Logos of ISL, R&S, and LANCOM Systems shown side by side on a blue background.

ISL Internet Sicherheitslösungen

LANCOM IT Security Ecosystem Partner

ARP-GUARD by ISL

ARP-GUARD is a network access control (NAC) solution from ISL Internet Security Solutions GmbH. It reliably protects corporate networks from unauthorized devices, monitors access in real time, and automatically enforces security policies. In combination with LANCOM network components, it creates a powerful complete solution that ensures full transparency, compliance, and protection of sensitive data.

ISL presents its solution:

ARP-GUARD

ARP-GUARD supports the implementation of a network-based zero trust model that mistrusts every access and uniquely authenticates every connection. The fingerprint technology used identifies devices beyond doubt and only allows network access for authorized devices. Every network access is recorded and evaluated in real time and immediately reported in the event of anomalies, ensuring maximum transparency, control, and security. Centralized orchestration, dynamic rules, and VLAN segmentation reliably protect sensitive areas. Thanks to the scalable sensor architecture and enterprise management, companies can be secured across locations, with separate clients and geo-redundancy. With its comprehensive multi-vendor strategy, i.e., manufacturer and technology independence, ARP-GUARD can be seamlessly integrated into any existing IT infrastructure.

More about ARP-GUARD

Overview graphic of the functions of ISL's ARP Guard solution

We create synergy effects

„LANCOM Systems and ISL Internet Sicherheitslösungen GmbH combine their strengths to create a comprehensive security solution for network access: Together, we enable secure login to the IT infrastructure – from the initial connection establishment to continuous monitoring during operation. With ARP-GUARD as a powerful network access control (NAC) solution and LANCOM network components, the result is an integrated complete solution that reliably supports transparency across all connected devices, automated enforcement of security policies, compliance, and protection of sensitive data.

The basis for this is the ECO partnership: Through regular exchange between the development departments and close coordination of the interfaces, we ensure a high level of interoperability and smooth operation. Another key added value for customers and partners is the integrated support structure: there is a clear support path via the respective specialist trade partner, while LANCOM and ISL work together seamlessly in the background – quickly, in a coordinated manner, and with a focus on solutions. Especially in regulated environments such as critical infrastructures and in the context of NIS2, this cooperation noticeably strengthens network security. Customers benefit from a robust, traceable, and compliant solution for efficiently implementing a NIS2-compliant IT network infrastructure.“

Andreas Balmes, LANCOM Systems, Business Development

Non-binding exchange to get to know each other

Basic functions

Network access control

Detects devices in real time, prevents unauthorized access, and protects against hard-to-detect attacks such as MAC spoofing using mechanisms such as fingerprinting and VLAN management. Flexible rules, interfaces, and integrations into SIEM or monitoring systems allow security measures to be automated and networks to be secured independently of manufacturers.

Fingerprinting

This technology creates a unique digital fingerprint for each end device based on characteristic features, reliably preventing MAC spoofing and unauthorized access. Multi-fingerprinting, comprehensive protocol support, and automated rules ensure a high level of security comparable to 802.1X, but with significantly greater flexibility. This also applies to devices that do not support certificate-based authentication.

Device detection

ARP-GUARD provides complete transparency of all devices on the network, records their connections in real time, and displays the information in a graphical topology. The integration of SNMP, automated queries, and reporting enables efficient network monitoring, rapid troubleshooting, and compliance with audit and review requirements.

Network segmentation

This allows networks to be segmented centrally, independently of manufacturers, and automatically, clearly separating and protecting sensitive and public areas. Devices automatically receive the appropriate VLAN across locations, while captive portals, flexible rules, and central management enable simple and secure handling.

Sensor management

Enables centralized, highly scalable management of distributed networks with an unlimited number of sensors, making it particularly suitable for companies with multiple locations. Enterprise Management extends this flexibility to global organizations with typically over 100,000 end devices in multi-tenant environments.

Modular Extensions

Captive Portal

Enables secure and controlled allocation of network access for guests and BYOD devices, which can be individually restricted by rules. It can be used across locations, is fully customizable to the corporate design, and supports convenient procedures such as self-registration or sponsorship.

Cluster Management

Ensures highly available, uninterrupted operation of critical IT systems through automatic server replication and geo-redundant failover. In the event of a failure, a replacement system seamlessly takes over all functions, ensuring maximum system security and availability.

Endpoint

Checks endpoints agentlessly, within the network, during authentication for compliance and security policies such as antivirus status or patch level. Non-compliant devices are automatically isolated until they meet the requirements, ensuring network integrity down to the endpoint.

Enterprise Management

Centrally controls multiple independent instances, allowing configurations, policies, and log data to be synchronized and managed across locations. Local systems remain self-sufficient, while multi-tenancy, single sign-on, and centralized security monitoring support operations in large, complex network environments.

LAYER 2 IPS

Monitors network traffic in real time, detects man-in-the-middle attacks such as ARP poisoning or MAC spoofing, and automatically defends against attacks according to defined rules. This ensures a high level of protection against internal threats and maximum transparency regarding the sources of attacks.

Client Guard

Enforces compliance policies even for endpoints used outside the company network. It collects device information, evaluates security statuses such as installed software and version levels, and, controlled by central rules, decides whether to grant or block remote access, ensuring a high level of protection even for remotely used clients.

Network security – Made in Germany – since 1999

With ARP-GUARD, one of the world's first solutions for network access control, companies retain full control over their network access and data – and secure their digital sovereignty, independent of third countries and other regulations outside the EU. The solution is "Made in Germany" and stands for the highest level of IT security and data protection compliance, reliably supporting compliance with local legal requirements. Together with over 50 sales partners and five technology partners from Germany, France, and Italy, ARP-GUARD sees itself as the European standard for resilient network security.

Logo IT security made in Germany

Become part of the LANCOM IT Security Ecosystem

Portrait photo of Andreas Balmes, LANCOM Systems, Head of Business Development

In the LANCOM IT Security Ecosystem, we bundle solutions that secure Europe's digital future. Become part of this alliance and position yourself as a trusted player in demanding IT security projects.

Andreas Balmes
Business Development
andreas.balmes@lancom.de
Tel.: +49 2405 49936 527