FortiNAC: Network Access Control

Network access control (NAC) technology has been around for nearly two decades, but a new generation of NAC solutions is helping organizations keep up with today’s ever-expanding attack surface, delivering not only visibility of the network environment, but also enforcement and dynamic policy control. Modern NAC solutions provide users with enhanced visibility into the IoT devices on their corporate networks, whether they're connecting from inside or outside the network, and can automatically respond to compromised Internet of Things (IoT) devices or anomalous activity.

Modern NAC solutions also provide a clear view into network assets to support regulatory certifications and security best practices that require organizations to establish and maintain an accurate inventory of all connected devices, including IoT—even in virtual environments where assets are constantly connecting and disconnecting from the network. NAC’s monitoring and response capabilities are especially critical since many IoT devices open users to additional risk via compromised, poorly written and un-patchable software, unadvertised back doors hardwired into firmware, and other factors.

NAC solutions are an important part of a Zero Trust Network Access model for security, in which trust is no longer implicit for users, applications, or devices attempting to access the network, and for which IT teams can easily know who and what are accessing the network, as well as how to protect corporate assets both on and off the network. 

NAC solutions provide visibility over everything connected to the network, as well as the ability to control those devices and users, including dynamic, automated responses. NAC is part strengthening overall network security infrastructure.

A properly functioning NAC solution can deny access to noncompliant users or devices, place them in quarantine, or restrict access to a small number of network resources, separated from the rest of the network. NAC solutions generally support the following:

1. Authentication and authorization of users and devices
2. User and device profiling
3. Denial of unsecured devices
4. Quarantine of unsecured devices
5. Restricting access to unsecured devices
6. Policy lifecycle management
7. Overall security posture assessment
8. Incident response through policy enforcement
9. Guest networking access

The adoption of IoT devices is growing exponentially, especially in high-risk markets such as healthcare and retail where even a few years ago there were far fewer network-connected devices. Converging with this trend is BYOD (Bring Your Own Device), which over more than a decade has brought an influx of new mobile devices connecting to corporate networks. Both IoT and BYOD create substantial new security risks and open new threat vectors, and unsecured IoT and BYOD devices dramatically increase the risk of intrusion, breach, and a catastrophic cyberattack. The right NAC solutions ensure compliance for all IoT and BYOD devices connecting to networks, checking that proper controls are in place before corporate network resources are accessible.

NAC is also critical in the age of IoT, which in general refers to the billions of non-traditional compute, IP-enabled devices that are connecting to networks. (This means basically everything on the network that isn't a laptop or mobile phone, from IP cameras, to VoIP phones, printers, HVAC controls, temperature sensors, badge readers, digital displays, bluetooth sensors, and many more examples.)

The role of NAC solutions in incident response is often significant. NAC solutions can be configured to automatically enforce security policies, share contextual information, and isolate unsecure devices from accessing other parts of a network.

Contractors, partner employees, and other guest workers need specialized access only to those parts of the corporate network that enable a good user experience and allow them to do their jobs. NAC solutions play a key role in maintaining access privileges while ensuring guest users have smooth connectivity and a good overall experience.

Healthcare is an industry rapidly embracing the IoT trend, where, as the Internet of Medical Things (IoMT), many new networked devices coming online to support advances in medicine and medical care. But as more medical devices access the corporate network, it is critical to employ NAC solutions that can help protect devices and massive troves of sensitive personal data, including medical records. NAC solutions can help improve healthcare security overall and keep medical facilities and other healthcare institutions safe from ransomware and other prevalent threats.

Regulatory compliance isn’t optional, and organizations can receive serious fines and create myriad other problems if access controls aren’t implemented or aren’t demonstrably effective. NAC solutions have long been thought of as risk mitigation technology—which they certainly are—but the right ones can also help enforce compliance controls under regulations such as HIPAA, SOX, or PCI-DSS, and ensure smooth compliance audits.