WhiteConcierge Chooses Forescout CounterACT to Achieve Continued PCI DSS Level 1 Compliance
Cupertino, Calif. – May 18, 2011 – Forescout Technologies, Inc., a leading provider of automated security control solutions for Fortune 1000 enterprises and government organizations, today announced that WhiteConcierge, formerly part of Travelex and now Europe’s leading B2B lifestyle management and concierge service, has selected the Forescout CounterACT platform to help it achieve continued PCI DSS Level 1 compliance – the highest level of civilian data security in the world.
With financial institutions and high-street banks comprising the company’s core customer base, WhiteConcierge needed to protect their data to an extremely high level. They sought a Network Access Control (NAC) solution to gain further visibility and control over access to network resources and sensitive data.
Ben Sewell, head of Information Security & Technology at WhiteConcierge, said, “We chose Forescout CounterACT as it ticked all the right boxes in helping us to achieve certain elements of PCI DSS Level 1 compliance. Also, unlike the other NAC products we looked at – including Cisco – Forescout CounterACT provided the flexibility we demanded to fit our network environment and was easy to administer, which kept staff training time to a minimum. It has also helped us enormously in automating security policies and allowing us to draw excellent reports, which clearly explain, and demonstrate, our level of compliance.”
WhiteConcierge deals with all major cities around the world to satisfy diverse requests from the banks’ high net worth customers. Projects range from sourcing a camel for an Arabian-themed party in Zurich, to arranging a temporary passport and other critical documents for an executive whose handbag was stolen during a business trip to Morocco. Fast and secure cardholder data delivery is essential to implement such activities for people whose most important commodity is time, rather than money.
“It is not a legal requirement for WhiteConcierge to be a PCI DSS Level 1 compliant merchant – nor is it an easy thing to do – but we chose to be, to show customers how committed we are to protecting their data. Forescout CounterACT is therefore helping us to be at the forefront of our industry, and I can honestly say that we couldn’t do without it,” commented Sewell.
He added, “We were surprised by the fact that Forescout CounterACT provides advanced intrusion prevention and active defense mechanisms – to the point where it could easily be our primary IPS product, supporting our layered network security environment. Our QSAs, who are extremely stringent, have also been really impressed with the Forescout CounterACT platform, saying that it oversteps traditional NAC boundaries and provides more integrated and extensive network and endpoint security defenses.”
Examples of the PCI DSS Level 1 requirements that Forescout CounterACT is helping WhiteConcierge to achieve:
- PCI requirement 1 is, “Install and maintain a firewall configuration to protect cardholder data.” Forescout’s support of PCI monitors the firewall function by detailing all actual access made to the Card Holder Data Server Zone.
- PCI requirement 7 is, “Restrict access to cardholder data by business need-to-know.” Forescout CounterACT identifies users attempting to access cardholder information to which they are not granted access by their Active Directory group.
- PCI requirement 11.4 is, “A list of detected malicious activity.” Using Forescout CounterACT, a pre-defined action is available in the policy to automatically send an email to the administrator when a malicious activity is detected. Forescout’s patented ActiveResponse function can be set to automatically block malicious sources.
- PCI requirement 12 is, “A policy with a pre-defined action for exposing users to company policies on a regular basis.” With Forescout CounterACT, a pre-defined action is available to hijack hosts and require users to confirm that they have read the relevant company policy.
“Over and above solving WhiteConcierge’s original pain point of supporting PCI DSS Level 1 compliance, Forescout CounterACT also enables improved visibility of endpoint devices, strong reporting and bolstered network security infrastructure for them,” said John Hagerty, EMEA sales director at Forescout. “I am delighted that we have helped WhiteConcierge on so many levels, and we look forward to evolving with them as their innovative and fascinating business continues to grow.”
About Forescout Technologies, Inc.
Forescout enables its customers to unleash the full power of their network through enterprise-class security and control. Forescout’s automated solutions for network access control, mobile security, threat prevention and endpoint compliance empower organizations to gain access agility while preempting risks and eliminating remediation costs. Because Forescout security solutions are easy to deploy, unobtrusive, intelligent and scalable, they have been chosen by over 1,000 of the world’s most secure enterprises and military installations for global deployments spanning 37 countries. Headquartered in Cupertino, California, Forescout delivers its solutions through its network of authorized partners worldwide. Learn more at www.forescout.com.