ARP-GUARD meets your requirements
Successful network access control
The core functions in detail
Network access control - protection against unauthorized access
Centralized control and regulation of all network access provides the administrator with comprehensive control. Unknown devices are detected and reported in real time. Unique identification of devices is based on the MAC address or certificates (802.1X). Additional fingerprints created during device learning increase the level of security. Any action can be user-defined and managed centrally for the entire network in the ruleset - from immediate port shutdown to relocation to an appropriate quarantine VLAN segment.
The advantages to you at a glance:
- Protection against unauthorized access
- Rulesets for your network (from quarantine VLAN to port shutdown)
- Maintenance of network integrity with heterogeneous network structures
- Vendor and technology-independent solution (multi-vendor strategy)
- Mixed operation of SNMP, MAC-based RADIUS and 802.1X
Device detection - locate and identify all end devices
The ARP-GUARD system communicates with the entire network infrastructure, quickly captures all systems on the network and displays the architecture in a graphical topology view. With ARP-GUARD Network Access Control, all end devices become visible, regardless of whether they are Io(M)T, IT, MT or other devices. Gain full visibility of your network, keep an eye on which devices are on your network and where those devices are connected. This facilitates network planning and achieves the transparency required for audits and inspections. The reporting function logs address and assignment changes, allowing sources of interference to be located and eliminated quickly.
The advantages to you at a glance:
- Localization and identification of all devices
- Comprehensive overview with network monitoring (IPS)
- Detection and elimination of possible sources of interference
- Graphical topology view
- Necessary transparency for audits and reviews
VLAN Manager – dynamic network segmentation
With ARP-GUARD VLAN management, segmentation of the network into VLANs (Virtual Local Area Networks) can be implemented and managed easily and conveniently. Sensitive areas and data are thus protected according to the highest security standards, while public areas can be clearly demarcated. Instead of manual setup on the individual switch ports, assignment to the associated VLAN is automated by ARP-GUARD according to the ruleset. Employees who move around, travel, or work remotely always take “their” environment/VLAN with them. Integration of VoIP telephony and WLAN access points can be provided quickly and efficiently using tagged VLANs. Specific access for visitors, guests, patients and service providers can be offered conveniently via our Captive Portal extension.
The advantages to you at a glance:
- Dynamic and convenient network segmentation
- Port and session-based
- Clear demarcation between public and internal areas
- Employees who are not tied to one location always take various settings such as group assignments with them
Fingerprinting – intelligent profiling and unique identification
The combination of different authentication methods such as MAC-based RADIUS and 802.1X provides optimum security and flexibility. The use of ARP-GUARD fingerprinting technology significantly increases the security level of the authentication process and prevents MAC spoofing. Fingerprinting technology considers other security factors such as cryptographic certificates and keys during identification to identify a device uniquely. Even for end devices that do not support any cryptographic procedure, our technological approach enables creation of fingerprints based on specific device characteristics for secure identification of all devices in a network.
The advantages to you at a glance:
- Capture of cryptographic identifiers
- Combination of different authentication methods, such as RADIUS and SNMP
- Unique authentication of end devices
- Tampering with infrastructure components reliably detected and prevented
Sensor management architecture - a scalable system
The ARP-GUARD sensor management architecture is unmatched when it comes to scaling the NAC system while managing multiple sites from one central instance. The use of sensors enables effective integration without having to install and pay for a complete system at each field office. This makes our ARP-GUARD extremely flexible and particularly suitable for small and medium-sized enterprises with distributed locations. Through our Enterprise Management, we have expanded this function and can now orchestrate global group structures with over 100,000 different devices with a fully multi-client capable solution.
The advantages to you at a glance:
- Central and scalable system architecture
- Technological framework for distributed and complex infrastructures
- Optimal load distribution and fast response times for distributed infrastructures
- Centrally defined guidelines as a set of rules transferable to all sites