Networks access control (NAC) has been a market in the making for almost 15 years, seeing many starts and stops along the way. Despite the promise of making it easier to automate the onboarding of devices, the technology has largely flopped, with vendor after vendor falling by the wayside, making it a classic example of a solution looking for a problem. One would have thought that bring your own device (BYOD) would have been a driver, but security professionals found other ways to safely onboard mobile phones and tablets.
IoT makes NAC a must-have security tool
It appears the long, quixotic journey for NAC has finally ended, though, as the problem of securing Internet of Things (IoT) devices is driving greater interest in NAC and is the exact problem that NAC was designed to solve.
IoT poses some particularly unique challenges for security teams, the biggest of which is the IoT devices are often under the control of the operational technology (OT) teams. This causes a huge issue because the security organization often has no idea what devices are connected to the network they are tasked with securing.
Point in fact: Earlier this year ZK Research conducted a survey that asked, “How confident are you that you are aware of all the IoT devices on the network?” A whopping 64 percent responded either “not at all” or “only a little,” with only 10 percent being “fully confident.” NAC can address this issue, which is why interest in it has skyrocketed. (Note: I am an employee of ZK Research.)
However, most NAC solutions today offer limited visibility, such as Wi-Fi only, or rely on third-party databases to pull device information. IoT devices are often difficult to identify compared to a PC, iPhone, or printer. Also, most NAC solutions can help find an infected device and quarantine it, but they can’t solve the problem because they lack control of the network.
Fortinet announces availability of FortiNAC
This week, security vendor Fortinet announced its new FortiNAC solution aimed at addressing many of the limitations of current NAC products. FortiNAC came to Fortinet via the acquisition of Bradford Networks made earlier this year and fills a hole in the vendor’s “Security Fabric” story that delivers consistent, end-to-end threat protection.
The strength of FortiNAC is visibility and how it discovers all the endpoints. Instead of relying on a database or endpoint agents, FortiNAC is completely agentless and automates the discovery of endpoints by ingesting a wide range of data sources, such as RADIUS, SNMP, DHCP, LDAP and others, as well as behavioral information. This lets FortiNAC identify over 1,500 device types compared to other solutions that can identify 500 to 1,000.