The innovative mid-sized companies

Favorite targets of cyber criminals

According to a study by PwC, five out of six SMEs were targeted by email phishing in 2022. Ransomware attacks also continue to weigh heavily on the German economy: 73% of the SMEs surveyed were victims of an attack last year. Business leaders should be aware that they are an important element of a vulnerable supply chain and therefore are of interest to extortion attempts by criminals. In particular, the automotive industry, which is considered a central pillar of the German economy, is targeted by cybercriminals worldwide.

Key Facts to Case Study Süddeutsche Gelenkscheibenfabrik

Biggest challenges:

  • Intensified threat situation for IT and OT networks
  • Efficient implementation of the relocation of employee workstations in the company

Reasons  for macmon NAC:

  • Secure access for employees and external service providers
  • Visibility of all end points in the network including physical location

Successes through macmon NAC:

  • More transparency and control over network devices
  • Simplified VLAN management via macmon NAC
  • Budget and workload savings in network administration

Thomas Schuster, System Administrator

SGF


„We started the productive use after just one week. We quickly realized that macmon NAC is a powerful and flexible solution for Network Access Control that offers us better monitoring and more transparency of our network devices.“

The assignment of a new VLAN could not be carried out via the helpdesk, as administrative access to the switch was required for this process. Since the introduction of macmon NAC the direct adjustment down to the port level is possible.

SGF: From Bavaria into the world

In the more than 75 years since it was founded as a family-owned company, Süddeutsche Gelenkscheibenfabrik (SGF) GmbH & Co. KG has developed into a global market leader with its products. The company offers international customers individual and sophisticated noise, vibration and harshness (NVH) solutions for the decoupling and damping of vibrations and noises in the automotive, rail and industrial applications. In the field of metal forming, SGF manufactures high-strength metal parts for electric motors for cars. In the financial year 2022, 700 employees at 4 locations worldwide generated 120 million euros. SGF has developed into the market leader in torque transmission and has 75 years of experience in thread and binder technology.

In addition to highly qualified employees and state-of-the-art development and production facilities, special know-how from rubber and silicone processing is the basis for the high-quality standard of the products. SGF is certified according to DIN EN ISO 9001 and ISO/TS 16949 and thus meets the highest requirements of the automotive industry.

Belden‘s macmon NAC: profitability, comfort and security

SGF recognizes the growing threat to the security of their IT and OT networks. In the digital world the best security strategies are increasingly deciding the future of companies. In cooperation with CyProtect AG as an experienced gold partner of macmon secure, a proof of concept was set up for SGF, with macmon NAC as the central security solution.


CyProtect AG is a manufacturer-agnostic cybersecurity service provider and combines a profound understanding of IT/OT and IoT for safety-critical processes with the cutting-edge technologies of leading security manufacturers.

 

 

Task definition

To strengthen the network security infrastructure, a suitable NAC solution should be selected for the necessary visibility, access control and compliance functions.

In particular: 
The company was constantly relocating employees. The associated manual configuration of the security ports to which the endpoints were connected always proved to be time-consuming for the IT administration.

Particularities of securing the OT network

In addition to IT security, OT security has been gaining importance at SGF for years. The focus is on the secure access of internal employees and external service providers to their own in-house machines and systems. The accesse to endpoints must be secure and monitored. The security here is primarily regulated by the enterprise firewall. The range of OT devices available in the company is diverse at SGF. These include numerous IoT devices, robots, programmable logic controllers (PLCs), sensors, cameras, and remote maintenance routers. macmon NAC supports numerous processes by creating an overview of all endpoints in the OT network. The administrator can see the exact physical location and see which VLAN the device is currently in.

Thomas Schuster explains the points of contact between IT and OT security: “In our industrial business, we have been working on joint solutions for years, because the more IT is installed in OT, the closer the cooperation must be. Even in the decision-making process, the IT department is informed by the OT, and we clarify the remote maintenance options or the required connectivity before new purchases are done."

Schuster adds: “This is the only way to ensure that there are no surprises during commissioning.“ In general, OT security must guarantee absolute reliability, because nothing is more economically damaging to a production operation than delays or even the failure of production facilities. Schuster explains: „It has proven its worth that each machine has its own VLAN – so we currently have to manage a large number of over 250 networks.“

This is a complex challenge in which macmon NAC provides an overview and control by identifying the endpoints. Thomas Schuster confirms: „Especially in the case of machine relocations, -extensions and -reconstructions, macmon is here to help. I am often asked by the developers of programmable logic controllers (PLCs) why a certain device cannot communicate. Here it is essential to quickly find out where the device I am looking for is physically plugged in. In addition, I need to know on a case-by-case basis whether it is not or possibly even wrongly plugged in. This way I can reliably help our developers.

Thomas Schuster, Systemadministrator

SGF


“In our industrial business, we have been working on joint solutions for years, because the more IT is installed in OT, the closer the cooperation must be. Even in the decision-making process, the IT department is informed by the OT, and we clarify the remote maintenance options or the required connectivity before new purchases are done."

The core features of Belden‘s macmon NAC:

Full control over all endpoints in the network and instant network overview and graphical topology

“I get an overview of all the devices that are in the network, as well as the network topology and the switches and routers used. At any time, I can see which devices are in our IT and OT network. This has proven to be very helpful in practice, especially when troubleshooting the OT network.“

  • Easy administration

Intuitive handling of the web interface and extremely low maintenance requirements

“The clear web interface is intuitive and easy to use. This enables us to ensure that our trainees can also make full use of the application from the second year of their apprenticeship. In general, the maintenance effort is extremely low – every now and then an update has to be installed to keep the solution up to date and to benefit from the continuous development by the macmon development team.“

Identification of devices using SNMP to determine their firmware status

“Our approximately 60 access switches are managed by macmon NAC. The information is read out via SNMPv3 and the switch ports are set according to the specification of the device group (set VLAN, lock/unlock interfaces).“

  • Manufacturer-agnostic solution and strong partnerships

macmon NAC can be installed in any heterogeneous network and has close partnerships with a wide range of IT and OT security solutions.

“ Existing hardware or software was not an obstacle to the selection of macmon NAC. The integration options offer us real added value.“

Reliability is a top priority in OT environments

By identifying all endpoints, no unknown or unauthorized devicescan be present in our OT network. In contrast to IT environments, however, it is not allowed to temporarily block a plant in which are sometimes more than 100 devices. Maintaining smooth production operations is a top priority. Nevertheless, reporting a newly detected IP/MAC address helps us significantly in troubleshooting.

 

CONCLUSION by Thomas Schuster

System administrator | SGF


I can protect what I see thanks to the overview and transparency. I know immediately which device is plugged into which switch port. I can search and filter extensively in the data. In a live view and a historical overview, all devices can be made visible. I can easily see that there are a lot of ports on a switch that have not been used in a long time and I can plug them out. I don‘t have to buy new switches, it‘s budget friendly. I am happy about the enormous time savings for administrative processes, which relieves our scarce resources.

„macmon is indispensable for our IT and OT security.“

 

Every year, the trade journal Network Computing presents various awards to manufacturers and distributors in recognition of outstanding achievements in the field of cybersecurity. In 2024, our project and case study with Süddeutsche Gelenkscheibenfabrik was named Best International Project of the Year.


© macmon secure GmbH