Access Controls
Initiatives
Capabilities
IntegrationsPFCU Customer Success Story
PFCU Locks Down Compliance and Branch Security with Portnox Cloud NAC
At-a-Glance
Industry: Banking & Financial Services
Locations: 14 branches
Devices: 500-700
Service: Portnox Cloud NAC + RADIUS
Driver: Auditor-mandated NAC compliance requirement
Company Background
PFCU, headquartered in Portland, Michigan, operates 14 branches serving members across both urban and rural areas, statewide.
With a hybrid network built on Meraki switches, Ubiquiti Unifi wireless, and a mix of on-premises and cloud systems, PFCU’s IT team supports between 500 and 700 devices across locations.
Like most credit unions, PFCU faces strict compliance requirements and must protect sensitive member data while ensuring smooth branch operations. Since they have a wide variety of members and partners visiting their many locations, ensuring guest connectivity with security is also important.
The Challenge
PFCU decided to implement a Network Access Control (NAC) solution for three reasons: to meet auditor requirements, to make their company more secure, and to ensure protection of their members’ information and data. Ben Jarbeau, PFCU’s Cybersecurity Engineer, was tasked with bringing NAC to a distributed networking environment that did not previously have this level of security —the company was new to NAC solutions.
Ben and his team knew that without NAC, any visitor could plug in a rogue device or attempt Man-in-the-Middle (MiTM) attacks, leaving branches exposed. Prior to working with Portnox, these were real vulnerabilities that they wanted to avoid.
Why Portnox
Initially, leadership considered an open-source NAC (PacketFence), but the IT team was hesitant about the overhead . Instead, a peer at another credit union recommended Portnox Cloud NAC after a successful deployment.
I had a recommendation for Portnox, and I liked the product when I saw it.
Ben Jarbeau
What sealed the deal
- Reliability and resilience: Portnox’s cloud-native architecture ensures maximum up-time and eliminates single points of failure, unlike within on-premise environments. This meets their key concern of maintaining security even when branches lose power or connectivity.
- Simplicity and scalability: Deploying AgentP and configuring MAC Authentication Bypass with ease to cover both managed and unmanaged devices—no complex infrastructure or expensive professional services were required.
- Instant policy enforcement: Ben's team can implement network-wide policy changes in less than a minute, keeping pace with evolving security demands.
- Peer-validated trust: Chosen with confidence based on a trusted recommendation from a fellow credit union.
- Real-world tested: Portnox’s ability to demo in PFCU’s live environment empowered the IT team to see first-hand how fast and frictionless policy rollouts can be.
Ben states that working with Portnox to do a service demo within their own environment was a significant benefit to him and his team. Once set up, they could see how Portnox Cloud NAC works and how quickly and easily they could push policies out. Even though Ben wanted a cloud-native solution, he was concerned about speed. His experience with other cloud services was frustrating, describing times where it would take 10 or 15 minutes for changes he made to go into effect. He saw first-hand that Portnox delivers cloud-native NAC with speed and agility.
Key Concerns:
- Meeting the auditor’s specific NAC requirement.
- Eliminating the rogue device risk in branch lobbies and offices.
- Deploying a cloud-first solution to avoid outages in rural branches where power can be unreliable.
- Rolling out quickly with a small IT team.
…with Portnox…you make a change [and] it’s good to go.
Ben Jarbeau
Implementation
The Portnox Cloud NAC rollout was fast and smooth. Although this is the first time their team have implemented a NAC solution and their IT team is very small, they found it to be easier than expected. Ben was able to do about 90% of the implementation prep and work on his own, with system admins assisting toward the end of the process.
What it entailed:
- AgentP deployment: Easily installed on all managed endpoints.
- MAB for unmanaged devices: Ensured printers, phones, and IoT devices connected securely.
- Elite support: Portnox engineers provided hands-on onboarding and registry key optimization.
- Wi-Fi integration: Unified wireless authentication across branches, allowing employees to automatically connect to any branch’s network.
- SIEM integration: Connected Portnox logs to Rapid7 for centralized monitoring.
It was just me for most of the deployment. With the documentation and Portnox support, it was surprisingly easy.
Ben Jarbeau
The Results
- Compliance achieved: Passed auditor NAC requirement .
- Zero rogue device risk: Unauthorized devices can’t connect in branches.
- Faster operations: Cloud-based policy changes apply in under a minute.
- Improved user experience: Staff automatically connect to branch Wi-Fi without passwords.
- Better network visibility: NAC logs flow into Rapid7 SIEM for threat monitoring.
Unexpected Wins
- Seamless Wi-Fi roaming: Employees can walk into any of PFCU’s 14 total locations and instantly connect—no more “What’s the password?” moments, or sticky notes with credentials in prominent places.
- Cloud speed: Unlike many cloud tools that take 10–20 minutes to push changes, Portnox delivers within seconds.
Portnox has been doing so well for us we presented it to our Board.
Ben Jarbeau
By deploying Portnox Cloud NAC, PFCU not only satisfied strict auditor requirements but eliminated rogue device risk, ensured uptime even when locations lose power, and streamlined Wi-Fi access across 14 branches. With cloud-speed policy enforcement and simplified management, its small IT team now delivers vastly stronger security and a smoother experience for staff and members alike.
Key Takeaways:
- Cloud-native NAC can be deployed rapidly—even by a small IT team.
- Instant policy enforcement improves both security and productivity.
- Wi-Fi authentication integration boosts security while simplifying daily operations.