Sustainable NAC solution for cyber-resilient operations

    Malte Marquardt | December 14, 2023

    A Network Access Control solution should enable the sustainable implementation of a security strategy by granting configurative and strategic freedom. This provides a maximum radius of action for the NAC, which must not conflict with consistently high system availability. In OT networks in particular, the use of Network Access Control has long been avoided, as in the past NAC was often seen as a technology that negatively impacted business continuity. Because of the intensified threat situation and the development of IT-OT convergence, OT security measures need to be reconsidered. How can NAC help?

    System availability is top priority

    System availability in OT systems must never be jeopardized due to NAC measures. Production machines generally do not use the classic protocols that are common in IT systems. It is therefore often not possible for an external system, such as a NAC solution, to interfere with communication in an OT environment. If an unknown endpoint is connected, the new access cannot be prevented as easily as in IT environments. This is because preventing communication in facilities is not permitted, as interruptions could compromise operations. If an endpoint is simply removed from the network, this could lead to far-reaching interactions. To ensure unobstructed operation production facilities are often using other security strategies, such as firewall zones or isolating individual production areas into so-called cells. These security strategies are often not endpoint-specific but aim to segment entire functional areas of a system to prevent external interference.

    A production cell is an individual functional area within a production facility. The division is usually based on special components such as robots, transport systems or production lines. This production cell often works autonomously and can function independently for a certain period without the need for external information. macmon NAC offers various solutions to limit network threats from unknown endpoints without affecting operations.

    One method is to notify the next Ethernet-based IP port. Here macmon NAC intervenes again and can trigger an action, such as alerting a network admin and temporarily physically disconnecting the cell from the rest of the network. The encapsulated part of the system continues to work and does not affect operations. For example, the cell in which an unknown endpoint has been registered can be automatically quarantined. The administrator now has a certain amount of time to investigate the suspicious network event without interrupting or jeopardizing operations.

    Sustainable implementation of the security strategy

    A NAC system should not prescribe rigid implementation strategies, but rather offer flexible options to be a long-term and sustainable security solution. Unlike other NAC providers, macmon NAC is a manufacturer-agnostic solution. Numerous other NAC solutions require large-scale conversion measures, the purchase of special network components and future investments. In OT systems, such a conversion or expansion can be associated with high costs, which often becomes an obstacle to invest in a NAC solution at all. This is because the initial implementation of a platform-dependent solution puts you in a long-term dependency that can require investments repeatedly. Replacements are often associated with a potential threat to operations, as the long-life cycles of some production machines mean that some parts may no longer be available. The purchase of new hardware for the NAC solution is usually necessary in a much shorter period than the OT systems would require. Therefore, a platform-dependent solution is not financially attractive or sustainable for many OT managers.

    The manufacturer-agnostic solution macmon NAC eliminates the problems described. The NAC solution does not need extensive hardware upgrades in the network and is sustainable in the long term. macmon NAC is flexible and future-proof software solution for heterogeneous infrastructures and OT-networks.

    While network access control has long been commonplace in IT systems, its purpose in OT environments is often questioned. Read more about the benefits of NAC for operational technology: 12 reasons for NAC in OT

    Recommended articles

    • 14.03.2024 | Malte Marquardt

      OT market study: Tips for future-proof OT Security

      What measures do industrial companies rely on for OT security? Read the recommendations resulting from our OT market study “Moving Beyond Visibility”.

      more

    • 13.06.2023 | Sarah Kolberg

      NIS 2 EU Directive: What's new for companies?

      The EU's NIS2 Directive extends the requirements of NIS and the first KRITIS Regulation. Who is affected by NIS2? What measures are required?

      more

    • 31.01.2024 | Sarah Kolberg

      Cybersecurity vs Interoperability & High Availability

      Cybersecurity vs Interoperability & High Availability - adversaries or allies? How to balance them and ensure trouble-free, cyber-resilient operations.

      more

    • 19.02.2024 | Sarah Kolberg

      Cybersecurity: generative AI & system recovery

      Generative AI: a new tool for cyber-attacks - but one of the biggest challenges remains system recovery after the attack.

      more

    • 28.02.2024 | Sarah Kolberg

      OT Security: a dialog between IT and OT

      OT systems have special requirements. IT security solutions often do not address these. OT and IT must cooperate for OT security.

      more

    © macmon secure GmbH