Sycope partnered up with the Berlin-based company macmon secure GmbH - a technology leader in the field of Network Access Control.
Since 2003, macmon secure has been offering infrastructure manufacturer agnostic solutions that protect heterogeneous networks from unauthorized access thanks to instant network visibility. macmon NAC is implemented quickly and easily, with significant added value for network security. macmon NAC is a user-friendly tool that provides numerous features such as Advanced Security, Compliance,802.1X, Guest Service, VLAN Manager, Topology, Switch Viewer, Past Viewer and more.
In the world where the IT environment gets more complicated every day and new security threats attack the environment. Sycope and macmon engineers has cooperated together, to deliver the overarching security functionality. Sycope provides a very complex mechanism to analyse network traffic and detect violations of security rules. The system is a 100% passive, what indicates that it does not affect the network traffic and network devices. As a consequence of that, response time to the incident is longer than for active systems, considering changes to block unwanted traffic need to be done manually by the administrator. To improve the situation and reduce response time, the administrator can integrate Sycope with macmon to detect and actively manage violation of security rules. Integration of those two systems focus on increasing value to all users.
Sycope is using macmon’s API to send the mitigation task for a suspicious IP. All the necessary code is implemented. The only action required is to set up the credentials to the macmon system. No addition all lines of code are necessary. It is as simple as that.
Every communication between hosts generates traffic in the network. Network devices use NetFlow to send information about the traffic, for example communication sides, protocols and traffic volume.Sycope as a collector of NetFlow saves and analyses the information about the traffic and finds the patterns which might inform the Administrator about the security incidents and unwanted traffic. In this part, the monitoring is passive.
Integration with macmon NAC allows monitoring to be transformed into active system, blocking the unwanted traffic without manual actions. When the Alert is generated by Sycope, one of the available options is Mitigation in macmon. In this situation, Sycope communicates with macmon to get more information about the suspicious IP, and in the end sends the task to isolate the host. The isolating process moves the suspicious host to a separate VLAN with limited access to the internal network and Internet. Thanks to this procedure, the administrator gains time to analyse the situation and provide a remediation process.
There are two ways to block unwanted IPs. The first one is automated (explained in the schema diagram). When the Alert is triggered, you can select the mitigation action in the rule and send the task to block the IP. The second one is manual. You can right—click on every internal IP address and select Mitigation in macmon
Integration between Sycope and macmon converts the passive monitoring system into the NDR (Network Detect and Response) system. This approach helps protect the network and moves security to a higher level.