macmon keeps the lights on in Ettlingen
In the wake of a penetration test conducted under live conditions, Stadtwerke Ettlingen deploys macmon NAC to completely secure its critical infrastructure against hacker attacks.
Stadtwerke Ettlingen GmbH (SWE) is the municipal utility company and energy service provider for the city of Ettlingen and its surrounding region. SWE supplies citizens and businesses with electricity, gas, water and heat as well as operating two outdoor swimming pools, an indoor swimming pool with sauna facilities and a bathing lake. The company employs around 220 people at four sites in Ettlingen.

Key facts about Case study Stadtwerk Ettlingen
Biggest challenges:
- Critical infrastructure with high security needs
- Safety o integrated loT devices
Reasons for macmon NAC:
- Manufacturer-agnostic SNMP-based topology discovery
- Price-performance ratio
Successes with macmon NAC:
- Implementation of the security solution in only 2 days
- Seamless real-time monitoring
- Closing of existing security vulnerabilities
Test under live conditions
In 2013, SWE agreed to have the security of its network tested as part of the production of a documentary on the subject of computer-based attacks on critical infrastructures (KRITIS). To this end, a hacker carried out a penetration test on the infrastructure of the public utility company under live conditions. Equipped with just a laptop and a few other auxiliary devices, the hacker was able to gain unnoticed access to SWE’s internal network and ultimately to the control room via a network socket in the public utility company’s guest house. In a real life scenario, this would have enabled the intruder to switch off the electricity and water supply to the 40,000 households in the city. The test and resulting report revealed to those responsible at SWE important information regarding vulnerabilities in the area of software and primarily in the network infrastructure which needed to be eliminated as quickly as possible.
Thomas Steuer
Stadtwerke Ettlingen GmbH
„Our main priority is to fully safeguard the supply to all citizens of Ettlingen. macmon provides us with a powerful, cost-effective and efficient solution that ensures just this – with a minimum amount of work for our IT department.“
The NAC solution from macmon impressed in all regards:

The test showed unequivocally that monitoring access to the network is a key element of the security measures against cyber criminals or state-sponsored attacks. As a result, SWE set out to find a network access control (NAC) solution. macmon NAC was one of the solutions recommended to SWE by several network service providers. Finally, two systems were shortlisted, which were then extensively tested and discussed with reference customers. It quickly became apparent that macmon NAC offered a clear advantage over the competition in terms of ease of use. Added to this was the complete coverage of the entire network through manufacturer-agnostic SNMP-based topology detection, which left no blind spots.
Thomas Steuer,
Stadtwerke Ettlingen“In the course of the energy transition, smaller producers of renewable energies have to use so-called ‘smart meters’. These are essentially Internet of Things devices that consist of a digital electricity meter and a gateway which enables the transfer of data. If these devices are also used for regulation and control, every one of them is a potential entry point for hackers. With macmon, we can monitor all these devices and detect and prevent unauthorized access."
Ready for use within 48 hours
Even before the implementation, the staff at SWE were able to send important information about the key specifications of their network to the responsible employees at macmon using a check list. This close and direct exchange of information from the outset allowed optimum preparations to be made, meaning the final commissioning was completed in just two days. SWE was able to start using the system right away.
Intelligent, simple and efficient
SWE currently primarily uses port monitoring with port deactivation and VLAN management from macmon. Within the IT department, two employees work with the NAC solution and take care of the whole network infrastructure and monitor all endpoints and network devices. Before macmon NAC was introduced, SWE had no control over which devices were connected or trying to connect to the network. This situation has fundamentally changed and improved with the use of macmon. SWE now has seamless monitoring of all network ports in real time.
It knows which devices are connected to the network at any given time and immediately detects if an external device attempts to gain unauthorized access to the network – as it was also the case during the penetration test. For the employees, the ease of use is a huge benefit, as no lengthy training is required in order to use the system efficiently. Employees who move from one site to another can automatically be assigned the correct VLAN via VLAN management. The user interface is logical and intuitive and numerous automation options, such as situationally effective VLAN selection, provide maximum protection with minimum administration work. Last but not least, installing the regular updates is simple and problem-free. The technology that underpins macmon NAC also enables SWE to protect its network in a way that is future proof. No matter what type and how many devices are connected to the network in the future, the comprehensive device detection and dynamic VLAN assignment in real time leaves no way in.

CONCLUSION by Thomas Steuer, Stadtwerke Ettlingen GmbH:
Courage rewarded. SWE’s decision to take part in the test and have its security measures put through their paces paid off. The vulnerabilities that were identified were comprehensively closed by macmon NAC, while the general management of the network was also considerably simplified – and all for a good price!