macmon secure Safeguards Home for People with Mental Disabilities

The client: The Wagerenhof Foundation, situated in Switzerland, offers 237 people with cognitive impairment and some with a number of more severe disabilities a loving home for the rest of their lives. The Foundation promises every resident the best possible quality of life — regardless of impairment, age or level of care. Building on decades of experience, the Wagerenhof Foundation has developed into a modern institution. An attractive site and publicly accessible businesses such as a flower shop make it a regional meeting point for service providers, customers, visitors and some several hundred people who work in this facility.

Key Facts about Case Study Stiftung Wagerenhof

Biggest challenges:

  • Mixed network components of different generations
  • Many external network users like visitors and service staff 

Reasons for macmon NAC:

  • Highly flexible connection of third-party providers such as tenfold
  • Comprehensive reporting

Successes through macmon NAC:

  • Complete network overview within a few hours
  • Relief of the HR department through automatic transfer of employee data

Complete Network Overview in Record Time

After logging the entire infrastructure and all endpoints using live inventory management, a complete network overview was available to the Wagerenhof Foundation’s IT team within a few hours of implementation in the intuitive web GUI of macmon NAC. The log included 200 IGEL thin clients, 180 MacBooks, 80 iPhones and 120 iPads belonging to the employees, as well as 8 HPE SimpliVity servers hosted by the in-house data center.

Increasing the level of transparency meant that any threats to the endpoints in the network could be identified, for example attacks, ARP spoofing or MAC spoofing. The overview, which included graphical depiction of the network topology with extensive analysis options, also allowed an initial assessment of the network status. At the same time, it was possible to determine the current status of the network in regards to the introduction of NAC and decide what steps were still needed in the course of the project.

macmon offers infrastructure manufacturer agnostic solutions to cover every network, even where there is a combination of components from different generations. The NAC solution also offers a great deal of flexibility when connecting to third-party providers via the open REST API for asset management, CMDB solutions and comprehensive reporting of the monitoring data recorded in the network.


Jens Berensmann, Head of IT, The Wagerenhof Foundation

"I was very surprised by the rapid implementation of the entire project; it only took three months from start to finish. The actual installation, including training in the NAC solution, only took a day. Since then, macmon NAC has been running without any problems."

What has been Achieved so far?

  • Increased network security by monitoring endpoints
  • Increased productivity of the existing infrastructure
  • Simple, centralized administration of all network switches
  • Simple monitoring of network devices
  • High level of transparency in the network
  • Forensic analysis of security events
  • Enforceability of compliance policies
  • Automated handling of security incidents
  • Effective reporting for audits
  • Short installation time

Easy Integration of Third-Party Solutions

macmon NAC is the central control mechanism in the Wagerenhof Foundation‘s network. The endpoints are also checked for their security settings or their security level. macmon NAC offers various verification options, including the simple integration of third-party solutions. The Wagerenhof Foundation was already using the Tenfold authorization management solution, which offers a plug-in to enable or disable important functions in macmon for certain employees. This includes granting authorization to use the macmon portal and to register your own network devices (BYOD), but can also be used to withdraw authorizations. The devices registered in macmon are regularly synchronized to Tenfold and are then assigned to the relevant person as resources.

In situations such as the departure of an employee, endpoints can be removed in Tenfold, which in turn leads to the automatic removal of the device registration in macmon. Advanced functions, such as the automatic transfer of employee data from HR management, eliminate many manual processes and make the foundation‘s IT infrastructure less susceptible to both internal and external attacks using stolen login data.

Changes to authorizations and registered devices are automatically documented. For auditing purposes, it is possible to access historical data at any time and see who registered which devices.


Jens Berensmann concludes

Thanks to macmon NAC, it is now possible for us to fully regulate network access. The interface to Tenfold makes authorization management for endpoints more efficient, and administrative processes have been significantly reduced.


The Wagerenhof Foundation

in Uster offers 250 people with mental disabilities and some with severe physical disabilities a loving, permanent home. You will find a diverse living and working space on the “Wagi” site. Jobs are available in the studios, plant nursery and flower shop, farm, catering sector, laundry or engineering sector. Through its businesses and public events, the Wagerenhof facilitates contact and builds relationships with the surrounding area.

© macmon secure GmbH