How MSSPs Can Facilitate Network Access Control Deployments for CustomersHow MSSPs Can Facilitate Network Access Control Deployments for Customers
NAC solutions can help customers increase revenue.
August 17, 2020
As internet of things (IoT) devices proliferate across enterprise networks, the attack surface continues to grow and new vulnerabilities are exposed. At the same time, the new work-from-home trend has amplified mobile and bring-your-own-device (BYOD) usage, compounding gaps and weaknesses along the network perimeter.
The result? Many admins have now lost complete visibility into what is on their network. To address these challenges, network access control (NAC) solutions must be employed to provide robust access control and device management capabilities, including threat awareness, containment and mitigation.
NAC solutions, however, can be daunting to deploy, and organizations often turn to outside partners for help. This creates a growing opportunity for managed security service providers (MSSPs) to offer a highly customized service solution to help customers gain networkwide visibility, enforcement of custom policy-based controls, automated threat response and detailed reporting capabilities that otherwise would be difficult to obtain. Well-prepared MSSPs will, in turn, gain client loyalty and secure ongoing revenue streams.
Controlling Device Access to the Network
The widespread adoption of IoT products and BYOD policies deliver both valuable capabilities and glaring challenges to business environments. Within any single organization there will be several device types, brands and active operating systems running applications and gathering data, creating new edges and entryways for cyber criminals to exploit. Further, many of these devices — especially IoT — lack the enterprise-grade security necessary to protect the network.
The first generation of network access control solutions was built to authenticate and authorize endpoints using simple scan-and-block technology. NAC capabilities have since evolved beyond simple authorization to provide endpoint visibility, controls, active monitoring and automated responses. And as network infrastructures change, sophisticated endpoint attacks grow and compliance requirements become increasingly rigid. To address these challenges, organizations require today’s third-generation network access controls to help secure connected devices.
However, many organizations will require assistance in multiple areas.They are identifying which NAC solution is best, working through deployments, optimizing systems and managing and orchestrating network access controls. This is where MSSPs come in.
The MSSP Opportunity: NAC-as-a-Service
MSSPs can offer a NAC-as-a-service solution to help facilitate network access control deployments for their customers. To deploy the best possible solution, an MSSP must first gain an extensive understanding of each customer’s network. This understanding will not only enable them to select and deploy an effective solution, but also recommend additional services, such as the delivery of regular detailed reports, or optimization of service capabilities to meet customer needs. A curated customer relationship such as this will lead to MSSPs becoming trusted advisers and consultants for future projects.
Here are some ways to deliver a successful NAC service solution to customers. To aid customers and provide functional network access controls, a successful …
… service solution should be:
Centrally architected: With a centrally architected solution, no trucks or gear will be needed for on-premise deployments. This will save both customers and MSSPs time, money and frustration when it comes to managing a NAC solution.
Subscription-based: With subscription-based licenses, MSSPs can tie cost to revenue. Offer different levels of service to customers, each with its own set-up services and associated costs. The higher the level of service, the deeper the engagement with the customer.
Comprehensive: The third-generation NAC solution MSSPs provide to their customers should meet the following criteria to provide the highest level of security possible:
Visibility – NAC solutions should be able to view and evaluate endpoints before connecting to the network. The chosen solution should also be able to categorize device users and continue risk assessment post-connection.
Endpoint vulnerability assessment – The solution MSSPs provide to customers should have the ability to determine critical device vulnerabilities, including outdated software and uninstalled patches.
Granular control – After devices and users are identified, the solution should be able to support intent-based segmentation based on defined device and user information, as well as contextual and role-based information, to automatically enforce security policies.
Integration – NAC should also seamlessly integrate with other solutions across the security architecture to actively share information about potential threats and enforce controls across the organization. This should also include interoperability with third-party products.
Real-time response – The solution should facilitate active device monitoring and automated, real-time threat responses to aid in the immediate containment of suspect devices before significant damage occurs.
Automated workflows – NAC should enable self-provisioning, automated device onboarding, and self-remediation prompts should a device not meet minimum security standards.
Flexibility and scalability – It should also include a scalable architecture that can support multiple locations across the enterprise network. And, across unlimited devices. It should also offer flexible deployment across physical, virtual, and cloud locations.
As IoT and BYOD expand the attack surface and new vulnerabilities become exposed, customer networks will require a comprehensive NAC solution to manage the impact new devices can have on the network. MSSPs can take advantage of this growth opportunity by providing enterprise-grade NAC solutions and service capabilities. These offers assist customers with deployments and ongoing maintenance. As a result, customers will realize enhanced visibility, control and threat response. MSSPs will benefit from increased client loyalty and service revenue.
Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.
About the Author(s)
You May Also Like