Fortinet: NAC Best Equipped To Secure IoT On Networks

Fortinet wants solution providers to know that it believes network access control is the best way to secure the expanding number of Internet of Things devices coming online within corporate networks.

In a talk at The Channel Company's IoTConnex virtual conference Wednesday, Peter Newton, senior director of product marketing at Fortinet, discussed why the Sunnyvale, Calif.-based vendor's network access control solution, FortiNAC, is best equipped to secure IoT devices on networks and how solution providers can sell it to customers and expand business opportunities.

Newton said IoT is bringing about the third generation of NAC solutions because of the number of new, non-traditional devices coming online within IT networks. He said many IoT devices are "inherently" untrustworthy because they weren't designed with security in mind due to their low cost. Adding to the problem is the fact that many are also "headless," meaning they lack a way to log in to the device.

[Related: IDC: What Solution Providers Should Do To Seize Growing IoT Opportunity]

"It can be difficult to interact with some of these devices, and there's no standards across these devices, because there are so many different devices made by so many different vendors, and there hasn't been a need for standardization," Newton said. "The variety of devices out there is astonishing, and all this means that IoT devices simply don't have a heck of a lot of security on them."

Newton said Fortinet's FortiNAC solution is best equipped to handle security for IoT devices within IT networks, Newton said, because of its ability to identify and profile all endpoints, segment endpoints based on their endpoint characteristics and behavior and automate responses to threats based on rules.

"NAC is pretty much the only means of being able to secure the various IoT devices that are appearing on networks — that ability to look throughout the network and see everything there is critical to deal with the threat from IoT," he said.

Beyond those three core capabilities, Newton said FortiNAC can provide "a whole host of information" around which building a potential threat is happening, which switch it's on, where it's connected and even potentially which applications are running on it.

"That can really assist them in prioritizing the alarm and of course responding to and resolving it," he said.

From there, network administrators can lock down the threat, send it to a remediation server, send it to another VLAN or quarantine the threat altogether to allow for further inspection, Newton said.

As for how solution providers can begin conversations with their customer about selling NAC, Newton said it comes down to a few basic questions, such as, "Do you know what is on your network?" That question can then be followed by an explanation of what could happen if unidentified IoT devices lead to an attack on the network.

"Being able to tie the financial implication of an IoT attack to the network might open their eyes to how important it is to have," he said.

Solution providers can also find an opening for selling NAC if their customers have strict compliance and regulatory rules they need to follow, Newton said. For example, a healthcare organization needed a way to account for, segment and monitor all of its IoT devices on its server for reasons related to HIPPA.

Once a solution provider sells a NAC to a customer, it can open up new selling opportunities in the future, because the NAC gives a view into other components of the network, Newton said.

"You're actually engaging with all these devices," according to Newton. "So you really get to understand the entire network and that really makes you both demonstrate your skills and capabilities to the customer and that, in turn, makes you the person that they want to turn to when they're looking at new opportunities or new projects."

Jared Dickson, a senior consultant at Grand Rapids, Mich.-based Open Systems Technologies, one of CRN's 2018 IoT Innovators, agreed with Newton about the importance of using a NAC to secure IoT devices and said the risk of not properly securing those devices can become even more consequential when it comes to things like robots in industrial settings.

"If a hacker hacks into that, that can cause damage to a person in a way that's not intended," he said.

Dickson also agreed that NACs can open new selling opportunities with customers.

"It's the door to everything else," he said.