In With the Good, Keeps Out the Bad: Patelco Relies on NAC Solution
SAN FRANCISCO, Calif. -- Among the arsenal of security software and services deployed by Patelco Credit Union is a solution that aims to be polite but firm.
It's the CounterACT network access control (NAC) system from ForeScout Technologies Inc.
Attached to key servers in the credit union's two data centers, the CounterACT devices control who can access the network and how--whether it's a consultant on hand to do a presentation or regulators on site for audits or staffers granted various levels of access as part of their day-to-day jobs.
"Mainly people are just accessing the Internet, but whatever it is, pretty much everything flows through those two data centers, and with CounterACT we've got a pretty good global view of what's happening on our network," said John Shields, senior vice president and chief technology officer at Patelco. "And it does it without being too intrusive."
Shields oversees support and development for technology at Patelco, an enterprise with more than 500 staffers relying on telephony, LAN/WAN, PCs, servers and mainframe systems to serve more than 248,000 members, including more than 160,000 who bank online with the $4.2 billion credit union.
"A lot of people are accessing our networks for a lot of reasons," Shields said. "We need to be able to not only detect what's going on internally and prevent problems, but we also want to accommodate people, such as the contractor who might need access to the core system for some specific reason."
The CounterACT system screens the devices, decides if they meet the rules "and leaves a good audit trail to what actually happened while they were on the network," Shields said.
Patelco is one of about 35 credit unions among the more than 500 customers in 37 countries served by ForeScout, a Cupertino, Calif.- and Tel Aviv-based provider of network policy management technology.
"I do believe that one thing ForeScout has tried to do is keep the heart of the business at the heart of the product," said Nancy Renzullo at ForeScout Technologies.
Like many other solutions, CounterACT "interrogates" each device trying to access the network and grants or denies access based on programmed policies.
"Helping people get online and stay online and not have to be forced to walk through a lot of intrusion preventions and blocking dialogue when they're just trying to do their jobs. We believe that's our key differentiator," Renzullo said.
The solution also tries to be helpful, blocking access, if necessary, and then noting the possible presence of viruses or other online threats when they exist and "letting the person know that maybe their software is out of date or they have some other problems on their devices," Renzullo said.
Patelco is one of ForeScout's early adopters of the CounterACT solution, having used it in different iterations for six or seven years, Shields said, and will soon be deploying the latest upgrade of CounterACT, version 6.3.
True to the times, the upgrade is intended to help ForeScout clients meet the growing demands of compliance, especially payment card industry requirements that lay out a set of data security standards for the flow of data through the plastic payment chain.
"This new version is focused on some pre-configured policies and reports to help Patelco and other financial institutions with PCI compliance, in a way that's pretty much plug-and-play and customizable," Renzullo said.
The new release also will contain some new access controls that address USB-connecting devices such as flash drives, she said.
Shields said Patelco has been running a prior version 6.2 only for a few months and that the upgrade process "is pretty seamless and essentially involves downloading a new operating system."
CounterACT is one of a series of software and hardware solutions Patelco uses to ensure enterprise security, along with firewalls, intrusion detection and prevention technologies, anti-virus and anti-spyware software and anti-phishing services.
"Knock on wood, we haven't had anything happen anytime recently," Shields said. In addition to deploying tools such as CounterACT, "we do a lot of training," the Patelco executive said. "We don't allow employees to plug their own systems into the network either."
"All these are tools that add to our network security. Everyone understands it's important to have security around the network, but we want to keep it user friendly as we can, too."