Network Access Control Software
With macmon Network Access Control (NAC) you gain transparency, secure authentication and granular access control in critical networks. macmon NAC gives the IT and OT department an instant network overview with graphical reports and topology. You secure your OT environment by keeping all nonessential devices off the network and creating security zones based on criticality. This can be and immediately handled with an automatic, dynamic set of rules. Implementation is possible within a day, and the interface is intuitive and easy to use.
- Easy network segmentation and threat isolation: The highest level of security is achieved by using state-of-the-art authentication methods. Automatic reaction to events. Relief of the operating team.
- Full control over all devices in the network: Instant network overview, graphical reports, and topology. All networks can be easily segmented, and threats isolated. Visibility of OT devices and communication relations. Detection of deviations from the expected status.
- Identification of all endpoints: No more unknown or unauthorized endpoints and no insecure devices - tangible security by regulating the access of endpoints.
- Infrastructure manufacturer agnostic: Can be installed in any heterogeneous network. Close partnerships with a large number of IT and OT security solutions. These integrations give users real added value in their daily lives.
-
TECHNICAL DETAIL
-
Features
Belden macmon NAC features
The security features of macmon NAC are offered in product packages. Everything you need for efficient protection of your network access is combined in the macmon NAC Network Bundle. If you have particularly high security requirements, Add-Ons can be added individually.
-
Topology
Convenient and automatic visualization
Infrastructures are becoming more and more complex and confusing: With macmon NAC Topology, you get a graphical representation of your network that allows you to always keep track of all connected devices.
Your advantages with macmon NAC Topology:
- Effective network overview through automatic visualization
- Manufacturer-agnostic fit for any environment
- Fulfillment of requirements from revisions and audits for network visualization
- Combination of SNMP and 802.1X
- Error prevention: Filter by device properties, detect configuration errors, and clarify device connections
- Combination with VLAN management: Highlighting and selecting switches and endpoints by known or unknown VLANs
- Support for network planning: better planning of network expansions and reconstructions, manual setting of missing uplinks between network components
- Integration with reporting: Filter by location, create, store, update, and export separate views, further edit with tools such as Visio or SVG tools
Related links:
-
Advanced security
The extra level of network security
macmon NAC Advanced Security provides a comprehensive overview of the network through simple categorization and advanced identification of endpoints. In conjunction with NAC, the information obtained is synchronized in the background to prevent address manipulation and other attempted attacks completely.
Your benefits with macmon NAC Advanced Security:
- Determination of endpoint information: Operating systems of endpoints, domains, names, and open or closed ports
- Collection and correlation of network device measurement data such as ARP caches, DHCP and DNS data
- Detailed identification of endpoints and monitoring of changes by scanning via WMI (domain, host name, operating system), SNMP (sysDescription, sysLocation, sysName), footprinting (IP protocol stack, port scans) and fingerprinting (SSH, TLS)
- Detection and effective resistance against security incidents such as ARP spoofing, MAC IP mismatch, MAC address flooding and MAC spoofing
Related links:
- White paper: Advanced Security
- Case study: Rohrer (English)
- Case study: Rohrer (German)
- Case study: Automotive (English)
- Case study: Automotive (German)
- Case study: Automotive (French)
-
Network access control
Efficient network access control
The NAC solution protects your network from intrusion by unwanted devices, provides an overview of all devices in your network, and thus offers you up-to-date IT inventory management. Through the central administration of all company switches via SNMP or SSH/Telnet, macmon NAC ensures that you are in control of your network.
Your benefits with Network Access Control:
- Switch port-specific rules: Management of network access
- Up-to-date evaluations through comprehensive and user-specific reporting
Related links:
-
VLAN Manager
Simple and dynamic VLAN management
With the macmon VLAN Manager, you can centrally and easily utilize all the advantages of network segmentation. The feature enables static and dynamic VLAN concepts to be introduced and operated with little effort. The Common Criteria recommend switching off unused ports (or into an unassigned VLAN) and only making them productive when required is fully supported.
Your benefits with macmon NAC VLAN Manager:
- Offer mobile users their usual resources anywhere in the company
- Simplify the relocation of departments, offices or specific systems
- Guarantee guest access in public areas
- Access for service providers to dedicated resources
- Protecting sensitive resources from general access
- Flexibility and security
Related links:
-
802.1X
Secure authentication according to the 802.1X standard
The Institute of Electrical and Electronics Engineers (IEEE) is a global association with committees for the standardization of technologies, hardware and software. The 802.1X standard represents a mature recommendation for the secure authentication of devices in networks. macmon supports this standard and facilitates its introduction and operation.
