As back-to-school season arrives, thousands of students are bringing their own computers, smartphones, tablets and gaming systems, further testing colleges’ network security. Increasingly, universities are looking at ways to enable greater accessibility while maintaining acceptable usage policy. Offering an easier, more flexible and cost-effective approach to network access control (NAC), institutions are deploying ForeScout CounterACT to gain complete visibility and control of every device and user connecting to the networks.
Universities were the first enterprises to take on Bring Your Own Device (BYOD) security challenges as these organisations support university-managed systems as well as a diverse range of unmanaged student devices. By their very nature, education networks are more open and susceptible to malware, unauthorised access, data leakage, breaches and availability risks. For nearly a decade, CounterACT has helped schools gain operational intelligence and policy-based control for all devices, users, systems and applications attempting to connect to an enterprise network – wired or wireless, managed or unmanaged, PC or mobile. With CounterACT, schools can seamlessly achieve continuous monitoring and mitigation of all endpoints while upholding end user experience and infrastructure integrity.
ForeScout CounterACT offers many distinct features for universities, colleges and schools managing network threats from personal and gaming devices in the BYOD era, including:
* Rapid deployment: CounterACT appliances work with your existing wired and wireless infrastructure and offer installation wizards and numerous plugins to streamline integration. Since CounterACT operates out-of-band and starts in monitor-only mode, you can quickly install the system and gain operational insight to all users and devices on your network in real time.
* Agentless visibility: ForeScout CounterACT lets you automatically identify, classify and apply policy to all network devices without requiring the installation of agents and without any prior knowledge of the endpoint.
* Flexible policy enforcement: CounterACT ships with numerous policies out-of-the-box and offers a more flexible approach to understanding security posture, changing unacceptable behaviour and enforcing policy depending on role, device and exposure. For example, it can inform users if they are not meeting policy, enable users to take corrective action or directly attempt to remediate issues. It can also instantly block unauthorised systems consuming resources in student labs.
* Smart guest management: As an alternative to security policies that enforce network access based on device type or offer basic guest registration, ForeScout CounterACT includes advanced guest management capabilities that allow you to collect more details about the student and their devices, share this information with other systems, incorporate authorisation procedures and enforce a broader range of guest controls.
* Continuous monitoring with built-in threat prevention: Devices on your network are continuously monitored to ensure that they remain compliant with the university’s security policies. CounterACT’s patented ActiveReponse technology identifies zero-day and targeted attacks, and if attempted, ForeScout can automatically block the attack and can contain malware propagation. Furthermore, CounterACT’s unique virtual firewall feature allows dynamic endpoint isolation without requiring changes to network switch ACLs.
* Bi-directional interoperability: CounterACT integrates with the broadest array of leading network and wireless infrastructure, security and log management, endpoint protection suite and mobile device management (MDM) vendors. Leveraging this integration, ForeScout can obtain and share a broad range of endpoint configuration, event and policy compliance details and receive information to manage access, mitigate threats and remediate problems. As a result, institutions optimise their investments and resources.
These features were compelling to Rollins College in Winter Park, Florida. The school testified to the effectiveness of CounterACT in understanding and securing its network after abandoning an unreliable, time-consuming competitive product. Pat Schoknecht, the school’s CIO, explained in this video that she chose CounterACT because it was an easy transition from her old product, enabled roles-based control and preserved the user experience. With CounterACT, they kept up with new device trends to help prepare their policies and can now isolate compromised users from infecting the network. Additionally, their technicians no longer spend all their time supplementing what their former NAC product lacked.
“Interestingly, we recently had a spear phishing attack, and we used CounterACT to create a virtual firewall that then allowed us to notify that user that their machine was compromised and to bring it to the help desk,” said Schoknecht. “We’ve also seen some very direct return on our investment by a decrease in help desk calls.”
New York Law School (NYLS) chose ForeScout CounterACT for its multi-factored, roles-based device authentication and seamless integration with its existing wired and wireless infrastructure. NYLS found CounterACT easy to administer and deploy with tailored registration of its nearly 1,500 students and 200 faculty members. Immediately after deployment, the NYLS IT staff could easily monitor and inventory systems while allowing for flexible enforcement and the ability to thwart zero-day threats.
“ForeScout CounterACT has been a win-win for IT and for our student community,” said Pete Trimarchi, technical director at NYLS. “The visibility and security CounterACT affords us are huge as it has reduced our operating costs, cut down the number of calls to our help desk and enabled our technical support team to focus on more challenging and rewarding work. Furthermore, by improving our help desk response times and helping our students and employees operate a more secure endpoint, our overall customer service ratings have improved and continue to move upwards.”
Another success story comes out of Marquette University, the largest private university in the state of Wisconsin with more than 11,000 enrolled students and nearly 3,000 employees. Marquette determined that ForeScout would centralise, and be able to enforce, its access security policies without requiring additional security staff or upgrading the network. CounterACT monitors all network access, offers autonomous operation with little intervention and provides a simple method to mitigate threats.
“Since our initial installation of the CounterACT appliance, we’ve increased the number of appliances managing our access and endpoint security – all centrally administered through a CounterACT Enterprise Manager,” said Justin Webb, security analyst, Marquette University. “Even though there may be as many as 14,000 connected devices – including mobile phones, personal devices and gaming consoles – we are still able to manage the entire infrastructure using just one CounterACT management console.”