MACsec provides authentication by ensuring that only known nodes are allowed to communicate on the LAN. It provides confidentiality through encryption of the data so only end-points with the correct encryption key can see the contents. Integrity is provided through mechanisms that can detect any interference with data in motion. MACsec operates at the data link layer acting as a client of the Ethernet Media Access Control.

While the ability of MACsec to scale to high speeds is catching the attention of highly influential cloud service data centers, it can be overlooked that MACsec is equally attractive for deterministic Ethernet applications. Deterministic Ethernet networks often include compact devices like IoT, field devices, sensors or micro-cell radio units. These are designed to be low-cost and to use as little battery power as possible.