Network visibility gives debt charity access control

04 January 2019

StepChange Debt Charity is said to be the UK’s largest provider of free independent debt advice and managed solutions.

The organisation operates its telephone and online advice service from seven centres based across the UK. With such a large network, StepChange needs to be able to see what’s happening on the system and shut out unknown devices. This task presents a huge workload to staff and is a regarded as a very tedious job that requires knowledge of all vendor type network devices. On top of all this, the administrator has to manually fight off threats by isolating infected devices.

In order to get full visibility of its network, StepChange moved to the Macmon NetworkBundle. This analyses the network at speed, gathering all relevant network information to paint a rich picture. This enables StepChange’s infrastructure team to dive into the graphical topology and get a much better understanding of the environment. Macmon says its platform continuously monitors 34 switches. DHCP information is collected every 15 minutes, while several Layer 3 devices provide ARP information. Macmon says the “seamless” integration of Network Bundle and Windows Active Directory allows StepChange to appoint users to access the GUI with different permission levels.

It was important for the solution to work with StepChange’s existing environment. Macmon says its platform detected the network devices and listed all discoverable endpoints right from the start.

According to Macmon, monitoring and securing the network was the biggest challenge. The company says its platform enforces strict guidelines that are “deeply rooted” – for instance, unauthorised devices are instantly isolated by switching the VLAN, and suspicious endpoint behaviour is instantly flagged as a potential threat with administrators being notified right away.

As a result, StepChange can quickly identify unauthorised devices and quarantine or deny access whilst they were investigated. The team now receives frequent status updates via email about network health, whether an unauthorised device has been detected, if there has been an attempt to poison the ARP cache, etc.

Furthermore, instead of relying on a very time consuming manual process via the service desk, alerts are now automated freeing up valuable IT resource. Macmon says it handles the entire process in the background.