Retailer tackles network security and device management

Australian retailer Vita Group, the major operator of Telstra stores, had a problem: When a new store was set up, Vita Group’s IT team would set things up and know exactly where every device was and how many were connected. But when devices were moved, IT would lose visibility over them.

Vita Group initially thought it had 6,000 connected devices across its corporate and guest network, to which Telstra devices connect. But after deploying a network management suite from Forescout Technologies, it uncovered 4,000 extra devices it previously had no visibility of. It also found unauthorised devices including users’ personal devices, including Apple AirPort routers, personal laptops, and NAS devices, as well as Telstra-issued devices that were meant to be connected to specific switch ports.

Several companies offer similar products, including Cisco Systems, Extreme, Fortinet, HP’s Aruba division, Nozomi Networks, and Pulse Secure.

Once the Forescout platform was running, Vita Group identified a flaw in its guest network that allowed access to its corporate network due to a misconfiguration, which has since been fixed.

Using the Forescout platform also helped with the migration from Windows 7 to Windows 10 by providing information such as whether a device had enough RAM for the upgrade. It also freed the IT team from using spreadsheets or ERP software to keep track of its assets.

The network tool not only helped the retailer to see all the devices on its network but also to learn whether they had up-to-date software and antivirus protection.

The use of the Forescout platform also allowed Vita Group to make sure its Microsoft System Center Configuration Manager (SCCM) agents were up-to-date and working properly across endpoints. Microsoft SCCM is used to deploy updates to all point of sale devices. Vita Group’s general manager of IT, Justin Maskey, said that previously there was no way of knowing if that was working properly. 

Vita Group

“We also needed the ability to control network access, especially across physical ports in our stores”, Maskey said. “The control we now have across endpoints allows us to respond much faster to any kind of incident. For example, after a defective Microsoft Office update was deployed to some of our PCs, we used the Forescout platform to quickly and effectively intercept it and stop it from being pushed out to the rest of our desktops, saving us hours of remediation and minimising the impact on our business.”

Because its stores are located all across Australia, the platform allows Maskey and his team to monitor everything from a single location and make necessary updates when needed. This has saved the business a lot of time, as the IT team used to have to manually scan the networks to find the IP addresses of devices that stores couldn’t locate. According to Maskey, the IT team saves up to three days each month with the new platform.

Maskey told Computerworld Australia one lesson during the three-month process of deploying the Forescout platform was a better understanding of the number of devices connected to the network, and the main benefit is the ability to understand what is going on on the network and be able to detect and block devices if needed, be alerted when a new device connects to the network, and be better able to respond to security needs.

One reason Vita Group opted for Forescout was that it is vendor-agnostic and, although the retailer has no plans to come away from its Cisco-based network, it has now the flexibility of doing so if it desires.

In the 2019 financial year, Vita Group was responsible for 102 Telstra licensed stores, four Telstra Business Technology Centres, one Fone Zone store, 13 Shaw clinics and three SQDAthletica stores. Primarily a Telstra store operator, in recent years Vita Group has entered the skin-health and wellness business through acquisitions, which increased the need for visibility of devices.