Kutztown University

View Kutztown University Case Study

“CounterACT provides superior visibility into the network and performs continual monitoring which allowed us to move from a pre-connect to a post-connect compliance model giving us flexibility to enforce policies which results in a better user experience.”

— Bill Eben, Coordinator of Residential Computing, Kutztown University of Pennsylvania

Challenge:
  • Kutztown University of Pennsylvania has approximately 10,700 full- and part-time undergraduate and graduate students. The network serves 4,400 students living on campus, providing wired and wireless access for a myriad of network devices that includes laptops, tablets, smart phones, game consoles and cell phone signal boosters.
  • Detect and monitor over 6000 devices connecting to the student network.
  • Protect against viruses and prevent malware from running rampant on the network.
  • Identify insecure devices in real-time and facilitate remediation.
  • Provide a flexible way to deny access and enforce endpoint compliance with security policies.
  • Out-of-band NAC solution that would integrate with existing infrastructure, support a wide variety of antivirus programs and client operating systems and allow the university to fully leverage its core routers.
Solution:
  • Kutztown University conducted an intensive evaluation of five NAC products and chose ForeScout CounterACT because it was the only solution that met all of its requirements.
  • Two ForeScout CounterACT appliances protect 4,400 students on the campus residential network, including all their game consoles, laptops and smartphones. An initial rollout to 100 summer students allowed for new policy creation before full deployment in the Fall Semester.

“We were looking to replace an existing in-band NAC solution with an out-of-band NAC product that would play well with everything on our network, support a wide variety of antivirus programs and allow us to fully leverage our core routers. As a result of the product evaluations, we determined that a solution based on 802.1x would not be a good fit. We quickly realized that getting all of the students’ computers configured correctly for 802.1x would have been very difficult. Installing ForeScout CounterACT was extremely easy and we were up and running within a day. Plus, we really liked that it didn’t require any changes to our existing architecture, which includes Avaya/Nortel switches and routers and MERU wireless controllers.

Results:
  • Complete Visibility

Kutztown University installed two ForeScout CounterACT appliances and gained complete visibility to over 6000 devices. “The nice thing about ForeScout CounterACT is the profiling of devices. Before we installed CounterACT, students would connect devices to our network, but we weren’t really sure what the device was. ForeScout CounterACT profiles the devices, so we know exactly who and what is on our network.”

  • Threat Prevention

CounterACT continuously monitors endpoint devices to ensure they remain uninfected. “Before CounterACT, as long as a student never logged out, we would never know if their device had become a risk to the network. ForeScout tells us instantly if a device becomes non-compliant, allowing us to take action to protect the student and the network.”

  • Time Savings and Reduced IT Stress

“With our previous NAC setup, all end points had to be 100% compliant to be granted network access. This put considerable stress on our help desk during the first few weeks of the semester as we had to deal with hundreds of compliance issues on top of the normal calls you can expect from 4,400 students moving in at the same time. Because CounterACT provides such superior visibility into the network and performs continual monitoring, it allowed us to move from a pre-connect compliance model to a post-connect model. The result is that we greatly reduced the spike in help desk traffic at the start of the semester without losing control of the network.”

  • Excellent User Experience

“CounterACT greatly enhances our ability to communicate with students. As a result, we decided to ease our requirements during move-in. We permit students with out-of-date antivirus software to access the network, and send regular reminders that they need to update their software to avoid service interruption. This results in less frustration and a better user experience for students, some of whom may be only slightly non-compliant.”

  • Policy Enforcement

“CounterACT adds flexibility to the way we enforce policies and ensure compliance. Windows computers are required to have antivirus software no more than two weeks old. After the move-in period, we increase the frequency of reminders and block only those students who continue to ignore the notices. When CounterACT identifies outdated or disabled antivirus software, it automatically redirects the user to a browser compliance check page that contains remediation instructions.”

 

View Kutztown University Case Study in PDF