Interview: Ali Kutluhan Aktaş, KKB

The ubiquity of personal devices inside the highly-regulated Credit Bureau of Turkey led its head of information security to seek a solution.

Rather than opt for the popular Mobile Device Management (MDM) solution, Ali Kutluhan Aktas, Information Security Manager at the Credit Bureau of Turkey (KKB) explained that MDM brings different solutions for mobile devices like iPads and iPhones, but ultimately they are outside of the company network.

Instead, Aktas opted for network access control (NAC). “NAC provides solutions when employees are connected to the corporate LAN,” he said. “At some points, NAC and MDM intersect, but in our company we have separated them as mobile devices (phones, tablets) are forbidden to connect to the WLAN.”

Speaking to Infosecurity, Aktas said that you cannot protect your network from devices you are not aware of, but every endpoint connected to the corporate network has NAC policies applied to it. He said: “If it is not compliant with our security policies e.g. DLP agent is not working or does not exist, then the endpoint is not accepted on to the corporate LAN until it has been totally remediated.”

Specifically, Aktas opted to deploy the ForeScout CounterACT platform, which incorporates plug-ins for FireEye and ArcSight to enable shared security intelligence and automated endpoint remediation actions.

The challenge was to ensure that all notebooks, laptops and workstations connected to its network were used by the legitimate corporate user to mitigate risks and react faster to security incidents. This had to be achieved with minimal disruption to business productivity. Seeking an agentless solution that is simple to use with minimal manual overhead, the CounterACT platform integratied with KKB’s combined network of Aruba wireless access points and Cisco switches, this offered real-time visibility and continuous monitoring of endpoints on the network and improved compliance with information security banking regulations.

“We needed a NAC solution that was fast to deploy, without any risk of business interruption. In addition, it needed to support our mixed Aruba and Cisco IT infrastructure,” Aktas said. “ForeScout CounterACT offered us integration capabilities with our existing FireEye and ArcSight security tools. This is why we call CounterACT the ‘Swiss Army knife’ of our information security department, as it facilitates multiple, automated security checks and compliance controls in the most efficient way.”

Aktas told Infosecurity that as future security devices will talk and interact with each other, and protect the customer environment collaboratively, he needed an option to defend against attacks, which are well organized; continuously communicating and acting together.

Kredi Kayit Burosu (KKB) is the first and only credit bureau in Turkey, and was founded by nine major Turkish banks in 1995. Reducing financial risks for numerous sectors - including banks, car rentals, house rentals and households - KKB has one million members regularly using its internet portal; the organization dealt with 500 million enquiries in 2014.

Compliance and cybersecurity of sensitive financial and personal information are fundamental to KKB’s reputation as a trusted service provider. In line with this ethos, KKB required a solution to gain more comprehensive network visibility and network access control (NAC) for its 300 employees and 400 endpoints.

Aktas said: “Previously, if a port scan was taking place on the network - with the possibility of malicious activity - we could only identify that after the fact. With ForeScout, we can detect, look and block at the same time. In addition, CounterACT alerts us to security vulnerabilities as they happen, while also enabling automated endpoint remediation. This reduces the chance of human error.

“We have integrated ForeScout-ArcSight-CyberArk so that whenever a computer or laptop connects to our network, ForeScout checks its local admin age and, if it’s older than 45 days, ForeScout sends a CEF message containing the device’s name to ArcSight. ArcSight correlates this message within our custom rule and runs a script on an agent installed in the CyberArk server. With this script, CyberArk starts the password change process and, as a result, the password is successfully changed. This is an essential security measure, especially for those employees who regularly work off-site, away from the company premises.”

What’s Hot on Infosecurity Magazine?