Security strategies are ever evolving. Recent cybercrime developments have caused many of your customers' IT teams to reprioritize their security tools and approaches. For example, for many years threat prevention was the primary tactic they used to secure their networks, with teams acting to ensure that no unauthorized attempt to infiltrate the network could be successful. The result was a heavily perimeter-focused security approach, which often left a largely open and unsecured network that could be easily navigated once an attacker managed to get inside.
For far too many of your customers, this is still the case.
As cyberattacks become more sophisticated, though, more IT teams are accepting that it’s impossible to stop every attack. To keep pace with threat trends and technology, your customers’ IT teams must adapt by adjusting their strategies and tools. This includes monitoring and securing traffic moving laterally across their network through internal segmentation as well as updating their IoT security with a modern network access control (NAC) solution.
Network access controls have been around for the past 15 years, but due to traditional perimeter-focused security strategies, and NAC’s reputation for complicated implementations, the option hasn't played a significant role in recent security approaches. However, expanding attack surfaces and a new generation of NAC solutions are causing organizations to rethink that approach.
Today’s modern NAC solutions provide your customers with enhanced visibility into the IoT devices on their corporate networks, whether they're connecting from inside or outside the network. Moreover, modern NAC tools can also automatically respond to compromised IoT devices or anomalous activity. They also provide a clear view into network assets to support regulatory certifications and security best practices that require organizations to establish and maintain an accurate inventory of all connected devices, including IoT—even in virtual environments where assets are constantly connecting and disconnecting from the network. NAC’s monitoring and response capabilities are especially critical since many IoT devices open your customers to additional risk via compromised, poorly written and unpatchable software, unadvertised back doors hardwired into firmware, and more.
Customers need a unified view into every IoT device on the network to secure against the threats brought on by the adoption of IoT, combined with the ability to detect and act on threats. NAC solutions do just that by leveraging automation, contextual data, and integration for visibility across integrated IoT, operations, IT and cloud networks.
NACs provide your customers with three essential capabilities:
Learn: One of the biggest challenges your customers face when securing IoT devices is that they often remain uncontrolled, even within a network. They might be employee-owned as a part of a BYOD policy, headless devices under the responsibility of the operational technology team, or consumer devices connecting to the network. With so many sources and no unified view, it’s easy for security teams to lose track of these devices. And in the case of consumer and employee devices, it’s impossible to enforce regular updates or patches, and this challenge is compounded by the fact that most IoT devices were not designed with security in mind. It’s no wonder that IoT devices have become a growing entry point for malware and network breaches.
To overcome this problem, your customers’ security teams need to identify and learn about each device connected to the network, including the level of risk each device carries. NAC controls visibility into every device across the entire distributed network. NAC then uses advanced tools and techniques to provide a detailed inventory of the devices on the network. Agentless scanning detects and classifies all IoT devices, including headless devices. Automated onboarding allows your customers to onboard large numbers of endpoints, users, and guests. And device profiling uses behavioral information for the level of access permitted for a device.
Segment: Many of your customers have designed open networks to facilitate faster transfer of information. The challenge is that such environments also allow compromised devices to dwell in the network long enough to determine where valuable data is stored, and then quietly exfiltrate it under the radar.
To minimize the potential of such an event, your customers must be able to classify each device in the network and then apply an appropriate set of access rules to ensure it can only enter certain areas of the network. These rules must then be communicated to the rest of the security infrastructure, thereby preventing an outside device from accessing and stealing sensitive data stored across the network. In addition to identifying what allotments the tool has, an effective NAC solution will also detect at-risk devices exhibiting anomalous behavior. When a compromised device is detected, modern NACs can then deploy segmentation, thereby isolating the device until the threat can be remediated.
Protect: Because modern cyberattacks occur at machine speed, network access controls must respond to threats at digital speeds. Doing so requires automation and threat context. Modern NAC solutions leverage automation to respond to compromised devices the moment they are detected in your customer’s networks. NAC can then immediately act to terminate the connection, restrict network access or change configurations.
This threat intelligence and contextual data then needs to be shared with other networking and security devices. To make this happen, NAC event reporting needs to seamlessly integrate with a security information and event management (SIEM) solution for further analysis, enabling an integrated response distributed to controls across the network.
As connected devices continue to become more prolific across your customers’ networks, they need a modern network access control solution that can identify IoT assets, enforce access control rules, and automatically isolate and remediate threats posed by compromised devices.
NAC solutions today offer unified visibility into connected devices across your customers’ distributed networks. Such integration ensures optimal protection even as the volume of IoT devices connected to their networks expands. In an integrated security environment, other security tools can then seamlessly leverage NAC event data to better identify other compromised devices for preemptive action.
This byline originally appeared on Channel Futures.
Learn more on the Partner Portal.
Sign up for our weekly FortiGuard Threat Brief to learn about breaking threat research.