Your benefits with 802.1X:
- Dynamic and hybrid operation possible - with and without 802.1X, gradual introduction of 802.1X
- Flexible security level depending on the authentication method
- Device localization through communication with the switches and access points
- Integration into existing infrastructure: connection of AD/LDAP and other identity sources
- Dynamic & automatic set of rules
- Simple implementation & easy operation
- Group-based configuration instead of a comprehensive set of rules
- Establishment & implementation of concepts for security zones
- Authentication via RADIUS server via MAC address, username/password or certificate
- Provision of additional rules for layer 3 switches
Related links:
-
Guest services
Open the network in a controlled manner!
Mobile employees, service providers, suppliers, and customers often require more detailed access to certain company resources, so that neither UMTS & LTE nor a completely separate guest network is a sufficient solution. macmon NAC Guest Service can grant external devices access to the network flexibly and as required, to definable resources, revocable, time-limited and traceable.
Your benefits with macmon NAC Guest Service:
- Intelligent BYOD solution: Mobile device management for employee devices
- Manufacturer-agnostic fit for any environment
- Quick and easy commissioning and simple administration
- Use and operation of existing processes
- Relief of the IT department through delegated approvals (sponsor portal)
- Secure and controlled integration of external devices: highly flexible access control for every situation
- Up-to-date and complete overview of all guest devices
- Central administration for complex company structures
Related links:
Add ons
-
Compliance
Isolation of dangerous devices
A detailed review of authorized systems for compliance with security guidelines is becoming increasingly important to minimize the attack surface of businesses. A permanent check of the “compliance status” and the automated enforcement of IT compliance are therefore essential. macmon NAC Compliance offers the option of using multiple, linkable components to enforce company guidelines effectively.
Crucially, 99% of organizations already have systems in place that can determine the compliance status of endpoints and notify administrators of deviations. However, what almost all of them have in common is that effective enforcement of IT compliance usually must be done manually or at least reactively. Our Network Access Control solution provides crucial support to automate these processes.
Your benefits with macmon NAC Compliance:
- Open interface to any data source: Use of multiple, arbitrary, manufacturer-agnostic sources to transmit the compliance status of an endpoint to macmon
- Independent isolation of endpoints classified as not secure according to the policies
- Update security status in a protected environment (quarantine or remediation VLAN)
- Connection of leading anti-virus systems (Kaspersky®, Sophos®, Symantec®, McAfee®, G-Data®, F-Secure®, TrendMicro®)
- macmon's own compliance agent
- Integrated IF-MAP technology
Related links:
-
Past viewer
Collection and preparation of data
macmon NAC Past Viewer also offers the option of collecting and processing data that is usually discarded during Network Access Control in a structured manner to obtain a historical view in addition to the live view. For each endpoint, it is possible to display when and where the device was operated in the network, which IP addresses and names it had, or which VLAN it was in.
Historical data is often valuable both for forensic analyses in the past and for future-oriented considerations. macmon NAC Past Viewer collects information about your network or network connections over long periods (optionally also over a period of years). Based on events, it logs which devices were in the network when and where, including corresponding properties.
Your benefits with macmon NAC Past Viewer:
- Data collection over long periods
- Structuring of data
- Historical data view
- Forensic analyses
Related links:
-
Switch viewer
More details and increased security
macmon NAC Switch Viewer is available as an add-on and extends macmon NAC with additional network management functions.
The details of the existing network components, such as serial numbers, port configurations , operating mode, VLANs, interface details, and location are read out and offered for synchronization with existing CMDBs or asset management systems using the macmon REST API. Additional inventory data and complete switch configuration data are backed up centrally with macmon.
Your benefits with macmon NAC Switch Viewer:
- Read out detailed information about the network components
- Synchronization with CMDBs or asset management systems via REST API
- Central backup of inventory and configuration data
Related links:
-
Scalability
Highly available macmon NAC scenarios
Depending on the use of a Network Access Control solution and the technologies used, there are different requirements for the availability of this solution. macmon meets these requirements by offering the option of operating with a distributed server structure and using different architectures or design variants.
The deployment depends heavily on the requirements and objectives. From the “hidden master” principle to simple fail-safety and compensation for WAN connection failures, the availability of macmon NAC is ensured. Each macmon server can be provided either by a virtual or a physical appliance.
Your benefits with macmon NAC Scalability
- Flexible server architecture: macmon NAC supports a distributed server structure, in different architecture and design variants
- Adaptation to individual requirements: from high availability to protection against WAN connection failures
- Flexible deployment: macmon server operation as a virtual or physical appliance
Related links:
