Secure from field to server room

    Belden’s macmon NAC: Network security for full-service providers

    Founded in the 1960s as an association for farmers‘ self-help, the Maschinenring today is an important economic factor and one of the leading service providers in all rural regions of Austria. In addition to agricultural services, the activities of the approximately 80 machinery rings include the service sector and specialized staff. They provide these services to municipalities, small and medium-sized enterprises in rural areas as well as trading and infrastructure companies operating throughout Austria: The IT infrastructure of Maschinenring Austria’s IT Department is categorized into two main divisions: Infrastructure and Business Applications.
     

     

    Stefan Schneider

    Head of IT

    “With the introduction of macmon NAC, we want to be armed as good as possible against a cyberattack. During the test phase, we were able to convince ourselves of the compatibility of the hardware. Existing infrastructure can continue to be used and did not have to be replaced – an important cost aspect when selecting a NAC solution.”

    There are two key areas in the infrastructure division:

    In 2022 more than 60,000 cases of cybercrime in Austria were reported. This corresponds to an increase of 30.4 percent compared to the previous year. The number of cybercrime reports has been on the rise for several years.

    1. IT, with which employees at Maschinenring interact directly:
    Computers, notebooks, monitors, printers.

    2. IT that runs in the background and is only used indirectly by employees:
    Networking of the locations, servers at the locations and in the data center, the telephone system and user administration. In the Business Applications division, the IT department manages the IT systems that administer the business data of the machinery rings: The ERP system, the associated mobile applications, the program for accounting, payroll, and cost calculation. The IT department ensures the smooth operation of these systems and uses two data centers operated by an Austrian provider.

     

    Key Facts about Case Study Maschinenring

    Biggest challenges:

     

    • Heterogeneous IT infrastructure
       

    Reasons for macmon NAC:

     

    • Vendor agnostic
    • Easy implementation
    • Easy administration
    • Needs-based network protection

    Successes with macmon NAC:

     

    • Creation of a central security instance
    • Extensive analysis options and reporting

    The challenge – increasing security risk

    The personnel services provided by Maschinenring stand for top quality paired with a high degree of reliability: qualified support and specialized staff are placed in almost all sectors. Maschinenring leases out around 5,000 employees every year. The IT infrastructure required for this is secured by macmon NAC.

    From September to November 2021, the Maschinenring IT team conducted an external IT security audit. Although the company did not see itself as a primary target for hackers, as it works as a service provider for a group of cooperative associations and therefore is not profit-oriented, but it was nevertheless a provident step as over 60,000 cases of cybercrime were reported in Austria in 2022. This corresponds to an increase of 30.4 percent compared to the previous year. The number of reports in cybercrime has been on the rise for several years. The aim of the audit was, among other things, the security of IT systems and compliance with security standards and guidelines.

     

    The IT security audit was also intended to optimize theeffectiveness of security measures, by identifying weaknesses in the IT infrastructure and making recommendations for the continuous improvement of security. The result was a catalog of measures that has been implemented step by step. One measure was the introduction of a NAC solution as a central element of a reliable security architecture.

    “When we had a question during the implementation phase, it was always answered very promptly by the experts of macmon. When I have a support case, I send a ticket directly to the macmon ticket system. I always get a quick response with help, which usually leads to success.”

    Manuel Höbart | IT Infrastructure

    Belden’s macmon NAC – overview and control of endpoints

    Maschinenring is a reliable partner for winter services Austria-wide. Around 15,000 customers put their trust in Austria‘s professionals from the countryside. For this service to be provided, the administration behind it must function smoothly. The IT infrastructure required for this is secured by macmon NAC.

    In the proof of concept (POC), macmon NAC convinced the IT team. They were given a complete overview of the devices in the network and where they were physically located. This meant the end of unknown network plugs into which third-party devices could be connected. The federal and decentralized organizational form of the Maschinenring was a particular challenge: regional locations with various departments and IT departments in several federal states as well as the IT team of Maschinenring Österreich GmbH as an internal service provider, all of them with differently grown network infrastructures. 

    macmon NAC represents a central security instance and enables cross-location use. The NAC solution is able to communicate with a large number of network devices. macmon NAC is highly flexible, both technology- and manufacturer-agnostic. The existing heterogeneous infrastructure of around 90 locations can simply be used furtheron. The branch offices vary greatly in terms of technology and size, from a few employees to offices with around 50 people. The first locations went live in January 2022.

    “At the beginning of our collaboration, we directly purchased consulting hours for topics that exceeded the resources and expertise of our team. This saved us time and allowed us to concentrate on our core task of ensuring interference-free IT operations.“

    Philipp Mang | Team Lead IT Infrastructure

    The VLAN Manager module gives the Maschinenring IT team many advantages in its daily work

    VLAN stands for Virtual Local Area Network and is an important tool for the IT department for network segmentation. By segmenting the company network into separate units regardless of its physical structure, communication throughout the entire network can be controlled better. Network segmentation can for example be carried out according to the departments. If a network segment is compromised, not the entire network is affected, and the potential damage can be limited. In VLANs, vulnerabilities and errors can be detected and fixed in less time.

    The network infrastructure of Maschinenring is as complex, as the range of services they offer is diverse.

    The advantages of VLAN segmentation

    1. Security: 
      Network segmentation protects the network from unauthorized access and increases the security of the network access. 

    2. Performance: 
      Network performance is improved, as the data traffic is divided and therefore reduces broadcasts in the network.

    3. Flexibility: 
      VLANs can be set up dynamically or statically and be adapted to the requirements of the company.

    4. Clarity: 
      The network segmentation enables IT administrators to maintain an overview of their network environment at all times.

    “The macmon GUI is characterized by a self-explanatory operating method that is logically structured so that it can be used intuitively. Simple and meaningful names are important, because with a graphical user interface, less is often more. I get an overview of the endpoints that are offline or online at a glance. That makes my job much easier.”

    Manuel Höbart | IT Infrastructure

    “If macmon NAC identifies an unknown device in the network, it is automatically blocked, and the network administrator is notified immediately. We can react quickly. The unknown device, which represents a potential threat to network security is moved to an external VLAN."

    Stefan Schneider | Head of IT | Maschinenring Österreich GmbH

    The shared use of agricultural machinery and equipment is part of the Maschinenring founding idea. The machinery database of Austria‘s machinery rings, through which they can provide members with agricultural machinery, offers an attractive solution.

     

    “As a monitoring tool, macmon NAC offers a user-friendly GUI that allows us to block ports quickly and easily. The graphical user interface is intuitive and self-explanatory, which simplifies the operation of the software. Before the implementation I had to look at five spots – black monitors full of command lines – today I have the necessary information at a glance and my ports under control."
    Philipp Mang | Team Lead IT Infrastructure

    CONCLUSION by Stefan Schneider

    Head of IT | Maschinenring Österreich GmbH

    Thanks to macmon NAC, we have been able to significantly improve our network security. Before the implementation of macmon NAC, we had difficulties keeping track of all the devices in our heterogeneous network and could only do this with high administrative effort. After installing macmon NAC, we can effectively monitor all connected devices and easily control and prevent access by third-party devices. We save time, resources as well as costs, and increase our network performance and IT security.

    © macmon secure GmbH