Portnox adds IoT fingerprinting to network access control service

Network security firm Portnox on Wednesday announced it is adding IoT fingerprinting features to the Portnox Cloud NAC-as-a-Service to allow companies to more easily identify and authorize devices on their networks. The IoT fingerprinting features add new device-identification techniques to the network access control product, including MAC address clustering and DHCP (Dynamic Host Configuration Protocol) gleaning. 

Portnox is a  zero trust access control company focusing on network security. Its IoT fingerprinting techniques are designed to profile devices that sit on the network but cannot communicate complete identifying information such as version number, model or even device type due to lack of storage or computing power.

IoT fingerprinting gathers information on what devices are on the network, what they are being used for, and who is using them. It is specifically used in the case of devices such as cameras, TV, printers, medical devices, and factory devices. Many IoT devices such as these do not have enterprise-level security—a big problem for network engineers and security teams.

“Our customers and prospects have a lot of anxiety about these devices,” said Denny LeCompte, CEO of Portnox. “They want to make sure only the right devices get onto the network. There is also an increasing proliferation of shadow IT, wherein somebody has just plugged a device into the network and the IT team does not know about it. It could be an innocent act but the same can be used or done by attackers as well,”

Portnox’s core product follows a whitelist of MAC addresses for devices that can be allowed to connect to a network. However, this raises concerns about MAC address spoofing and other ways in which attackers can hide behind IoT devices. 

“The next problem faced is that while the IP and MAC addresses are available, it is not known what device it is. The IoT fingerprinting gathers information to tell the organization what each device is,” LeCompte said.  

IoT fingerprinting offers added security

With the new IoT fingerprinting techniques, customers of the NAC-as-a-Service can get added levels of security to their network, Portnox said. In MAC address clustering, the network access control process identifies the MAC addresses of IoT devices. Using machine learning techniques and referring to IoT product databases, device types—including specific models—can then be identified.

Some devices have their own fingerprinting—in other words, the ability to store information about themselves, which allows Portnox to passively gather a lot of information about the device. While proximity sensors, for example, may not be able to store information about themselves, Cisco routers have version numbers embedded in Cisco IOS.

As an added layer of security, organizations can use DHCP gleaning. Although every DHCP request contains the same information, every device does it slightly differently, creating a distinct fingerprint. So, if you capture a DHCP request by a device, you can identify what kind of device it is.   

Tapping the combination of data gathered by Portnox’s fingerprinting capabilities and information sent by the devices themselves, organizations can accurately determine whether devices are safe to connect to a network more than 90% of the time, LeCompte said.

Benefits of NAC-as-a-Service

When someone tries to access a network—whether via a wired or wireless device—the NAC service will check their identity and what levels of access they are allowed on the network.

It will also check the security posture of the device being used, making sure that it is running an antivirus, vulnerabilities are patched, and the right ports are opened or closed. If the required security posture is not followed, the NAC-as-a-Service does not allow the device to access the network. 

“It’s all about getting access to the network, the wireless, various kinds of applications, and application access we control. It is a zero trust policy by default which means nobody unknown gets onto the network,” LeCompte said. 

Pricing for the new IoT fingerprinting offering

The IoT fingerprinting feature from Portnox will only be available with the enterprise offering of its NAC-as-a-Service. There will be no additional charge for the new feature. If an organization is already using NAC-as-a-Service, the fingerprint data will automatically start showing up. NAC-as-Service is priced starting $4 per device per month. 

Portnox competes with network access control providers such as Cisco, HPE, Fortinet, and Forescout. The company says being a cloud-native solution provider is their biggest differentiator. “The overhead on our product is a differentiator because there isn’t much overhead at all,” LeCompte claimed.