MBDA Deutschland takes information security seriously and rely on macmon NAC to effectively protect & secure its highly sensitive data
MBDA require absolute network transparency and the ability to automatically manage a dynamic & growing network consisting of different VLANs and security zones.
MBDA Deutschland is Germany’s leading guided missile system retailer and a renowned centre of excellence for air defence systems employing over 1300 members of staff. MBDA Deutschland have adopted a European outlook and philosophy from conception and are part of the MBDA Group operating in Europe and throughout the world since 2006. MBDA use macmon to monitor in excess of 15,400 interfaces which provide network access to over 5800 devices.
Key Facts about the MBDA Deutschland GmbH case study
Biggest challenges:
- Highly sensitive data
- Gradual introduction of the security solution
Reasons for macmon NAC:
- agentless solution
- manufacturer-agnostic
- Automatic VLAN assignment
Successes through macmon NAC:
- Simplification of administrative daily business through automatisms
- Full network transparency
Simplifying operations using an effective graphical network overview and dynamic VLAN's
MBDA Deutschland were looking for a solution to simplify network operations, dynamically manage VLANs, network segments & security zones and provide effective graphical visibility of their network. MBDA became aware of macmon secure GmbH, Germany’s leading independent NAC provider at IT-SA, a leading IT Security Exhibition in Nuremberg. After the initial meeting at the exhibition, MBDA Deutschland invited macmon secure to give a product presentation and demonstration at MBDAs Schrobenhausen premises. It quickly became evident that MBDA Deutschland were concerned about the complexity of deployment and operation of a Network Access Control solution, worrying about possible negative impacts on the structure of its network.
macmon secure were rapidly able to dispel these concerns, providing assurances that it would not be necessary to change any of the network infrastructure and it would not be necessary to deploy agents or sensors in order to use its NAC solution. Moreover, macmon also monitors the connected branch offices from his central position and can be operated regardless of the network hardware manufacturer. It was clear to MBDA Deutschland that introducing a NAC solution would need to be possible with no adverse effects and with the minimum of changes to the network – something which can be achieved long-term with macmon.
macmon’s solution can be implemented in combined operation with or without 802.1x and can save a considerable amount of administration time and overhead thanks to automated functionality and active blocking, enabling effective & powerful workflows and incident response. MBDA Deutschland wanted macmon to first and foremost provide a transparent and effective overview of all the devices connected to its network, this has been achieved with macmon’s powerful graphical topology technology. New devices can be monitored, organised and categorised automatically. Filtering by attributes such as IP address, device name and VLAN devices can automatically gain network access in a completely secure manner.
MBDA Deutschland’s second major concern was the ability to allocate VLANs automatically, providing secure access to network resources. macmon’s solution assigns VLANs dynamically using the endpoint device or its particular group (MAC-address, VLAN-ID) which ensures that users are always given the correct access to the network regardless of the physical connection type. The macmon VLAN Manager offers an easy way to maintain the system and does not require reconfiguration to accommodate mobile users or changes in location. Staff tasked with administering the solution do not need to know anything about how switches work and how to assign VLANs to them. macmon was the obvious choice for MBDA Deutschland thanks to its sheer variety of uses. The ability to introduce Network Access Control in stages sealed the deal. It was also important for MBDA Deutschland to make its day-to-day operations less complex, and the ability to allocate VLANs automatically using device groups was a key aspect.
The system was implemented concurrently at its sales partner‘s office and macmon was initially operated in learning mode. Gradually identifying the systems detected and effortlessly allocating them to device groups, helped MBDA Deutschland to gain a comprehensive overview of the network that it was looking for. It was not long before the first defective configurations and unknown devices were identified. macmon NAC was also able to detect that a device was in the wrong VLAN immediately, in a process which would have been very laborious without macmon.
The level of transparency obtained was able to significantly improve the security of the MBDA Deutschland network. The NAC solution finally went live four weeks later. As the system is so critical, macmon is operated in a mixed cluster (virtual/physical) at a central location at MBDA Deutschland‘s premises. Four members of staff have been put in charge of network engineering and are familiar with using macmon NAC.
Summary:Implementing macmon NAC is giving the company a significantly higher added value in terms of controlling access to its network. The ability to implement the solution in stages and its ease of operation are making day to-day business more straightforward. Dynamic VLAN management and an overview of the network using graphical topology, put macmon streets ahead of its competitors and MBDA Deutschland is reaping the benefits.