What is Network Access Control? 

Network Control (NAC) is the process of leveraging security protocols such as endpoint monitoring and identity and access management (IAM) to maximize control over who or what can access a proprietary network.

Often, there are systems on a network that simply do not receive the same level of visibility as others. Therefore, those become easier access points for a threat actor to breach a network. According to Forrester, “security and risk pros need to address problems introduced by a mobile and remote workforce incentivized by cloud integrations. NAC solutions were and still are viewed as complex and costly to deploy effectively.”

Obviously, NAC can and will often look different for each organization. Therefore, let’s take a look at two different types of the process:

Pre-admission

This type of NAC cybersecurity control ensures a person, system, or device that wishes to access a network is checked out before they actually do so. IAM authentication procedures can be leveraged during this process to ensure no one or thing is granted access to a network that doesn’t have a right to be there.

Post-admission

This type of NAC control essentially “follows” an authenticated user around the network, continuously verifying their credentials to ensure they aren’t admitted to a part or segment of the network they don’t need in order to do their job or complete a task. In this way, if a threat actor were to gain access to a particular segment, they would be walled off in that segment, protecting the larger network.

Why Do You Need Network Access Control? 

You need NAC because of the amount of threat actors looking to brute-force their way onto a network via low or unmonitored access points. Visibility and automation are necessary to be able to cover the large scale of many enterprise networks, and an NAC solution can offer protection in these areas.

Benefits of an NAC Solution

The inherent benefits of this type of security solution include:

  • Cost savings: By limiting the amount of threat-actor access points on a network, you limit the number of incidents. Even if your security org has the most advanced and fastest vulnerability management and incident response program, an NAC solution will help that much more in shutting out unnecessary incidents.
  • Compliance: NAC solutions help with regulatory standards of all kinds, whether it’s on a smaller scale like a state or territory or a larger scale like a country or kingdom. By controlling network access points, it demonstrates to regulators that a business or security organization has the best intentions for everyone.
  • Minimizing the attack surface: Closing off access points to only those that need access helps to segment the network such that, if a bad actor were to gain access, the damage would likely be limited to that particular segment.
  • Authentication: Implementing IAM protocols like multi-factor authentication (MFA) can help to thoroughly verify that the person or asset requesting network access does indeed have a right to be on the network. Zero trust security is also a powerful model to ensure proper network access.
  • Stronger security posture: By incorporating NAC into your security program, you’re taking a step beyond average capabilities. You’re creating a stronger security posture by ensuring your network is locked down and everyone and everything properly authenticates to where they need to be.

Network Access Control Capabilities

So, how exactly would an NAC solution help to fortify security posture and contain threats? An NAC program’s specific capabilities are many, and can ultimately help to unite authentication protocols, endpoint configuration, and overall access to an enterprise environment.

When it comes to searching out an NAC solution for your specific environment, Gartner® states that “an organization should evaluate the following capabilities":

  • Device visibility/profiling: Which devices are attempting to access the corporate network and what are their risk profiles? 
  • Access control: This is the function of an NAC solution to actually control who gets in and who doesn't. 
  • Security posture check: A cloud security posture management (CSPM) capability can provide visibility into the configuration of applications and workloads.
  • Guest management: Users can manage guests requesting access to the corporate network, including authentication and granting limited access.
  • Bidirectional integration with other security products: It's important – particularly during the shopping process – that security operations center (SOC) leaders procure an NAC solution that can integrate and amplify their current suite of security solutions.

In addition to these capabilities, it’s important to remember that compliance – as noted above – is critical and is also a moving target. In order to maintain the efficacy of an NAC solution’s capabilities, it’s a good idea for security practitioners to conduct periodic assessments and audits.

Scheduling regular network assessments and audits can ensure compliance with secure configurations, password policies, and access network control requirements. Assessing network security against internally constructed benchmarks can also help mitigate threats.

Network Access Control Use Cases

NAC solutions are ubiquitous and they can do different things depending on the specific environment of the security organization looking to leverage its capabilities. Let’s take a look at some of the more common use cases.

Internet of Things (IoT) Devices

As a workforce brings more IoT devices onto the corporate network, IT teams must keep pace to try and ensure they are operating securely on the network. Automating this process can streamline operations in this area, helping to authenticate each device and determine if its reason for accessing the network is valid.

Bring Your Own Device (BYOD)

From the beginning of the BYOD trend, it's been an ongoing evolution of how to balance the benefits with the risks that arise from letting your employees and partners use their own devices on the internal or corporate network. Powerful NAC solutions like authentication protocols and multi-step verification technologies have helped to ensure security while these devices are accessing the network.

Supply Chain Partners

When it comes to vendors, we’ll assume you’ve thoroughly vetted these partners and entrusted a portion of your business practices and services to their care. This means each of these providers will need at least a degree of access to your corporate network, with network segmentation helping to facilitate that access as well as protecting the network as a whole.

How Do You Implement Network Access Control? 

You implement network access control by adhering to some stringent best practices that will help ensure the solution has its best chance to protect the organization. 

  • Conduct a thorough assessment of network needs: Prior to implementing an NAC solution, it’s important to know where your network’s access vulnerabilities lie as well as where they might exist in the near future. Where do you most need critical access controls that will keep network operations safe?
  • Ensure the right credentials go to the right person: If you’re going to implement an NAC solution, it’s critical to ensure there aren’t liabilities in the area of privileges. Cloud infrastructure entitlement management (CIEM) policies – like zero trust – can help to mitigate this potential vulnerability by ensuring everyone is stringently authenticated in multiple ways before being granted access.
  • Educate yourself when vendor vetting: We've discussed partners and vendors a bit already, but the point cannot be understated: An NAC vendor should deliver a strong product that will help protect your network from unauthorized access and potential attack or data theft. The only way to purchase a solution that can do that is to thoroughly research and speak to an NAC vendor to ensure the function will meet your organization's specific needs.
  • Know your network edges: How far does your network extend and what are its specific cloud operations? Network perimeters can expand all over the globe, but that doesn’t mean it’s impossible to secure access points.