Yes, as InfoPro mentioned, you can only suspend the full cPanel account. You could setup a .htaccess file in the document root of the addon domain blocking all access (though you would also have to delete their FTP account so they couldn't remove it). EX:
Code:
order deny,allow
deny from all
allow from 12.34.56.78
This would block all access attempts to the directory, except for any IP address you choose to whitelist.