Network Access Control for Mobile Devices and IoT

By Jack Marsal, Director of Solution Marketing, ForeScout

So, you’ve “mobilized” your organization, right? You’ve selected hardware, you’ve developed apps, and you’ve purchased a mobile device management (MDM) system to maintain security.  You’re done, right?

No. If you are smart, you will also deploy network access control, commonly referred to as NAC.

When used together, a combination of NAC and MDM provides stronger security and operational cost savings. Here are three examples:

  • Stronger security #1
    MDM systems focus on the device, not the network. An MDM system cannot tell you what devices are on your network, nor can it let you control access to your network. For real-time visibility and control over your network, you need NAC.
  • Stronger security #2
    MDM systems typically check the compliance of a mobile device once per day. This might be enough when the devices are mobile, but when the device actually connects to your wireless network, you should probably re-check the security. A good NAC system can integrate with your MDM system to trigger that just-in-time compliance check.
  • Operational cost savings
    The process of “enrolling” a new mobile device into an MDM system is pretty easy, but it usually requires some manual intervention to get started. Typically, an employee with a new mobile device needs to contact your Help Desk, some questions need to be asked and answered, and some information then needs to be sent to the employee to start the enrollment process. A good NAC system can completely automate this process, saving you time and money. Everyone is happier with automation.


As the graphic below shows, MDM and NAC have substantially different focuses, which are very complementary to each other.

ForeScout Image

Widely Used by Financial Services

The benefits of using NAC with MDM have been around for a few years. Back in August 2012, a well-known market analyst firm based in Stamford, CT, wrote a case study about “Bring Your Own Device” (BYOD) titled Securing BYOD With Network Access Control. The case study focused on a large financial services company that used NAC plus MDM to roll out a BYOD program that included both smartphones as well as personally owned Windows and Macintosh computers.

Since 2012, demand for NAC has surged, mostly driven by the need to secure mobile devices and BYOD. NAC is now one of the fastest growing categories of IT security products, growing 40% per year[1]. A large percentage of financial services enterprises has now adopted NAC.

Here Comes the Internet of Things!

The BYOD revolution was actually just a warm-up. Over the next ten years, enterprises are going to be deluged with “Internet of Things” (IoT) devices. This will include any device that has an IP address but can’t be managed with an agent, such as:

  • Printers
  • Security cameras
  • Smart TVs
  • HVAC systems
  • Many types of industrial equipment

Network access control can be a useful technology to identify and control IoT devices, in the same way that it has been useful with BYOD devices.  Most good NAC products can give you visibility into what devices are on your network and allow you to segment them away from your production network.  That way, if the IoT device becomes compromised, it does not present a threat to your business.

When choosing a NAC product, be aware that NAC products from different vendors vary wildly in their ability to discover devices on your network and categorize them. This categorization is very important, because it allows you to establish different security polices for printers vs. smart TVs vs. security cameras.

Contact:  Jack Marsal, Director of Solution Marketing


About ForeScout

ForeScout enables organizations to continuously monitor and mitigate security exposures and cyber attacks. The company’s CounterACT appliance dynamically identifies and evaluates network users, endpoints and applications to provide visibility, intelligence and policy-based mitigation of security problems. ForeScout’s open ControlFabric™ architecture allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout’s solutions are easy to deploy, unobtrusive, extensible and scalable, as of January 1, 2015, they have been chosen by more than 1,800 of the world’s most secure enterprises and government agencies in over 62 countries. Learn more at

[1] Frost and Sullivan.


Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.