Security is no longer something you can just provide at the edge: it’s intrinsic to every part of the network stack, from the end user, up to the Wide Area Network.
Business networks are changing rapidly, causing new threats to emerge and creating unknown risks. These changes have made it vital to secure network devices and control perimeter access. Network Access Control (NAC) is one solution to this challenge.
What is Network Access Control (NAC)?
Network Access Control (NAC) tools detect all devices on the network and provide visibility into those devices. NAC systems allow companies to set finely calibrated access policies when implemented correctly. They can determine exactly how each user moves around the network and which resources they can access. The software prevents unauthorised users from entering the network and enforces policies on endpoints to ensure devices comply with network security policies.
The NAC is a fairly complex product, so it can be hard for managed service providers to articulate the benefits. For those customers who are serious about network security, NAC delivers visibility, control and automated response for everything that connects to the network, filling a necessary gap.
Securus is a NAC specialist with many years’ experience in delivering network security solutions. When Securus is the incumbent WAN provider, the NAC implementation – FortiNAC from Fortinet – is a natural extension of the network solution.
Key FortiNAC benefits
- Scans the network to detect and classify devices through automated methods
- Creates a comprehensive inventory of all devices on the network and facilitates user network access orchestration
- Evaluates the risk of every endpoint on the network, giving the option to restrict guest network access
- Centralises architecture to simplify deployment and management
- Allows resource access management and enables user segmentation based on roles
- Helps to detect suspicious activity and supports incident response automation
- Contributes to regulatory compliance
- Supports third-party network devices to ensure compatibility with the existing infrastructure, automates onboarding process, enforces dynamic network access control and provides event reporting to SIEM with detailed contextual data to reduce investigation time.
Securus contextualises the applications for our customers and understands their pain points, as is demonstrated below for three of our key customers.
McArthurGlen is Europe’s leader in designer outlet shopping, with 25 sites in 10 countries, including the UK. They have 90 million visitors every year and a £5 billion annual turnover.
When third-party contractors came and installed things like sensors and CCTV, it had the potential to create loops on the network, which could take the network down in some or all of the shopping centres. With outages lasting up to a couple of days, the IT team – which is not focused on geographic location – would have to diagnose the issues, using up valuable internal resource.
Securus implemented Network Access Control across the entire business, all part of McArthurGlen gaining better control by restricting the availability of network resources to endpoint devices and users that comply with a defined security policy. Any device that connects to the network has to be authorised, giving McArthurGlen full control over their remote estate.
The NAC can also provide additional endpoint security protection such as antivirus software, firewall and vulnerability assessment with security enforcement policies and system authentication methods.
Securus proposed the NAC for a large car dealership customer, which has a centralised, not site-specific, IT team. A lot of sales managers move cars around the showroom and, if someone moves their PC from point A to point B in the dealership, for example, they could no longer get the access they had on the original location because the cable that was connected to point B is on a different switchboard.
Networks are generally quite a static configuration. You typically assign each port to have a specific function and IT has to physically log in to make any changes. What NAC enables them to do is identify the specific device, then move the profile from point A to point B so employees can continue working seamlessly, on a fully secure device.
When computers and lap tops are moved around, the IT team haven’t got to spend hours or days unpicking it all, which frees up their time to work, yet still allows them full control of the network. It’s a very different application but with a defined business outcome, primarily for flexibility.
A call centre business has hundreds of agents in one building, who take inbound and outbound call for various customers, essentially ‘floating’ between customers. Whilst the organisation already has strict security processes, NAC enables them to change the group membership of the user in Active Directory which then changes their network configuration, giving them access to everything associated with that particular customer.
Previously, the switches were configured by IT, which could be time-consuming and laborious. Now it can all be done from one location, knowing that the necessary segregation is in place, and the agent can easily switch their profile over to a new customer. The organisation’s firewall is integrated with Active Directory, so if the agents are not connected to the right group at the right time, they can’t even get internet access, keeping security at the forefront.
FortiNAC provides protection against IoT threats, extends control to third-party network devices and orchestrates automatic response to a wide range of network events. It is a natural extension of ‘zero trust’: by default, nothing’s trusted. FortiNAC has a wide range of powerful features that make managing network access easier and quicker.
If you need more network flexibility and control, whilst also freeing up your internal IT resource, Network Access Control may be right for your business.
Call the NAC experts at Securus on 03451 283457 to find out more.