April 25, 2022

New technology partner on board - macmon secure GmbH

Sycope partnered up with the Berlin-based company macmon secure GmbH - a technology leader in the field of Network Access Control.

In the world where the IT environment gets more complicated every day and new security threats attack the environment. Sycope and macmon engineers has cooperated together, to deliver the overarching security functionality.

About macmon

Since 2003, macmon secure has been offering infrastructure manufacturer agnostic solutions that protect heterogeneous networks from unauthorized access thanks to instant network visibility. macmon NAC is implemented quickly and easily, with significant added value for network security. macmon NAC is a user-friendly tool that provides numerous features such as Advanced Security, Compliance,802.1X, Guest Service, VLAN Manager, Topology, Switch Viewer, Past Viewer and more.

When one plus one is greater than two

In the world where the IT environment gets more complicated every day and new security threats attack the environment. Sycope and macmon engineers has cooperated together, to deliver the overarching security functionality. Sycope provides a very complex mechanism to analyse network traffic and detect violations of security rules. The system is a 100% passive, what indicates that it does not affect the network traffic and network devices. As a consequence of that, response time to the incident is longer than for active systems, considering changes to block unwanted traffic need to be done manually by the administrator. To improve the situation and reduce response time, the administrator can integrate Sycope with macmon to detect and actively manage violation of security rules. Integration of those two systems focus on increasing value to all users.

Easy integration

Sycope is using macmon’s API to send  the mitigation task for a suspicious IP. All the necessary code is implemented. The only  action  required  is  to  set  up the credentials to the  macmon  system.  No addition all lines of code are necessary. It is as simple as that.

macmon and Sycope integration
macmon mitigation in the system

How does it work?

Every communication between  hosts generates  traffic in  the  network.  Network devices  use  NetFlow to send information about the traffic, for example communication sides, protocols and  traffic  volume.Sycope as a collector of NetFlow saves and analyses the information about the traffic and finds the patterns which might inform the Administrator about the security incidents and unwanted traffic. In this part, the monitoring is passive.

Integration with macmon NAC  allows monitoring  to  be transformed  into  active system,  blocking  the unwanted  traffic  without manual  actions.  When the  Alert  is  generated  by Sycope,  one  of  the  available options is Mitigation in macmon. In this situation, Sycope  communicates  with  macmon  to  get  more  information about the suspicious IP, and in the end sends the task to isolate the  host. The isolating  process moves  the  suspicious host to a separate VLAN  with  limited  access  to  the  internal  network  and  Internet. Thanks  to  this  procedure, the administrator gains time to analyse the situation and provide a remediation process.

Additional ways to block unwanted lPs

There are two ways to block unwanted IPs. The first one is automated (explained in the schema diagram). When the Alert is triggered, you can select the mitigation action in the rule and send the task to block the  IP. The second one is manual. You can right—click on every internal IP address and select Mitigation in macmon

Integration between Sycope and macmon converts the passive monitoring system into  the NDR (Network Detect and Response) system. This approach helps protect the network and moves security to a higher level.

Get a monthly dose of blog posts, tips and tricks

Sign-up for the newsletter and be updated about Sycope.

Sign-up for the newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.