Financial Network Access Control | Network Security for Financial Services | NAC

By: Forescout  09-12-2011
Keywords: Security, Access Control, financial institutions


Financial institutions choose ForeScout for strong network security

ForeScout helps financial institutions protect confidential data, demonstrate compliance with regulations, and prepare for IT audits in a cost-effective, efficient manner.

The Challenge

If you are responsible for IT security at a financial institution, you face several unique challenges due to the amount of sensitive data on your network:

The Business Challenge
  • Preserve customer trust by protecting data privacy
  • Demonstrate regulatory and security policy compliance
  • Improve security posture while reducing total cost of ownership
Technical Challenges
  • Control access to confidential data
  • Measure effectiveness of security controls
  • Guard against targeted malware threats

Traditional network security focuses on blocking external attacks with firewalls and intrusion prevention systems (IPS). But today, almost all serious data loss events occur from the inside. Can zero-day attacks and advanced persistent threats scan your network to glean information? Can rogue wireless access points extend your network without your knowledge?

Traditional endpoint security systems (e.g. antivirus, personal firewalls, patch management and encryption) are also important. Is every one of your security systems 100% deployed and operational?   Unaware of their blind spots, agent-based systems typically over-report their own level of deployment, often by 10% to 15%. In spite of your best efforts, you probably have a gap in protection, and you’re not getting the protection you paid for.

ForeScout’s Solution

Numerous financial institutions use ForeScout CounterACT to protect their networks, measure compliance with security policies, and save money.

ForeScout CounterACT reduces the risk of data breaches and malware attacks that would otherwise put your business at risk. And it helps monitor and improve the effectiveness of your security policies, so you can demonstrate compliance with industry regulations such as PCI DSS, SOX, GLBA, FINRA, BASEL II and more.


The features which make ForeScout CounterACT uniquely suited to address the challenges of financial institutions are:

Complete Network Visibility
  • Automatically detect every connected system, user, application and peripheral device
  • Monitor all devices before and after they connect to your network, continuously
  • Detect hidden infrastructure such as unauthorized wiring hubs and rogue wireless access points.
  • Gain deep visibility into connected systems – type of device, operating system, patch level, location, applications, and user name.
Network Access Control
  • Quickly create and enforce access control policies with a range of alerting, remediation and enforcement options
  • Disable rogue wireless access points
  • Block unknown computers from accessing sensitive portions of your network.
  • Grant network access based on the user’s identity and the roles that you have defined in your directory.
Data Security
  • Apply network access policies that allow only authorized users to access the parts of your network with sensitive data.
  • Detect and disable rogue USB devices to prevent loss of financial data
  • Control who uses P2P applications, smart phones, etc.
  • Ensure that every endpoint is compliant with your security policies – antivirus, DLP, encryption, patch level, configuration, etc.
  • Identify and fix non-compliant devices without user involvement
  • Measure compliance with internal policies, helping you prove compliance with regulations like PCI DSS, SOX, GLBA, FINRA, SEC 17a-14, BASEL II and more.
  • Create on-demand or scheduled reports for management and audit
Threat control
  • All ForeScout products include ActiveResponse™ technology which blocks both known and unknown attacks with 100% accuracy. This unique technology does not require signature updates or other forms of maintenance, so it requires zero maintenance. And since ActiveResponse does not suffer from false positives, you can confidently activate ForeScout’s threat prevention system inside your network in full blocking mode.   ForeScout products provided zero-day protection against Conficker and Zeus.


ForeScout CounterACT’s unique security automation gives you an unbeatable combination of improved security, cost savings, and productivity gains.

Improve security
  • Reduce risk of infection by ensuring that endpoints are properly configured, antivirus is properly running and updated, vulnerabilities are patched, and the latest versions of software is installed.
  • Reduce risk of data loss by ensuring that encryption and DLP agents are running properly. Ensure that users are not able to run unauthorized applications or peripheral devices (e.g. USB memory sticks).
  • Reduce risk of the unknown. Detect and monitor use of unmanaged devices such as smartphones, tablets, USB interfaces, and printers.
Save money
  • Avoid penalties of lost data. A secure network, with secure endpoints, is less likely to lose data. Avoid the regulatory fines and devastating impact to your corporate reputation.
  • Extend the life of your firewalls. ForeScout’s ActiveResponse™ IPS technology is extremely scalable and requires very little processor overhead. Installing CounterACT Edge in front of your traditional signature-based IPS systems and firewalls (which are very processor-intensive) will reduce the load on these systems and extend their useful lives.
Save time
  • ForeScout’s advanced automation operates without the need for manual intervention by IT administrators or users.
  • Realtime data and reports show you problems on your network right now, letting you take action while the problem still exists.
  • By improving your endpoint security posture, you will suffer fewer infections and avoid time-consuming drills to repair infected workstations
Avoid disruption
  • Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.
Low cost of ownership
  • Unlike traditional agent-based security systems, ForeScout CounterACT is a simple appliance that installs on your network.   It requires no software installation.   It can be deployed and functioning in one afternoon.
  • Lowest TCO of any NAC solution on the market
  • Vendor-neutral, infrastructure-independence eliminates need for expensive upgrades and prevents vendor lock-in
Gain 100% coverage
  • Unlike traditional agent-based security systems, ForeScout CounterACT allows you to enforce security policies on every device on your network–known and unknown, managed and unmanaged, corporate and personal.
100% compatible
  • ForeScout CounterACT works with what you have–all your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems. We take what you have and make it better.
Accelerate results.
  • ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.

Keywords: Access Control, financial institutions, Industry Regulations, Network Access, network security, Policy Compliance, Security,

Other products and services from Forescout


Government Network Access Control | Federal Government Policy Compliance

ForeScout CounterACT is a network security appliance ideally suited to help local governments and Federal agencies control network access, protect sensitive data, and comply with regulations. Government agencies have several unique characteristics that make network security very challenging.


Military Network Access Control | U.S. Department of Defense Port Control

The requirement for port-based network access control is contained in the Security Technical Implementation Guide that is published by the United States Defense Information Systems Agency. ForeScout CounterACT is a military-grade security product ideally suited to protect the network infrastructure of the U.S. Department of Defense.


Solutions Overview | ForeScout

With ForeScout, organizations can accelerate productivity and connectivity by enabling people to access corporate network resources where, how and when needed without compromising security. ForeScout Technologies is a leading provider of automated security control solutions for Fortune 1000 enterprises and government organizations. Learn more about how we deliver value by industry and purpose.