Business & Technology

FortiNAC Automates IoT Security for Digital Businesses

By Peter Newton | September 04, 2018

Fortinet just announced FortiNAC, the latest addition to its growing portfolio of integrated security solutions designed to protect today’s evolving networks. As organizations embrace digital transformation to improve operational efficiency, they have to support and secure a growing number of IoT devices. In fact, the rapid adoption of both stationary and highly mobile IoT solutions is one of the primary reasons why today’s networks are in constant flux.

According to Gartner, “Internet of Things endpoints will grow at a 32% CAGR from 2016 through 2021, reaching an installed base of 25.1 billion units.”(1) While most people envision digital cameras, printers, and smart appliances, IoT today also includes Industrial IoT (IIoT), Medical IoT (MIoT), and similar IoT solutions being developed across every vertical market. And to complicate matters further, these devices are increasingly interconnected and interdependent. They generate huge volumes of data, operate using applications that are constantly being updated, and often require access to critical resources. As a result, IT teams are struggling to identify, track, monitor, and secure them.

This trend hasn’t gone unnoticed by the cybercriminal community. The volume and sophistication of attacks targeting IoT devices continues to grow as well, as evidenced by the recent Triton and VPNFilter malware attacks.

IoT security starts with granular access control

While the IoT market is still relatively new, some of these devices have shown themselves to be especially vulnerable to exploits, as shown by attacks like Mirai botnet and Brickerbot. But IoT devices don’t only increase an organization’s potential attack surface, they also increase internal provisioning, management, and compliance costs. To address these challenges, IoT devices need to be automatically assigned to an isolated and secured network segment at the moment of access, while devices that begin to violate assigned profiles need to be immediately removed or quarantined. This makes access control a foundational requirement for any comprehensive security strategy.

FortiNAC provides the sort of broad visibility and granular control that today’s organizations need to deal with this growing problem by ensuring seamless and automated protection for—and from—any IoT device connected to the network.

It starts by automatically collecting information about a device connecting the network, matching it to a library of device profiles, and then tying it to a policy. This way, it ensures that all connected devices, anywhere in the distributed network, are not only authenticated, but also subject to context-driven policies that define who, what, when, where, and how connectivity is permitted. These rules are then distributed across the network to make sure these devices can only access those applications, infrastructure segments, and assets they have been authorized to touch. FortiNAC can then assign authenticated IoT devices to specific network segments that isolate them and their applications from the rest of the production network.

FortiNAC is also a key component of the Fortinet Security Fabric

FortiNAC is able to consistently monitor IoT devices, including their data and applications, as they move around the network, and ensure they continue to comply with company policies. As an integrated component of the Security Fabric, FortiNAC also enables the security network to identify any changes in device status and take immediate action by automatically performing containment at machine speeds—including quarantining devices for analysis and remediation and updating access controls and rule sets. If, for example, the Security Fabric identifies a digital camera that suddenly begins requesting data, FortiNAC can immediately isolate that device and flag it for further inspection. And since devices are rarely compromised alone, the Security Fabric automatically correlates threat intelligence to identify other devices that may have also been compromised and then dynamically leverages FortiNAC to isolate those devices as well.


As the number of IoT devices connecting to the network continues to grow, the risk of related security breaches continues to increase as well. FortiNAC addresses this challenge by enabling organizations to identify every device on the network at the point of access, assign them to secured network segments to ensure they only have access to approved resources, and then, as part of the Fortinet Security Fabric, continuously monitors those devices to automatically detect and respond to threats. In the world of IoT, FortiNAC not only answers the question ‘what’s on your network,’ but also enables you to provide the integrated and automated protections your digital business requires as these IoT devices become part of your extended network.

(1) Gartner,“ Forecast: Internet of Things — Endpoints and Associated Services, Worldwide, 2017,” Peter Middleton, Tracy Tsai, Masatsune Yamaji, Anurag Gupta, Denise Rueb, 21 December 2017.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Read more about Fortinet’s new network access controller, FortiNAC, which diminishes the security risks associated with unsecured devices accessing the network by giving organizations total visibility of endpoints, users, trusted and untrusted devices and applications.

Read the full news release.