Protecting the Clinic´s Network and Sensitive Patient Data
Vivantes – Network für Gesundheit GmbH, seated in Berlin, optimizes network security and network management using macmon secure Gmbh´s macmon NAC solution, resulting in concise and comprehensive end-device monitoring, significant optimization of resources and reliable, future-oriented network security.

With a yearly turnover of €785 million and a staff of over 13,000 (as per 2010), Vivantes is Germany´s largest communal hospital group. It was founded by the city of Berlin, and in 2001 incorporated all hitherto communal hospitals. One of the challenges that thus arose was to merge and integrate a variety of heterogeneous IT landscapes.
The central ITK department is now responsible for the group´s network administration and network security. Around 19,000 network ports are now available at 10 locations in over 100 clinics and more than 300 servers, 6500 PC workstations, 3000 printers, over 700 IP telephones and 660 switches are operated.
Ensuring reliable network protection, and maintaining an overview over all active and passive devices in the network with all their heterogeneous hardware configurations was the main reason that Vivantes was on the lookout for a manufacturer-independent, reliable solution to protect its sensitive data and its network operation.
Key Facts about Vivantes
Biggest challenges:
- Historical, heterogeneous IT landscape
- High security requirements for critical infrastructure
Reasons for macmon NAC:
- manufacturer-neutral solution
- Footprinting function
Successes through macmon NAC:
- Cost savings through detection of unused systems
- Comprehensive endpoint monitoring
The ability to rapidly lock out or isolate unauthorized devices within the whole network was important. “To be able to quickly react, considering the size of the network, we configured our first Appliance with a Quad-Core CPU in this Project“, says Marcel Mulch, software developer responsible at mikado soft (by now macmon secure gmbh) for the project. “Nowadays, that is standard configuration for an appliance.“
Paramount for any NAC project is the initial population and subsequent maintenance of the reference list. Since the Matrix42 “Empirum“ client management suite is implemented at Vivantes, it was simple to transfer asset data from Empirum to macmon via script. This script, originally developed for the initial implementation, is put to good use when maintaining asset data.
Lothar Börner, Network team manager at Vivantes considers: “As far as network components are considered, we adhere to standards. This makes for ease of Administration and procurement. Still, with our NAC solution we wanted to be independent from any specific switch manufacturer. Since putting macmon into service, we can immediately detect patched but unused switch ports, thus greatly reducing the need for redundant Equipment."
Rainer Paul, Head of IT Systems Engineering
“macmon provides us with an overview over all devices connected to our network, across our complex IT infrastructure with over 10,000 nodes."
Concise End-Device-Monitoring, Reliable Network Control

Following extensive testing, Vivantes opted for macmon, macmon secure Gmbh´s NAC solution. “Our expectations regarding a solution easy to manage, quick to implement and catering to high security specification, were convincingly fulfilled. macmon convinced us that it can successfully cope with the heterogeneous IT environment at Vivantes. In addition, we are now able to quickly detect and document any relocation of devices." adds R. Paul: "With more than 3000 printers deployed, it is a great relief to now be able to find leased devices previously considered as “missing“.
Dection and classification of medical equipment, increasingly capable of being attached to the network, is an important task. “Initially, we classified these devices manually with the help of a network scanner. This task is now greatly simplified with the help of macmon´s Footprinting function“, explains Nico-Alexander Walter, responsible for macmon administration.

Conclusion
Implementing macmon delivered the desired results. The security situation was greatly enhanced and numerous tedious administrative tasks have been eliminated. All devices are now reliably detected and documented. “macmon helped us to implement our security requirements in a short period of time without incurring high cost or effort. With macmon we feel well prepared to face future security challenges as well“ sums up Rainer Paul, head of IT systems at Vivantes.