Austrian Post AG

View Austrian Post AG Case Study

Austrian Post AG Deploys ForeScout CounterACT to Secure Head Office And Multiple Networks

“ForeScout CounterACT saves our IT team costs and increases efficiency – and we save the time that would otherwise have been spent monitoring the network and more manually responding to security issues with connected devices – and that’s a real benefit.”

–  Michael Zatl, Network Manager at Post AG

  • Austrian Post is the leading logistics and postal services provider in Austria. Approximately 23,000 staff work at Post AG within its head office, six parcel distribution centers and seven mail distribution centers, 1,250 franchise partners, 275 service bases and 620 customer branches. The head office had difficulty meeting security requirements because it had several entrances that were difficult to monitor. There was a risk that unauthorized persons might enter the building and gain access to the IT infrastructure.
  • Reliably protect Austrian Post AG’s network against unauthorized access.
  • Automatically enforce endpoint compliance policies to all users and their devices accessing the network –  without requiring agents.
  • Increase efficiency for Post AG’s IT team by pre-empting threats and resolving security issues with reduced IT intervention.


  • After assessing leading NAC alternatives, Austrian Post chose the ForeScout CounterACT automated security control platform. Compared with other solutions they looked at, ForeScout CounterACT provided the best range of functionality, usability and scalability at a competitive price. Another compelling factor was ForeScout CounterACT’s extremely low cost of implementation.
  • ForeScout CounterACT enforces network access policy and provides real-time device intelligence and compliance to detect threats, eliminate violations and stop suspicious activity before it is able to cause any damage.
  • “Not only did it support real-time device detection and assessment without requiring agents, but it proved to reliably recognize any device on the network behaving suspiciously. ForeScout CounterACT also offered Post AG the required network segmentation and endpoint compliance, including broad WLAN-VPN support, dynamic quarantine of any devices that were unauthorized or did not adhere to Post AG’s security policies and comprehensive reporting capability – all of which were decisive criteria.”
  • Separate Guest Access
    ForeScout CounterACT automatically detects guests and unknown devices that are trying to connect to Austrian Post’s network, and immediately isolates them. This means that although external devices are granted internet access, they cannot gain any access to the organization’s data or to the information stored on its network.
  • Network Transparency
    Beyond detection of guest devices, ForeScout CounterACT enables Post AG to obtain a dynamic and comprehensive overview of all authorized users and their devices on its network and to check whether they meet the organization’s predefined security policies. Is anti-virus software active and fully updated? Have patches been installed? Which other applications are running on the device? In this way, Post AG can ensure that its IT infrastructure meets all compliance requirements, on every floor in the building, down to the very last switch and cable.
    “When we moved into our new head office, the first thing we installed in the new network was ForeScout CounterACT. Deployment took very little effort as it is easy to install and administer, and works well within our environment. We were then able to fully monitor all the other devices as they got moved into the new building and connected.”
  • Automated Defenses
    “As soon as ForeScout CounterACT identifies a suspicious device, it automatically isolates the device from the rest of the network, and the IT team is notified. Beyond receiving alerts, Austrian Post’s IT team monitors the ForeScout CounterACT dashboard regularly, and weekly reports ensure that nothing on the network escapes their attention.” Post AG is so convinced of ForeScout CounterACT’s benefits that it is now planning to expand its use across the distribution centers too, which can be centrally managed through one ForeScout CounterACT Enterprise Manager appliance.
  • Network Segmentation With Uniform Policy Management
    “Post AG operates a large number of different networks, some of which overlap. These include developer LANs, the LANs belonging to the subsidiary companies, test beds and the guest network. ForeScout CounterACT helps to monitor access to all these networks, enforces standardized access policy and provides strong protection against hacking attacks. Since ForeScout CounterACT does not require agents and offers the means to easily administer uniform policy across multiple appliances and networks, it can readily maintain control as users move to different LANs — without impacting user experience.”