Previously, we’ve written about the zero trust network security framework and separately, about...
The Importance of Network Access Control (NAC)
Security teams are facing challenges when it comes to maintaining visibility across remote, in-office and hybrid work environments as business models shift in an effort to keep up with evolving technology. Growing complexity of networks paired with the influx of new devices created an opportunity for bad actors to breach corporate networks without being caught.
Network Access Control
To combat this, network access control solutions can be deployed to address these concerns and security teams can leverage the technology in order to adapt. Network Access Control can be viewed as the process of restricting unauthorized users and devices from entering a private or corporate network. It is becoming a crucial part of the zero trust access model for security. To gain access to the network, devices must be authorized and compliant with security policies and users must be authenticated.
Network Access Control (NAC) can be utilized both pre-admission and post-admission. For pre-admission, a user makes a request to enter a network and depending on if the device or user can authenticate their identity a pre-admission network control will grant access. Post-admission involves a previously authenticated user who is attempting to access a different or new area of the network that they have not yet been authorized to enter. In order to access these new areas, the identity of the device or user must be verified again.
NAC solutions provide automated features which can decrease the time and accompanied costs with authenticating, authorizing, and determining compliance. This results in a sizable benefit that your organization may regret overlooking.
NAC technology is not new, in fact it has been around for nearly two decades. However, the ever-growing attack surface which has only grown in complexity amid the remote work movement has resulted in the need for a new generation of solutions aimed at protecting the modern workplace.
Now, more than ever, it’s critical to have visibility into devices connecting both internally and externally along with an ability to respond automatically if compromises occur. The detection of unusual or suspicious network activity can be configured and an immediate action response will occur. This often comes in the form of isolating the device from the network to avoid the attack spreading.
NAC can be used to leverage information on inventory regarding users, devices, and their level of access. It can also function as an active discovery tool revealing previously unknown devices who have entered the network. Adjustments to security policies by IT administrators may need to happen as a result.
Additionally, organizations have the capability to choose how NAC will authenticate users trying to enter the network. Often times, multi-factor authentication is used which delivers an additional layer of security on top of the traditional username and password credentials.
Control of applications and data within the network is a huge piece of restricting network access which should not be ignored as it usually serves at the target of cyber criminals. NAC helps achieves a strong level of network controls which means a reduced likelihood of a successful cyber attack.
NAC solutions have no shortage of use cases in the modern world where virtual and physical devices are constantly joining and leaving networks, each of which can carry a wide array of risk. Informing a more comprehensive NAC solution can be achieved by better understanding the different use cases for the technology. For starters, the use of IoT (internet of things) devices is continually growing including using home networks to access operational technology settings and connections to enterprise networks.
Cyber criminals will target these devices that often go unmonitored or unnoticed by older NAC solutions. However, the identification and monitoring of IoT devices, along with traditional devices, is possible with modern NAC solutions. By the same token, there is a growing dependency on IoMT (internet of medical things) devices in healthcare.
The critical protection of sensitive personal data and medical records in a network with numerous IoMT devices and users is possible thanks to a properly structured NAC solution. Incident response is another use case where the right NAC solution can make a world of difference.
Automation has the ability to enforce security protocols, share contextual information, and isolate risky devices at the point of connection before they have the opportunity to harm. BYOD (bring your own device) has been picking up steam with the remote work trend where employees access the corporate network from personal phones and computers.
Handling the authentication and permissions of unfamiliar devices trying to enter the network is where the right NAC solution can provide value. Also, it is not uncommon for companies to allow partners, temporary workers, or contractors to access only specific areas of the network.
Preventing unauthorized access to parts of the networks and maintaining access privileges can be done with NAC while not sacrificing a positive guest experience. Finally, compliance is another common use case for NAC since it helps enforce compliance controls under regulations including HIPAA, SOX, or PCI-DSS. It can be viewed as a form of risk mitigation to help avoid the fines that can occur if regulatory requirements are not met. On top of the use cases covered, NAC solutions can be deployed to work across globally located branch offices.
If you are interested in deploying a NAC solution and are wondering where to begin there are a handful of best practice suggestions to get you headed in the right direction. First off, research must be done to ensure you select a NAC solution that aligns with your network’s actual needs.
Often this comes in the form of built-in enforcement tools, dynamic policy controls, and clear visibility into internal and external devices. Features related to your specific industry, network size, and local regulatory requirements should all be considered as well. Second, the number of devices that access your network daily should be closely monitored by your NAC solution as part of an effort to set benchmarks for device access.
Doing so will create a baseline to help you better detect any abnormal activity. Third, an identity-based permission structure should be adopted so that everyone on your network has a verifiable identity. From there, special permissions and access can be created based on what is essential for the individual’s day-to-day activities. Paying close attention to permissions decreases the likelihood of a severe cyber attack.
Fourth, special guest controls should be established for users who aren’t permanent members of your organization. Boundaries should be set, and different tiers of access should be provided based on their needs. Fifth, IT staff should be continuously monitoring for alerts of abnormal network activity.
At least one team member should be assigned to oversee NAC alerts because a poorly addressed or ignored alert can result in a data breach. Sixth, reports should be pulled regularly in order to keep tabs on current network activity as well as historical. Doing so will aid in preparation for audits and provide evidence to stakeholders on how your NAC solution secures your network.
Cyber Security Best Practices
Network visibility and dynamic policy control are more important than ever with many organizations being required by regulatory certifications and cyber security best practices to grasp control of all connected devices. FortiNAC, the NAC solution from Fortinet, delivers control, awareness, and automated response capabilities for all hardware that connects to an organizations network including servers, devices, IoT devices, and routers.
Dangerous events can be reacted to in mere seconds with automation, stopping the spread of viruses and hackers across the network. It bolsters the Fortinet Security Fabric and regardless of the size or structure of the network, it can become an integral part of the overall security solution.
For instance, FortiNAC can be deployed as part of a secure SD-branch solution ultimately allowing a convergence of security, LAN, and WAN for customers. Microsegmentation polices and altering of configurations on switches and wireless products from upwards of 170 vendors is possible with FortiNAC as it extends network control to third-party products. FortiNAC works to make sure all devices are known, authorized, and protected. Named as one of most rapidly growing NAC solutions available in a recent case study, FortiNAC can become a great asset for your organization.
As stated by Fortinet, the benefits that NAC can provide organizations can be summarized by the following:
- Control the users entering the corporate network
- Control access to the applications and resources users aim to access
- Allow contractors, partners, and guests to enter the network as needed but restrict their access
- Segment employees into groups based on their job function and build role-based access policies
- Protect against cyber attacks by putting in place systems and controls that detect unusual or suspicious activity
- Automate incident response
- Generate reports and insights on attempted access across the organization
ACP CreativIT has experts who would be happy to assist your organization in learning more about how the right NAC solution can help monitor and control access to you network resources. Contact us to talk to one of our experts today.