Network access control (NAC) for the defense
Belden’s IT and OT Expertise Trusted by Metals Industry Leaders
Companies around the world are targeted by cyber criminals who want to steal information and data from corporate networks and disrupt manufacturing operations. Belden’s macmon NAC provides a field-proven, manufacturer-agnostic network protection solution that is easy to implement and administer to protect both IT and OT networks on a global scale.
Customer Characteristics
The customer is a market leader in the steel and technology sector. As a global enterprise with distributed manufacturing sites, the company must comply with the security standards of each country in which they operate.
Customer Challenges
Securing the OT and IT infrastructures through procedural and automated technical solutions is a top priority to maintain business continuity and production operations. Each device on the network must be known and only authorized to connect to the network according to its security status, minimizing potential cyber risks introduced by an unauthorized or transient device.
The customer also faced compliance pressures from the following regulatory frameworks:
- ISO/IEC 27001 An international standard that defines the criteria for an information security management system (ISMS).
- IEC 62443 A series of international standards on cybersecurity for industrial automation and control systems (IACS).
To enforce compliance, the solution must fully integrate with the existing hardware, software, and cybersecurity portfolio to maximize the value of previous investments. Tools to be integrated include TrendMicro (endpoint protection), Matrix42 (asset management), Microsoft WSUS (central update service), PRTG (service/network monitoring) and Bluecat (IPAM solution).
An Outstanding Advantage from Belden’s macmon NAC
Information from existing tools can be used to determine an appropriate and tailored automated response for network access automation down to the switch port level. Ease of deployment and administration are also strengths of the solution, as it supports multiple authentication methods, including 802.1X and SNMP. macmon NAC can also take on the task of centralized user management, authorizing users based on the configured set of rules through its integrated RADIUS server. This simplifies access to all switches and allows access only to authorized devices.
A Practical Example:
Active Directory (AD) account credentials: An AD user can log into the Command Line Interface (CLI) of any switch using their AD account. This ensures that switch login credentials are centralized and do not need to be maintained on each switch (CLI password changes when an employee leaves the company).
Implementation / Project Path
Ein detaillierter, funktionsübergreifender, zehntägiger Proof of Concept (POC) definierte das genaue Ziel, die Roadmap und den gewünschten Lieferstatus. Der PoC legte den Fokus darauf, ob sich die Lösung für das OT-Netzwerk eignet. Das Konzept, ein Entwurf für die weltweite Einführung, lieferte der gesamten Unternehmensgruppe ein Paket mit globalem Lizenzmanagement.
Key Benefits for Global NAC Implementation
- Flexibility to tailor the right NAC configuration for different environments Different architectures, OT network equipment, endpoint types, NAC strategies for each area of the network.
- Flexibility to include different types of services 24x7 support optional for each global entity, standardized global deployment, building Security Operation Centers (SOCs) at customer sites (including service support by channel partners) and live environment workshops.
- A global pricing and deployment strategy Belden’s global pricing and deployment capabilities allowed a single bill of materials to be ordered.
This ensured the customer can easily deploy Belden’s IT and OT security solution to every unit of the group worldwide.
Impact Highlights
Efficient Implementation
The fast implementation of macmon NAC did not require the purchase of many new switches or complex programming for a mixed IT / OT network. This allowed the customer to achieve a significant improvement in cybersecurity and governance without disrupting business continuity.
Improvement in Cybersecurity
Significant improvement in cybersecurity and governance while considering the importance of business continuity.
Customized, Regional and Global Roll-out Plans
The solution automates workflows using the integrated Event Policy Management module, which enables full automation of additional Aresponses (in addition to enforcement) to a specific network event.
Ongoing Savings
- Time Savings
Up to 7% time saving for the IT team. Many administrative processes now run automatically, freeing up internal experts. Examples include automated authorizations, automated alerting and escalation process initiation, and connection failure detection.
Cost Savings
Any competing NAC solution would have been at least five times more expensive due to additional network equipment replacement required to fully comply with NAC requirements, and the massive additional implementation and roll-out effort would require manual scripting to customize competitors’ NAC solutions.
About Belden
Belden Inc. delivers the infrastructure that makes the digital journey simpler, smarter and secure. We’re moving beyond connectivity, from what we make to what we make possible through a performance-driven portfolio, forward-thinking expertise and purpose-built solutions. With a legacy of quality and reliability spanning 120-plus years, we have a strong foundation to continue building the future. We are headquartered in St. Louis and have manufacturing capabilities in North America, Europe, Asia, and Africa. For more information, visit us at www.belden.com.