Discover the power of Network Access in the OT world: From automatic access authorization to the reduction of administrative effort - find out more about the 12 reasons why macmon NAC systems are revolutionizing control and security in networks.
The overview and segmentation of the entire network and all connected assets supports the concept of security zones.
A NAC system should not specify fixed implementation strategies, but must allow sufficient freedom to maximize the radius of action of a NAC. At the same time, a NAC must not conflict with consistently high plant availability to ensure business continuity.
Heterogeneous IT/OT networks require flexible and future-proof software solutions. A NAC system does not require extensive hardware upgrades in the network in order to achieve a high level of sustainability.
In a hardened OT environment consisting of various OT specific end devices (e.g. robots, PLC), cybersecurity solutions have to prevent unknown end devices from obtaining a connection that could negatively influence the production plant.
By monitoring a wide range of network events, undesired behavior will be identified immediately, whether caused deliberately or unconsciously. Possible critical network events (e.g. duplicate IP addresses) are detected in order to take proper countermeasures automatically or manually.
Regulatory requirements, such as ISO62443/ISO27001/ISO9001, demand reliable enforcement of corporate policies for all areas of the network. Information from third-party sources, such as OT Visibility or DPI Solutions can be used to automatically isolate detected threats.
In the event of an authorized exchange of terminal devices, access authorizations should be transferred securely and dynamically to new devices that need to be integrated.
Most OT assets cannot be protected by conventional technologies such as endpoint security, but even Non-IT assets must meet certain compliance requirements. In the event of a compromise, immediate and targeted alerts and responses must be initiated.
An external company (e.g. technical service provider) requires time-bounded access to very specific network areas for defined end devices (e.g., notebooks, control devices). Any access beyond this should be automatically prevented.
Unauthorized network devices or end devices (such as private routers brought into the enterprise, unmanaged switches, or private tablets) have to be excluded automatically from the network communication or given limited access.
A handheld scanner or programming device has been lost. It must be possible to have a quick and easy view of the communication history of this device in order to be able to initiate correct and targeted measures in the shortest time possible.
In addition to their core function and despite the massive increase in threats to networks, security solutions need to keep the associated administrative expenses down in order to maintain a high level of acceptance within the company.