ForeScout Technologies, Inc. has announced that Kredi Kayit Burosu (KKB), the first and only credit bureau in Turkey, has deployed ForeScout CounterACT™ to ensure that all notebooks, laptops and workstations connected to its network are used by the legitimate corporate user; as well as to automate security controls, mitigate risks and react faster to security incidents.
KKB was founded by nine major Turkish banks in 1995. Reducing financial risks for numerous sectors – including banks, car rentals, house rentals and households – the credit bureau has one million members regularly using its internet portal; it dealt with 500 million enquiries during 2014.
Compliance and cybersecurity of sensitive financial and personal information are fundamental to KKB’s reputation as a trusted service provider. In line with this ethos, KKB required a solution to gain more comprehensive network visibility and network access control (NAC) for its 300 employees and 400 endpoints.
Ali Kutluhan Aktaş, Head of Information Security/Risk Management at KKB (Credit Bureau of Turkey), said, “We needed a NAC solution that was fast to deploy, without any risk of business interruption. In addition, it needed to support our mixed Aruba and Cisco IT infrastructure. ForeScout CounterACT offered us all of this and much more – including impressive integration capabilities with our existing FireEye and ArcSight security tools.”
When it began the search for a solution to increase network visibility and security controls, KKB approached Symturk, its information security consulting partner. Symturk recommended ForeScout CounterACT™ and offered an on-site Proof of Concept (PoC).
Aktaş commented, “We chose ForeScout partly because we have a mixed IT infrastructure but also because we needed a fast and easy-to-install solution: ForeScout delivered on this. In addition, CounterACT is a unique platform with strong integration properties. The fact we could easily integrate it with other security products, such as FireEye, ArcSight and CyberArk, has enabled better visibility and cyber security protection within KKB, as we are able to access – and benefit from – the products’ combined security intelligence.”
How ForeScout Helped
Real-time Visibility of Devices and Vulnerabilities
Since deploying ForeScout CounterACT, KKB has gained much greater visibility of the endpoints on its network, and is able to continuously check the security posture of each device. Aktaş said, “Previously, if a port scan was taking place on the network – with the possibility of malicious activity – we could only identify that after the fact. With ForeScout, we can detect, look and block at the same time. In addition, CounterACT alerts us to security vulnerabilities as they happen, while also enabling automated endpoint remediation. This reduces the chance of human error.”
Policy Creation and Enforcement
Aktaş explained some of the custom security policies his organisation has created using CounterACT:
- “We have integrated ForeScout-ArcSight-CyberArk so that whenever a computer or laptop connects to our network, ForeScout checks its local admin age and, if it’s older than 45 days, ForeScout sends a CEF message containing the device’s name to ArcSight. ArcSight correlates this message within our custom rule and runs a script on an agent installed in the CyberArk server. With this script, CyberArk starts the password change process and, as a result, the password is successfully changed. This is an essential security measure, especially for those employees who regularly work off-site, away from the company premises.”
- “Using ForeScout CounterACT, we check domain admin credential hashes on client machines and if we find a domain admin login/credential hash on a workstation, we isolate the machine from the network. This ensures preventative control of pass-to-hash attacks. We also check local admin privileges on workstations: If the helpdesk gives unapproved local admin privilege to a staff member, we detect and isolate that endpoint.”
- “Via CounterACT we check data loss prevention services and, if they are not running, send a command to run them three times. If they still don’t run, or are totally uninstalled, we isolate the device. We also check items including disk encryption, p2p programs, suspicious behaviour and antivirus scan frequencies.”
Reduced Manual Overhead
One of KKB’s selection criteria was a NAC solution that optimised automated security controls, in order to reduce manual overhead, as well as risk. Aktaş commented, “Before ForeScout, we had to change passwords on notebooks and workstations manually for instance if an employee left the company, which took a lot of time. Via CounterACT we have created a custom policy linking ForeScout-ArcSight-CyberArk, meaning that the process is now automated. This allows us to save money, as well as ensuring better information security. By being proactive and automating this process, I estimate that we save multiple employee-weeks per year.”
Security Product Integration
ForeScout’s ControlFabric™ technology enables CounterACT and other IT systems to exchange information and mitigate a wide variety of issues. KKB capitalises on these opportunities by integrating CounterACT with its FireEye and ArcSight solutions.
The ForeScout-FireEye integration enables real-time monitoring and mitigation of enterprise risk associated with non-compliant and/or compromised endpoints. Advanced Persistent Threats, botnets and propagating malware in distributed and BYOD environments can be rapidly identified, verified and quarantined.
ForeScout’s interoperability with ArcSight SIEM (Security Information and Event Management) provides detailed information about endpoint security posture, allowing it to make better, faster and more informed decisions around endpoint-related security risks and compliance violations.
The ForeScout Difference
Key differentiators that contributed to KKB’s overall success:
- Security product integrations via ControlFabric architecture
- Ease of deployment/interoperability in multi-vendor environments
- Continuous monitoring and mitigation of security exposures and cyberattacks
- Real-time visibility of devices on the network
- Automated security and compliance controls; reducing manual overhead
Aktaş concluded, “We call ForeScout CounterACT the “Swiss Army knife” of our information security department, as it facilitates multiple, automated security checks and compliance controls in the most efficient way.”
John Hagerty, EMEA Director for Channels and Strategic Alliances at ForeScout Technologies, said, “From a recent survey we learned that companies, on average, use 13 different security appliances to secure their network and assets. Most of these appliances work in silos, collecting a lot a valuable data but not being able to share that with other appliances – nor being able to take action automatically. As a result the security operations team is overwhelmed with data, which they need to correlate manually before they can take action, losing valuable time and being very resource intensive. KKB is a great example of a customer that leveraged ForeScout’s ControlFabric technology to share information between different appliances and to take immediate action automatically.”