are exponentially enlarging the attack surface and raising internal provisioning, management, and compliance costs. The responsibility of connecting and securing access falls between network and security domains, a gap exploited far too often by cybercriminals.
All enterprises require cross-estate, multivendor Visibility, Control, and Integrated Response—this is the challenge of modern enterprise segmentation, and it demands a better approach to traditional access control strategies.
IoT has changed the network landscape
The number of connected ‘things’ exceeded the human population in 2008. Gartner predicted that 4.2 billion of those connected things would be deployed in the enterprise environment in 2018, with that number expected to grow to 7.5 billion in just two years. This unprecedented volume of network traffic makes spoofed, infected, hijacked, and rogue devices hiding in the noise of a constantly shifting network an increasingly serious security challenge. By 2020, it is estimated that network breaches will affect over 1.5 billion people, with no decline in sight. In such an environment, finding a compromised device is literally like finding a needle in a haystack.
It’s the classic security challenge. Security managers need to secure every single device every single time, while criminals only need one open port, one compromised or unknown device, or one uncontained threat to circumvent all of the effort going into securing the network.
Access control to the rescue
The key to solving this challenge is access control. Once an organization achieves total visibility of all devices connected to the enterprise, the next step is to establish dynamic controls that ensure that all devices, whether wired or wirelessly connected, are authenticated or authorized, and are subject to a context driven policy that defines who, what, when, and where connectivity is permitted.
Ensuring that only the appropriate people and devices can connect to and access appropriate applications, infrastructure, and assets is a natural extension of the domain security-based policy approach that the enterprise has harnessed for 30 years. The idea of controlling the network by controlling access to any device seeking access is still a great idea. That’s because it’s really the only possible method for ensuring the integrity of a network that is in constant flux.
Such an approach—where no unknown devices ever gain access to the corporate infrastructure, permitted devices are automatically segmented based on policies and roles, and connected devices that begin to behave badly are immediately quarantined from the network—becomes the foundation for a comprehensive positive security posture.
A better response
Security events are inevitable, so modern access control solutions need to be able to collect and correlate events and intelligence from other security and network solutions as well as vendor threat intelligence feeds, react positively to mitigate data loss or exfiltration, and further strengthen kill-chain analytics. Further, this connectivity information generated and managed by a fully integrated access control solution becomes invaluable to UEBA solutions, improving their ability to provide contextual data analysis.
Future security
Our belief is that enterprise security fundamentally requires a holistic access control solution. Through this acquisition of Bradford Networks, Fortinet strengthens its Security Fabric by extending its ability to support and secure today’s expanding multi-vendor wired and wireless environments. Of course, Fortinet will also continue to work closely with solutions such as Aruba ClearPass, ForeScout CounterAct, and Cisco ISE through the Fabric Partner Program in order to maintain maximum flexibility and choice for our customers. We are committed to maintaining our leadership in providing partners and customers with the most effective end-to-end security available—and we believe that our combination of open standards, integration, partnership, and technology investment is the best way to achieve this.
For more reading, our paper on "Covering the Gaps in IoT Security” provides details on the security risks of IoT and what organizations can do to address them.
Webinar: Conduct IoT Device Reconnaissance with Broad and Deep Network Visibility
