Penetration Test Prompts Changes To Bank’s Network Security Approach
Credit First National Association (CFNA), a federally chartered limited purpose credit card bank and a wholly owned subsidiary of Bridgestone Retail Operations, issues credit cards to customers of Firestone Complete Auto Care Stores and independent dealers who have commercial relationships with Bridgestone America Tire Operations.
While CFNA is a limited purpose bank, the financial institution still needs to balance a high level of security with convenient access for its diverse set of users. When CFNA’s legacy Network Access Control (NAC) system failed an internal penetration test during one of the institution’s many periodic audits, Timothy Lynch Childress, manager of CFNA Network Services, Bridgestone Firestone, was stunned. “Even with a NAC solution in place, an auditor was able to access our network in less than ten minutes just using his laptop,” Childress explains. “We are required to ensure compliance with Office of the Comptroller of the Currency regulations, and keeping our customer and employee data safe is paramount. We began looking for a new solution immediately.”
The CFNA team’s experience with their legacy NAC solution made it easy for them to articulate exactly what they needed in a new solution: the ability to prevent rogue devices from accessing the network, and increased visibility, enforceable policies that could be modified as needed. The company also required an easy, preferably self-service remediation process; with CFNA’s legacy NAC solution, users were forced to call the help desk anytime they failed a scan.
It was also essential that any solution they chose be virtually invisible to network users. “We really wanted to improve our user experience with NAC because while visibility is essential to us, our users found our previous tool to be an intrusion,” Childress notes. “Our legacy NAC prevented users from logging on while a lengthy policy scan was completed, and response time was impacted by virtually anything happening on the network.”
NETWORK PROFILE
Wired access to more than 200 employees; nearly 700 network ports. Separated from the Bridgestone Firestone network by a firewall to meet security guidelines.
CHALLENGES
- Ensure the security of more than four million database records, protecting customers and employees by eliminating rogue devices.
- Simplify the process of authenticating users, while increasing network visibility.
- Reduce burden on help desk staff, who addressed remediation issues manually.
SOLUTION
Network Sentry Foundation, Access Manager, Device Tracker, Endpoint Compliance and Integration Suite
RESULTS
- Now use a single system to authenticate all users and automatically control network access—successfully eliminated all rogue connections to secure the network.
- Leveraged Network Sentry to ensure continuous compliance with Office of the Comptroller of the Currency regulations and with anti-virus and anti-spyware requirements.
- Improved the user experience, both with authentication and remediation; calls to the help desk related to remediation issues have been reduced by 75 percent.
- Reduced time spent on network administration problems from up to two hours each day to less than two hours each week.