Greenbone x macmon - Check automatically detected end devices directly for vulnerabilities
April 1, 2021
Bastian Seibel
Greenbone
Greenbone
The integration of macmon NAC with the Greenbone Security Manager creates a fast-acting, fully automatic security concept. New end devices in the network or those that are absent for a longer period of time are automatically detected by macmon NAC and then checked for vulnerabilities by the Greenbone Security Manager.
The Greenbone Professional Edition, available as physische and virtuelle appliance, based on the Greenbone Security Manager (GSM), identifies security gaps in the corporate IT and evaluates their risk potential. In addition, the GSM recommends measures to eliminate any vulnerabilities found.
The aim is to identify points of attack before cyber criminals do and thus prevent attacks. Because practice shows: 999 out of 1,000 exploited vulnerabilities were already known for more than 12 months and could thus have been closed. The solution includes a daily security update of the vulnerability tests that are carried out to detect the vulnerabilities. Currently, more than 87,000 vulnerability tests are available. The GSM is now used in over 50,000 professional installations and integrations across all industries and company sizes. The turnkey appliance is based on open source software and can be put into operation within a very short time.
How does the technical partnership between Macmon and Greenbone Networks work?
macmon secure has new end devices scanned for malware by the GSM when they enter the company network and regularly evaluates the compliance status in order to protect the company network. Christian Bücker, Managing Director of macmon secure GmbH, explains: "It is important for IT security to scan the company network regularly. The result of this scan is provided by GSM and evaluated at regular intervals by macmon NAC. If the device is in compliance with company policies, network access will continue to be granted. If this is not the case, macmon NAC can isolate the end device with a configured reaction or disconnect it from the network and notify the administrator. Thus, a rule-compliant network access control is ensured."
macmon NAC detects new and recurring endpoints and initiates scans
There are constantly new devices in a corporate network. Usually, an administrator ensures that such an end device is not infected with malicious code and does not pose a threat to data integrity and network security. macmon NAC detects a new end device when it is connected to the network and instructs the GSM to perform a scan. According to the result, access is granted or denied.
In addition, macmon NAC detects a recurring end device and has the GSM scan it if the period of absence is too long. Some end devices cannot be scanned regularly because they are not permanently connected to the company network.
For example, an employee in the field may be away from home for days or weeks. When she returns, the end device reconnects to the corporate network, where it is detected by macmon NAC. macmon NAC then commands the GSM to perform a scan. The result of this scan is provided by the GSM. If the device is compliant with corporate policies, network access is still granted. If this is not the case, macmon NAC can, as with a new end device, isolate the end device with a configured reaction and again notify the administrator.
macmon NAC thus regularly checks the integrity of new and temporarily absent end devices, depending on the user's time constraints.
In addition, macmon NAC detects a recurring end device and has the GSM scan it if the period of absence is too long. Some end devices cannot be scanned regularly because they are not permanently connected to the company network.
For example, an employee in the field may be away from home for days or weeks. When she returns, the end device reconnects to the corporate network, where it is detected by macmon NAC. macmon NAC then commands the GSM to perform a scan. The result of this scan is provided by the GSM. If the device is compliant with corporate policies, network access is still granted. If this is not the case, macmon NAC can, as with a new end device, isolate the end device with a configured reaction and again notify the administrator.
macmon NAC thus regularly checks the integrity of new and temporarily absent end devices, depending on the user's time constraints.
The managing directors of macmon secure and Greenbone Networks confirm the advantages of the partnership for the security of their customers
Dr. Jan-Oliver Wagner, CEO and co-founder of Greenbone Networks: "Both macmon and Greenbone focus on a fast, fully automated response to ensure compliance with security policies. Attackers also use automation. We counter them with an individual system team acting according to customer specifications. Potential attack surfaces are quickly and specifically isolated, checked and released. Even at 2 o'clock in the morning. The strengths of both companies complement each other perfectly to ensure the greatest possible security for customers."
Christian Bücker, Managing Director of macmon secure, adds: "The great advantage of this integration is that as soon as macmon NAC detects the presence of an end device, a scan is run immediately and fully automatically. If an undesirable condition is detected, macmon NAC is informed directly and reacts immediately and automatically with a lockout or quarantine switch. So it's all about fast, automatic reactions without administrator intervention. And of course, the security concept is strengthened because both solutions combine their expertise. macmon NAC can very quickly recognise that a device has just entered the network and take over enforcement for Greenbone, which cannot enforce security rules itself. Greenbone is very good at identifying vulnerabilities, which again is not macmon's main discipline."
The integration of Greenbone Security Manager with macmon NAC is easily done via macmon NAC's web interface.
Christian Bücker, Managing Director of macmon secure, adds: "The great advantage of this integration is that as soon as macmon NAC detects the presence of an end device, a scan is run immediately and fully automatically. If an undesirable condition is detected, macmon NAC is informed directly and reacts immediately and automatically with a lockout or quarantine switch. So it's all about fast, automatic reactions without administrator intervention. And of course, the security concept is strengthened because both solutions combine their expertise. macmon NAC can very quickly recognise that a device has just entered the network and take over enforcement for Greenbone, which cannot enforce security rules itself. Greenbone is very good at identifying vulnerabilities, which again is not macmon's main discipline."
The integration of Greenbone Security Manager with macmon NAC is easily done via macmon NAC's web interface.