NC Nov-Dec 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
PRODUCT REVIEW<br />
macmon NAC<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
Despite the undeniable security benefits<br />
many businesses find implementing a<br />
network access control solution<br />
challenging, as all too many are complex<br />
and time consuming to install and difficult to<br />
manage. The German company macmon<br />
secure GmbH stands out from the crowd as<br />
its NAC product is designed to be simple to<br />
deploy and maintain while its smart agentless<br />
architecture means it can be protecting your<br />
network from day one. It doesn't require<br />
agents or sensors as it queries all your<br />
manageable switches and uses methods such<br />
as SNMP, REST or Telnet/SSH to find out<br />
which network devices and connected<br />
endpoints are in the network.<br />
The macmon NAC appliance also offers its<br />
own embedded RADIUS server for<br />
authentication to fully support the industry<br />
standard 802.1X while making it much simpler<br />
to adopt. The above mentioned protocols are<br />
also being used to enforce NAC controls,<br />
which is why it is not only compatible with<br />
informational technology but can also secure<br />
operational technology (OT) networks with all<br />
their legacy systems.<br />
This simple approach has major benefits<br />
in the battle to control what macmon<br />
classifies as UFOs (unidentified frightening<br />
objects). These could be an intruder, an<br />
employee's access point being used to build<br />
their own Wi-Fi network, or something as<br />
simple as a workstation.<br />
macmon NAC can see all endpoints<br />
regardless of whether they are a desktop PC, a<br />
BYOD, a controlling unit of an industrial facility,<br />
or the laptop of a service technician. This<br />
network overview is extremely valuable for both<br />
homogeneous and heterogeneous<br />
infrastructures and large non-transparent<br />
networks, which can often be found in the<br />
manufacturing or the automotive industry.<br />
Mobile user controls are particularly good as<br />
macmon NAC can identify them irrespective of<br />
which network switch or Wi-Fi device they<br />
access, and uses whitelists to determine what<br />
access levels they are allowed. Furthermore,<br />
macmon NAC is manufacturer-agnostic, so it'll<br />
work with any manageable switch, and can<br />
scale easily as the network expands, allowing it<br />
to work with the latest IT systems as well as<br />
long-established operational technologies.<br />
We found deployment swift as we installed<br />
macmon NAC on our VMware vSphere host in<br />
ten minutes. The web console is easy to use,<br />
and our first task was to create a list of<br />
credentials for our monitored switches where it<br />
defaults to SNMP.<br />
macmon NAC gathers information about all<br />
network devices and endpoints and their<br />
attributes such as MAC and IP addresses and<br />
their names using (amongst others) ARP, DNS<br />
and DHCP as well as OT specific protocols.<br />
These may be added to a list of 'known'<br />
endpoints in the console and assigned to<br />
groups such as PCs, mobiles and guest<br />
devices, which in the simple mode even<br />
enforce up to three levels of authentication<br />
and related authorisation.<br />
Any new endpoints that macmon NAC<br />
discovers are considered unauthorised and<br />
policies are used to determine what access<br />
levels they should have - if any. Predefined<br />
rules make this even easier as they can block<br />
these devices, dynamically manage VLAN<br />
membership and present guest users with<br />
custom captive web portals.<br />
The macmon VLAN Manager is a powerful<br />
instrument to roll out as it automatically<br />
maintains a zoning concept in big production<br />
facilities or other industrial contexts, which is a<br />
requirement of many security regulations such<br />
as IEC 62443 or even ISO 27001. The<br />
Premium bundle enables full compliance<br />
scans on endpoints and offers even more<br />
integration options to gain additional status<br />
from third-party tools.<br />
macmon NAC is very amenable as it generally<br />
integrates with a wide range of third-party<br />
security solutions and even offers a framework<br />
to simply add your own integrations. <strong>NC</strong><br />
Product: macmon NAC<br />
Supplier: macmon secure GmbH<br />
Tel: +49 30 23257777-0<br />
Web site: www.macmon.eu<br />
Sales: info@macmon.eu<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 15<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards