City of Guelph Fortifies PCI Compliance & Mobile Security with CounterACT


The City of Guelph in Ontario, Canada, is a vibrant community of 118,000 people that is ranked among the top ten places to live in Canada. The City has about 2,000 employees spanning 35 sites.

The City of Guelph’s IT team sees network security as an ever-changing landscape, and recently launched a multi-faceted initiative to enhance compliance effectiveness and reporting efficiency, personal mobile device access and overall visibility into the network and attached devices.

The City accepts credit and debit cards for payment, and as part of its on-going PCI- DSS compliance needed to more efficiently generate required detailed reports on network devices, anti-virus, and patch status. For its emergency and health services, it must protect sensitive personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), even for information collected remotely by paramedics and EMS personnel in emergency situations. Another goal was to enable employees to use personal mobile devices and further automate access policies for contractors and guests, while at the same time controlling their access and isolating them from the corporate network. Finally, the team wanted to increase visibility into all of the devices attached to the network and examine their security profile in detail against established policies.


Protect sensitive personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), enable personal mobile device use, and increase visibility into all of the devices attached to the network.


  • CounterACT’s Compliance Reporting allows instant knowledge of PCI compliance, providing detailed reports on network device, anti-virus and patch status.

  • CounterACT’s complete network visibility and control allows secure network access from personal mobile devices, and simplifies guest networking by setting policies based on device and end-user credentials.


  • Allowed visibility to all devices connected to the network
  • Enabled secure network access using personal mobile devices
  • Simplified guest networking

Why ForeScout?

In the first step, a cross-organizational team with both IT and business unit members extensively evaluated and benchmarked the top NAC candidates in detail. Next, they brought in additional expertise from security integrator Conexsys to expedite further assessment and implementation. They selected ForeScout CounterACT due to its ease of use and deployment, integrated functionality and built-in templates. Other key considerations were its flexible implementation and policy enforcement.

“We get real-time visibility and can drill down to a specific endpoint and see the entire status of the device, even the Windows update status. Not only do we know everything that’s connected, we can properly classify each device and put them in different containers based on their profile.”

“With limited resources we wanted to ensure a timely implementation of our network security solution. Conexsys proved to be a competent IT solution provider and really enabled us to progress rapidly against our agenda with assured results.”

How ForeScout Helped

Compliance Reporting

“In the past we had to run internal assessments to create reports required for PCI-DSS compliance. With ForeScout, one interface will deliver us the status of all Windows updates/patches and our anti-virus, which saves us a significant amount of time doing audit and compliance reporting.”


Personal Mobile Device Access

“Our Human Resources Department is very pleased with what we’ve done for our employees with guest networking. The City is now encouraging staff to bring in their personal devices and use them at leisure times in the courtyard or the

employee lunchroom. This is a big benefit for our employees because they can sit in one of our lounges or on our patio on their breaks and access the Internet as a guest, without compromising our security at all.”


Guest Networking

“Prior to implementing this solution, the network access for guests such as contractors was a manual process and not foolproof. It did not guarantee that the devices were safe and after use we had to remember to disable the port. Guests that were unaware of our network access policy would try to connect and then realize IT needed to intervene. This caused delays and put the IT staff in a reactive mode, as meetings and presentations could not proceed without network connectivity. Now when a device is connected, it is automatically checked and connected to the appropriate network without IT intervention. Being able to do this through a single interface saves us a tremendous amount of administrative effort every week.”


A Strong Integrator Channel Partner

“Conexsys delivered on its commitments and helped us move the ball on our network security initiatives.”

The ForeScout Difference

ForeScout CounterACT is different from most threat prevention and network access control (NAC) solutions because it is so easy to deploy. Everything is contained in a simple appliance and works with your existing IT infrastructure. No software to install, no hardware to upgrade. Once deployed, ForeScout CounterACT can enforce security policies for any user and any device, anywhere in the world, regardless of how they are connecting to your enterprise network.


For more information about the ForeScout’s CounterACT appliance, visit