Lessons Learned from a Successful Device Visibility Deployment: Major College Shares Their Experience

In higher education, the students and faculty are the customers. Therefore, the most important mutual objective for IT is to invest in technologies that create an environment for student success, including the ability for its faculty, staff and students to use any device to facilitate learning.

by Shawn Rodriguez, ForeScout Technologies / June 25, 2018 0
Shutterstock

In higher education, the students and faculty are the customers. Therefore, the most important mutual objective for IT is to invest in technologies that create an environment for student success, including the ability for its faculty, staff and students to use any device to facilitate learning.  The IT team at one of the largest colleges in the U.S. (student population of more than 68,000) has three main goals: (1) ensure that their information assets remain adequately protected, (2) minimize threats on the network, and (3) strengthen operation availability. The first step in achieving these goals was to gain visibility into all of the devices connecting on the network.

The college’s IT team reviewed several solutions, even considering limited products from their existing wired and wireless network vendors, but in the end sought the differentiation of a true visibility platform.  After an extensive review process, the team ultimately selected the ForeScout platform for several key reasons.  First and foremost, ForeScout did not require agents. The IT team also saw that CounterACT’s ability to deliver full network visibility into the devices on the network as well as its extensible policy enforcement capabilities added great value beyond the competition. Finally, ForeScout would allow them to integrate with other security solutions already deployed using off-the-shelf integrations allowing them to further leverage the investment in CounterACT.

ForeScout has given the IT team visibility into the devices connecting to college’s network and allows them to immediately spot trends and details they otherwise would have missed. For example, before installing ForeScout, they did not realize how many devices were actually connecting and were floored by the actual numbers. The ForeScout platform identifies how many people are logged in using a single individual’s user account across the entire network from which the IT team can identify suspicious behavior. In one instance, the college’s IT specialist noted that he saw some user accounts logged in from more than 20 separate machines, thereby alerting IT and triggering them to assess if those users were handing out their login credentials or if someone was actually gaining unauthorized access.

A variety of viruses and email bots have successfully been blocked without interfering with the learning environment by using the virtual firewall technology.  The solution can block off infected or compromised email inboxes, mainly on student devices, while still allowing the end user to surf the Internet or do work. Before ForeScout, IT had no way to take action without doing so directly from the firewall. Now, with ForeScout communicating to all of their switches, as well as the wireless controller, IT can easily block the port of the specific computer originating a type of network violation or spam.

The college has also benefitted from the ForeScout off-the-shelf integrations which allows CounterACT to exchange information with other security solutions and enable these solutions to invoke ForeScout network enforcement and endpoint remediation capabilities. Currently, the college integrates its ForeScout solution with its QRadar SIEM system, allowing the IT and information security teams to see real-time device and user information sent by ForeScout. IT can now take action on any suspicious behavior they’re seeing and use ForeScout to perform network isolation or simply send message pop-ups communicating to users they are breaking the school’s acceptable use policy.

With ForeScout, IT is on the right path to accomplish their three mains goals. In little time, the college went from very little visibility to complete visibility and control, reducing substantial risk and increasing time-savings. IT can now immediately see the device type, the connected user, opened ports, running processes, vulnerabilities and security issues on every device on the network. This is real-time visibility without having to run an independent scan or report. The ForeScout platform’s total visibility has allowed the college to plan strategically for the future. 

 

Author

Shawn Rodriguez
Regional Vice President, U.S State & Local Government and Education
ForeScout Technologies Inc.