Kansas-based Meritrust Credit Union has selected ForeScout's CounterACT network access control (NAC) system to bring additional network security to its headquarters and branch locations, gain visibility into all network-connected devices and protect itself from the possibility of rogue devices accessing networks or information. CounterACT gives the IT team one dynamic view of the entire 15-location network and its 2,000 connected devices. It also allows them to implement their security policies and provides the capability to remediate unapproved devices or those that deviated from policy.
ForeScout CounterACT provided value to Meritrust from day one. “As soon as we turned the system on, we were stunned to see how many devices we actually had on the network,” said Brian Meyer, information security officer at Meritrust. "These endpoints were noted in our static device lists, so it’s not that we didn't know of these devices; it was the capability of seeing them all in detail on one pane of glass that was empowering. We were able to move from ‘we think we have 2,000 devices in static lists’ to ‘we know we have 2,000 devices that meet our network access policy requirements.’ Plus it brought new perspective as we could clearly see how many devices were on each segment. It allowed us to more easily track and categorise assets and apply and remediate policies to all these devices, which helped us to secure the physical layer at every location. That was huge for us.”
The key reason Meritrust chose ForeScout CounterACT was its flexible and agentless approach to policy control. Explaining this advantage, Meyer stated, “In a banking environment, there are a lot of thin clients such as teller machines and embedded devices. With these systems, any extra overhead, such as installing an agent, could adversely impact performance and slow our ability to service customers. Additionally, we wanted to avoid the management nightmare of installing and maintaining an agent on each device.”
Other factors in the choice of CounterACT included its support for multiple network switch and infrastructure vendors, ease of installation and its “listen only” mode, a passive testing feature that made the deployment process risk-free, simple and unobtrusive by enabling the team to confirm all the policies were correctly configured and validated in advance of the full activation.
The Meritrust IT team cited several other benefits of using CounterACT:
* Management: Once all endpoints were visible, the team found a fair amount of older equipment housed in relatively inconspicuous places that were not accurately tracked; with ForeScout CounterACT, the team knows exactly where and which devices are on the network, and they have peace of mind knowing that all devices are properly managed
* Real-time protection: If a new device attaches to the network, it is first classified, blocked and then reassigned to a quarantined area; based on predefined policies, the system then quickly determines the device’s security posture and checks whether the device is allowed on the guest or the production network
* Time savings: Not only does CounterACT keep the credit union’s networks secure, it also saves many man-hours since security, compliance and other processes are now automated; before deploying CounterACT, the Meritrust team would spend a full day tracking down information in preparation for an audit; today, the Meritrust team can automatically enforce endpoint security policy and simply click a few buttons to quickly generate a compliance report
* Monitoring: CounterACT is used for threat protection to mitigate malware attacks by using the system’s built-in behaviour-based intrusion monitoring capability; any public-facing systems such as lobby devices and kiosks are closely monitored for endpoint compliance; any deviation from the desired configuration state is flagged for an immediate response
* Faster Help Desk service: The Help Desk uses the CounterACT Web portal to determine basic device location and configuration information to facilitate service tickets, expedite troubleshooting calls and help technicians quickly resolve issues, resulting in improved customer satisfaction; the team can now find systems even when the caller provides only partial information and readily see any device and issue from the CounterACT management screen