Network security firm Portnox on Wednesday announced it is adding IoT fingerprinting features to the Portnox Cloud NAC-as-a-Service to allow companies to more easily identify and authorize devices on their networks. The IoT fingerprinting features add new device-identification techniques to the network access control product, including MAC address clustering and DHCP (Dynamic Host Configuration Protocol) gleaning.\u00a0Portnox is a \u00a0zero trust access control company focusing on network security. Its IoT fingerprinting techniques are designed to profile devices that sit on the network but cannot communicate complete identifying information such as version number, model or even device type due to lack of storage or computing power.IoT fingerprinting gathers information on what devices are on the network, what they are being used for, and who is using them. It is specifically used in the case of devices such as cameras, TV, printers, medical devices, and factory devices. Many IoT devices such as these do not have enterprise-level security\u2014a big problem for network engineers and security teams.\u201cOur customers and prospects have a lot of anxiety about these devices," said Denny LeCompte, CEO of Portnox. "They want to make sure only the right devices get onto the network. There is also an increasing proliferation of shadow IT, wherein somebody has just plugged a device into the network and the IT team does not know about it. It could be an innocent act but the same can be used or done by attackers as well,\u201dPortnox\u2019s core product follows a whitelist of MAC addresses for devices that can be allowed to connect to a network. However, this raises concerns about MAC address spoofing and other ways in which attackers can hide behind IoT devices.\u00a0\u201cThe next problem faced is that while the IP and MAC addresses are available, it is not known what device it is. The IoT fingerprinting gathers information to tell the organization what each device is,\u201d LeCompte said.\u00a0\u00a0IoT fingerprinting offers added security With the new IoT fingerprinting techniques, customers of the NAC-as-a-Service can get added levels of security to their network, Portnox said. In MAC address clustering, the network access control process identifies the MAC addresses of IoT devices. Using machine learning techniques and referring to IoT product databases, device types\u2014including specific models\u2014can then be identified.Some devices have their own fingerprinting\u2014in other words, the ability to store information about themselves, which allows Portnox to passively gather a lot of information about the device. While proximity sensors, for example, may not be able to store information about themselves, Cisco routers have version numbers embedded in Cisco IOS.As an added layer of security, organizations can use DHCP gleaning. Although every DHCP request contains the same information, every device does it slightly differently, creating a distinct fingerprint. So, if you capture a DHCP request by a device, you can identify what kind of device it is.\u00a0 \u00a0Tapping the combination of data gathered by Portnox\u2019s fingerprinting capabilities and information sent by the devices themselves, organizations can accurately determine whether devices are safe to connect to a network more than 90% of the time, LeCompte said.Benefits of NAC-as-a-Service When someone tries to access a network\u2014whether via a wired or wireless device\u2014the NAC service will check their identity and what levels of access they are allowed on the network.It will also check the security posture of the device being used, making sure that it is running an antivirus, vulnerabilities are patched, and the right ports are opened or closed. If the required security posture is not followed, the NAC-as-a-Service does not allow the device to access the network.\u00a0\u201cIt\u2019s all about getting access to the network, the wireless, various kinds of applications, and application access we control. It is a zero trust policy by default which means nobody unknown gets onto the network,\u201d LeCompte said.\u00a0Pricing for the new IoT fingerprinting offeringThe IoT fingerprinting feature from Portnox will only be available with the enterprise offering of its NAC-as-a-Service. There will be no additional charge for the new feature. If an organization is already using NAC-as-a-Service, the fingerprint data will automatically start showing up. NAC-as-Service is priced starting $4 per device per month.\u00a0Portnox competes with network access control providers such as Cisco, HPE, Fortinet, and Forescout. The company says being a cloud-native solution provider is their biggest differentiator. \u201cThe overhead on our product is a differentiator because there isn\u2019t much overhead at all,\u201d LeCompte claimed.