Granarolo Group Advances Network Defences and Achieves Operational Savings via ForeScout CounterACT
– Roberto Poli, CTO at Granarolo Group
- The Granarolo Group, a leader in the Italian manufacturing sector and the country’s largest dairy provider, operates a heterogenous IT infrastructure, comprised of thousands of systems, a mix of wired and wireless network technologies, and distributed industrial and office structures.
- Increasing network complexity; the wide variety of users and device types including notebooks, smartphones, laptops and iPads: together with an ever-changing threat landscape prompted the company to look for a network access control (NAC) solution.
- Solution needed to advance the Group’s security procedures, in order to maintain defences, compliance and operational performance.
- Granarolo has seven sites, serving over 5000 endpoints.
Granarolo’s information security provider, Yotta Tecnologie, recommended ForeScout’s automated security control platform, CounterACT.
- Granarolo tested other market leading NAC solutions too, but chose CounterACT because it was more flexible, addressed more of the company’s network security requirements at a lower total cost of ownership, whilst also delivering on access and mobile security needs.
- Roberto Poli, CTO at Granarolo Group, said,
“We were concerned that the deployment of a NAC solution might disrupt network operations and levels of end user productivity. This has not been the case at all: since installation, ForeScout CounterACT has been quietly and effectively doing its job, plus it is extremely easy to manage. We had it up and running in no time, the interface is very good, and it has had no problem handling the diversity of our network. This has helped our IT team significantly reduce the amount of time spent building up defences and subsequently tackling security issues.”
- Seamless deployment and easy administration:
Roberto Poli, CTO at Granarolo Group, said, “We were concerned that deployment of a NAC solution might disrupt network performance and levels of end user productivity. This has not been the case at all: since installation, ForeScout CounterACT has been quietly and effectively doing its job, plus it is extremely easy to manage. We had it up and running in no time, the interface is very good, and it handled the diversity of our network. This has helped our IT team significantly reduce the amount of time spent building up defences and subsequently tackling security issues.”
- Endpoint compliance and guest networking:
Moreno Selmi, Security and Network Administrator at Granarolo, explains, “We can set policies for who and what corporate devices are allowed on our network and the security configuration of those devices. We also have to consider guest management. Non-corporate devices such as contractor notebooks, tablets and smartphones are classified and blocked by a virtual firewall and redirected to our ForeScout HTTP portal. Here, the user must complete a form before being granted access to the network by a member of our IT team and we can segregate that access from other parts of our network. The product’s policies are built in and very easy to customise so it supports our compliance requirements well.
- Threat prevention:
Since ForeScout assesses the security posture of all devices before and after they get on to the network, this reduces possible gaps in endpoint security. Further, ForeScout CounterACT includes a built-in threat prevention mechanism called ActiveResponse. This protects Granarolo against viruses, worms and other zero-day threats, as it continuously checks the behaviour of all devices on the network, whether corporate-owned or non-corporate. Selmi adds, “The software protection on end user devices can be affected for various reasons and that presents a problem. With CounterACT, we can better manage this risk since the system can locate and help fix these issues without our IT staff having to spend time on such matters.”
- Time and cost savings:
Roberto Poli said, “CounterACT gives us all the visibility and security information we need to control our network, and – ultimately – ensures the best possible levels of security for our business. In addition, since installing CounterACT, we have further reduced internal security threats and enhanced our compliance programs while saving 50% in related man hours – making for very rewarding results, including an annual cost saving of €20,000.”