As organizations shift their business models to keep up with the technologically evolving world, their networks continue to grow more complex with the influx of new devices. In turn, security teams struggle to maintain visibility across remote, in-office, and hybrid work environments, increasing the potential for cybercriminals to gain entry into corporate networks without being detected.
This post explains how network access control (NAC) solutions can address these issues and how security teams can leverage this technology as their networks work to adapt.
Network access control is a centralized approach to secure network access in which policies are enforced across all devices and users. The primary goal of NAC is to keep unauthorized devices or users from accessing a private network. This is often done with zero trustaccess solutions that provide visibility into all devices on a private or corporate network.
Though NAC technology has existed for nearly two decades, a new generation of solutions is now needed to protect the modern, ever-sprawling attack surface – one that only grew more complex amid the rapid shift to remote work. This makes it vital to have visibility into devices connecting from both inside and outside the network and an ability to automatically respond when/if devices are compromised.
With regulatory certifications and cybersecurity best practices requiring organizations to establish and maintain control of all connected devices, network visibility and dynamic policy control are key. As an important part of a Zero Trust Access (ZTA) model for security, NAC enables IT teams to easily monitor network on-boarding and control access to network resources.
A NAC solution's primary function is to deny access to unauthorized devices or users while allowing authorized devices and users appropriate access. Additional functionality of NAC solutions includes the following:
FortiNAC, Fortinet's network access control solution, provides visibility across the network for every device and user, including internet of things (IoT) devices. It also extends control of the network to third-party products enabling microsegmentation policies and changing of configurations on switches and wireless products from more than 170 vendors. FortiNAC also leverages automation to react to events in seconds, containing devices before they can allow viruses or hackers to spread across the network.
In the modern world, physical and virtual devices often repeatedly join and leave a network, and the devices themselves can vary greatly in their risk profile. Understanding the different use cases for this technology informs a more comprehensive NAC solution. Common use cases include:
In addition to the use cases described above, many organizations need NAC solutions to work across branch offices that may be located globally. FortiNAC, for example, can be implemented as part of a Secure SD-Branch solution, enabling customers to converge their security, WAN, and LAN.
A robust network access control solution is vital for any modern network in order to protect against threats. Becoming familiar with these six best practices will help you start off on the right foot:
Make sure you purchase a NAC solution that fits your network’s actual needs. For modern businesses, this often means clear visibility into internal and external devices (including IoT), built-in enforcement tools, and dynamic policy controls. You may also need features that are specific to your industry, network size, or local regulatory requirements.
Your NAC solution should help you keep a close eye on how many devices (and what kinds of devices) access your network on a day-to-day basis. Setting a baseline regarding how many devices access your network will help you immediately detect when there is abnormal activity on your network.
Make sure everyone on your network has an identity that can be verified. Once you’ve done that, create permissions based on an individual’s identity and only grant access to areas of the network that are instrumental to their day-to-day activities. You can always enable special permissions later – but being discerning about permissions will lower your chances of a catastrophic cyberattack.
It’s important to ensure every user on your network has a role – but for guests, some additional granularity may be needed. Set boundaries for users that aren’t full-fledged members of your organization and provide different tiers of access depending on their needs. For example, an outside sales representative will need limited, timed access. On the other hand, a contractor may need more in-depth access to your network for a longer period of time.
Most NAC solutions will provide alerts if there is any abnormal network activity – and an ignored or poorly addressed alert can quickly lead to a data breach. For that reason, make sure you have at least one IT member assigned to handle NAC alerts – and consider enlisting more help if you have many endpoints.
By keeping tabs on your historical and real-time network activity, you’ll be able to better prepare for audits while providing key stakeholders with insight into how your NAC solution protects your network.
FortiNAC works with the Fortinet Security Fabric to provide visibility, control, and automated response for every device connected to a network. Not only can it secure IoT and third-party devices, but it can be part of the security solution for any network, regardless of size or structure.
Discover how a Network Access Control solution (FortiNAC) provides organizations with the ability to see and control all the devices and users connected to the network.