Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has announced FortiNAC, a new network access control product line that delivers network segmentation and automated responses for IoT security.
The massive rise of unsecure, headless IoT devices, including industrial and medical IoT, requires new tools for securing networks.
Fortinet’s new FortiNAC product line delivers network access control to secure IoT environments and provides enhanced visibility, control and automated response capabilities.
FortiNAC provides detailed profiling of each device on the network and enables granular network segmentation and automated responses for changes in device status or behaviour. This ensures each device only has access to approved items on the network.
“Digital transformation brings a proliferation of unsecure IoT devices accessing the network and, with it, the increased risk of a security breach,” said John Maddison, SVP of Products and Solutions at Fortinet.
“FortiNAC allows organisations to identify every single device on the network and enable segmentation, giving each device access only to approved items. This functionality is delivered all within a solution that works with multi-vendor environments and an unlimited number of devices.
“FortiNAC stengthens the Fortinet Security Fabric for IoT deployments, delivering broad, integrated and automated cybersecurity solutions across the entire attack surface. In the world of IoT, FortiNAC answers the question ‘what’s on your network’ and then enables you to protect it.”
Unsecure IoT devices are leaving organisations vulnerable
The use of IoT devices is growing at a tremendous rate as organisations embrace digital transformation to enable better operational efficiency.
According to Gartner, ‘Internet of Things endpoints will grow at a 32% CAGR from 2016 through 2021, reaching an installed base of 25.1 billion units’.
The sheer volume of devices – including IoT, corporate and BYOD – seeking wired and wireless network access are exponentially enlarging the attack surface and raising internal provisioning, management and compliance costs.
The responsibility of connecting and securing access has shifted from a network-led issue to a security-led issue and poses a challenge for organisations: security managers need to secure every single device every single time, while cybercriminals only need one open port, one compromised or unknown device or one uncontained threat to circumvent all of the effort going into securing the network.
FortiNAC secures networks accessed by unsecure devices
Fortinet’s new network access controller, FortiNAC, diminishes the security risks associated with unsecured devices accessing the network by giving organisations total visibility of endpoints, users, trusted and untrusted devices and applications.
Once visibility has been achieved, FortiNAC establishes dynamic controls that ensure that all devices, whether wired or wirelessly connected, are authenticated or authorised and are subject to a context-driven policy that defines who, what, when and where connectivity is permitted.
This ensures that only the appropriate people and devices can connect to and access appropriate applications, infrastructure and assets. Additionally, FortiNAC can enforce company policies on device patching and firmware version.
FortiNAC also contains powerful network orchestration capabilities for delivering automated responses to identified threats and can perform threat containment in seconds, where a manual process could take days or weeks.
Networks are in constant flux, with new devices connecting and disconnecting; controlling the network by controlling access to any device seeking access is a key part for ensuring the integrity of a network.
Such an approach – where no unknown devices ever gain access to the corporate infrastructure, permitted devices are automatically segmented based on policies and roles and connected devices that begin to violate profiles are immediately quarantined from the network – becomes the foundation for a comprehensive security posture.
Furthermore, the FortiNAC network access control solution is cost-effective and highly scalable, extending visibility and protection to an unlimited number of devices and eliminating the need for deployment at every location of a multi-site installation.
NAC and IoT security solutions bolster the Fortinet security fabric
Fortinet has strengthened its security fabric by extending its ability to engage network devices beyond the Fabric-Ready Partner Program to a wider multi-vendor environment, including third-party firewalls, switches, wireless access points and endpoints.
FortiNAC is also integrated with the FortiGate Next-Generation Firewall, FortiSwitch, FortiWLC Wireless Controllers, FortiSIEM and FortiAP to minimise the risk and impact of cyberthreats broader visibility and security for complex networks.
Rob Fountaine, manager of information security at Atrius Health, said: “If you do not know about a device, there is no way to monitor and protect it. FortiNAC gives us a clear picture of the network and enables us to quickly find assets and shut down individual network ports.
“Adding this layer of visibility has helped us protect against data loss and ensure HIPAA compliance. I equate FortiNAC to having a lock on the doors and windows of your house. Without it, you are leaving your house wide open.
“We also no longer have to worry about lateral malware infections as we can just kill the port. Now, only authorised devices can connect to the network, and every port can be located and controlled.”
Zeus Kerravala, ZK Research, said: “The network access control (NAC) market is seeing double digit growth in revenue, which is being driven by the need for device visibility in the network and concerns over IoT security. FortiNAC is a great enhancement to the Fortinet Security Fabric because it delivers an effective solution to IoT security risks and provides a compelling combination of multi-vendor support for enhanced detection and enforcement, as well as efficient and effective scalability for cost-effective deployment.”