The MSSP Opportunity Around Network Access Controls

By Jon Bove | August 20, 2020

This is a summary of an article written for Channel Futures by Jon Bove, VP of Channel Americas at Fortinet. The entire article can be accessed here.

The proliferation of Internet-of-Things (IoT) devices on enterprise networks has created new vulnerabilities for organizations to manage. Similarly, the expansion of telework has amplified bring-your-own-device (BYOD) usage, increasing the number of gaps and weaknesses along the network perimeter. As a result, IT teams often struggle to gain the visibility needed to maintain security across their distributed network environments.  

Employing network access control (NAC) solutions can help address this challenge by providing device management capabilities that enhance threat awareness and mitigation. That said, NAC solutions can be difficult to deploy, which is why organizations typically rely on partners to assist with their implementation. This creates an opportunity for partners and MSSPs to generate additional revenue by offering specialized security services that provide customers with network-wide visibility and automated threat detection and response.

The Challenge of Controlling Device Access

While IoT products and BYOD policies enhance network capabilities, they also present many challenges to business environments. There can be several device types, brands, and operating systems within an organization that, if not centralized, can create new edges and vulnerabilities for cyber criminals to exploit.

Initially, NAC solutions were built to authenticate and authorize endpoints using simple scan-and-block technology. Since then, NAC capabilities have expanded and now provide endpoint visibility, controls, active monitoring, and automated responses. As network infrastructures evolve and cyber threats become more sophisticated, organizations require third-generation NAC solutions to help secure their device usage. 

This is where partners come in, as many organizations will need assistance with identifying and deploying NAC solutions on their networks.

Providing NAC-as-a-Service

Offering NAC-as-a-service helps partners and MSSPs facilitate network access control for their customers. Before deploying NAC solutions, MSSPs must have a complete understanding of their customers’ networks. This will not only ensure that the solution you implement is effective, but it will also help you identify other areas where you can provide additional value to customers. 

How Partners and MSSPs Can Provide Effective NAC Services to Customers

For partners to provide successful NAC services to customers, their solutions should be: 

Centralized: A centralized NAC solution removes the need for truck roll or gear for on-premise deployments. This saves both customers and MSSPs time and money when managing a NAC solution.

Subscription-based: By offering subscription-based services, MSSPs can cut costs and increase revenue. In addition, you can also offer different levels of service to customers, each with their own associated costs. The greater the level of service you can provide, the more engagement you will have with customers. 

Comprehensive: The NAC solutions that MSSPs deploy should provide the following functionalities to ensure the highest levels of customer security:

  • Visibility – NAC solutions must be able to view network endpoints in order to properly categorize device users and ensure continuous post-connection risk assessment.
  • Endpoint vulnerability assessment – The chosen solution must be able to determine critical device vulnerabilities often associated with uninstalled patches and outdated software. 
  • Granular control – Once devices and users are identified, the solution must be able to support intent-based segmentation to ensure automatic enforcement of security policies. This should be based on defined user and device information, as well as role-based and contextual information.   
  • Integration - NAC capabilities should integrate with existing network solutions to enable shared information about potential threats. The solution should also support interoperability with third-party products. 
  • Real-time response – The solution should leverage automation to ensure active device monitoring and rapid threat response. This will enable the immediate containment of suspect devices, which will then limit the impact of attacks.
  •  Automated workflows - The NAC should automate device onboarding and send remediation prompts should a device not meet security standards.
  • Flexibility and scalability – It should support branch integration and be easily scalable. By providing flexible deployment across physical, virtual, and cloud locations, partners can continue to support customers as they grow and as their networks become more complex. 

Final Thoughts on a Comprehensive NAC Solution

As customers’ attack surfaces expand with the adoption of digital devices, their networks require comprehensive NAC solutions to manage device usage. MSSPs can take advantage of this opportunity by providing enterprise-grade NAC solutions and service capabilities to customers. With comprehensive NAC capabilities, customers will realize enhanced visibility and threat response while MSSPs will see increased client loyalty and revenue. 

Discover how Fortinet's Network Access Control solution (FortiNAC) provides organizations with the ability to see and control all the devices and users connected to the network.

Current partners can visit the Partner Portal to find important updates from Fortinet and our partner program.