Banks are asking employees to do more with less now as they try to cut operating costs, and bring-your-own-device policies can enable employees to be far more productive. But the threat of data breaches looms large over the industry, and more employee devices connected to a bank’s internal network inevitably increases vulnerabilities, making access control pivotal for any bank considering a BYOD policy.
For St. Paul, Minn.-based Bremer Bank (with $8.7 billion in assets) finding the right balance between network security and enabling employee productivity with BYOD had been a major challenge prior to its implementation of ForeScout CounterAct for network access control in 2012. The bank’s previous solution often disrupted employees’ ability to work from their mobile devices, as it was prone to identifying approved devices as intruders, shutting off their access to the network. Maintaining the network access control solution was also a difficult challenge that required help from multiple IT teams, which still wasn’t enough to prevent unplanned outages.
“We experienced frequent incorrect identification of devices. The inability of the tool to work properly created significant business downtime. This led to frustration for our business,” says Joe Thornell, a security technical architect at Bremer who is responsible for security of internal networks.
Recognizing the need to eliminate that downtime while still keeping networks secure, Bremer replaced the solution with ForeScout CounterAct. The bank picked the solution because it offered extra features that the bank had not included in its initial criteria, such as built-in threat protection and interoperability with Bremer’s other security systems, thanks to ForeScout’s ControlFabric technology.
CounterAct also proved to be a much more reliable system that was easier to maintain, as Thornell’s team was able to manage the system on its own and resolve any issues or false positives, he tells us.
“It was very important that we offer a good user experience… We needed the new solution to help fix the negative perception that the original one had created. ForeScout fit the bill, and we chose it almost immediately.”
[For more of our BYOD coverage, check out: The BYOD Challenge.]
In addition to the increased reliability and better experience for end-users, CounterAct also provides Bremer Bank with better security controls and benefits. The solution provides real-time visibility across all of its networks for real-time inventory intelligence. It also provides tools for automated real-time actions to secure networks; and enables management of corporate, non-corporate, and guest devices with granular controls that can segment and block unauthorized devices or applications, Thornell says.
CounterAct also delivers better security in the face of the more sophisticated cyber attacks that banks are increasingly faced with, according to Thornell. “It helps prepare and protect Bremer’s network by providing a non-pattern file, non-signature-based level of defense against things like zero-day threats. It is also able to suppress propagating worms such as Conficker without deep packet inspection.”
But CounterAct’s interoperability with other solutions might be its strongest benefit for the bank, as that interoperability helps build a more secure overall environment for its network and employees looking to access it. That kind of an environment is the key to balancing employee productivity and security in today’s threat landscape, Thornell says.
“It’s important to remember that one solution or device does not fit all. Utilize and leverage your environment as a solution to deliver and enable what is needed while remaining secure.”
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio