ForeScout ControlFabric TM Architecture

Similar documents
ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

ForeScout Agentless Visibility and Control

ForeScout Extended Module for Splunk

ForeScout CounterACT. Automated Security Control Platform. Network Access Control Mobile Security Endpoint Compliance Threat Prevention

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

McAfee epolicy Orchestrator

White Paper. Comply to Connect with the ForeScout Platform

Addressing PCI DSS 3.2

Deployment Guide. Best Practices for CounterACT Deployment: Guest Management

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Building Resilience in a Digital Enterprise

CloudSOC and Security.cloud for Microsoft Office 365

Sustainable Security Operations

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

NEXT GENERATION SECURITY OPERATIONS CENTER

Detecting MAC Spoofing Using ForeScout CounterACT

SIEMLESS THREAT DETECTION FOR AWS

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

IBM Internet Security Systems Proventia Management SiteProtector

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

THE ACCENTURE CYBER DEFENSE SOLUTION

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Software-Defined Secure Networks in Action

ForeScout Extended Module for Carbon Black

Infoblox as Part of the Ecosystem

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Integrated, Intelligence driven Cyber Threat Hunting

SIEM Solutions from McAfee

Symantec Security Monitoring Services

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

ForeScout Extended Module for Symantec Endpoint Protection

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

SIEM: Five Requirements that Solve the Bigger Business Issues

GDPR: An Opportunity to Transform Your Security Operations

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

McAfee Advanced Threat Defense

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Best Practices in Securing a Multicloud World

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

ForeScout Extended Module for Bromium Secure Platform

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

align security instill confidence

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

McAfee Endpoint Threat Defense and Response Family

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Un SOC avanzato per una efficace risposta al cybercrime

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

The Cognito automated threat detection and response platform

Secure wired and wireless networks with smart access control

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

FOR FINANCIAL SERVICES ORGANIZATIONS

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

McAfee MVISION Cloud. Data Security for the Cloud Era

An Investment Checklist

Mobility, Security Concerns, and Avoidance

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

CounterACT Afaria MDM Plugin

ForeScout Extended Module for VMware AirWatch MDM

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Combating Cyber Risk in the Supply Chain

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

ForeScout Extended Module for MaaS360

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Carbon Black PCI Compliance Mapping Checklist

Choosing the Right Security Assessment

Symantec Network Access Control Starter Edition

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Agile Security Solutions

Reinvent Your 2013 Security Management Strategy

CSP 2017 Network Virtualisation and Security Scott McKinnon

The McGill University Health Centre (MUHC)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Transcription:

ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS.

The Challenge 50% of respondents surveyed indicated they own 13 or more security systems, yet only one in three systems share information with each other and automatically mitigate risk. SC Magazine/ForeScout Research, September 2015 Why are the bad guys still penetrating heavily defended networks? In large part it s because traditional IT security architectures are not built to handle today s threat landscape and IT environment. They suffer from four weaknesses: 1. IT security systems operate independently, creating security management silos If your IT security organization is like most others, you ve probably purchased a variety of security and management systems. You likely have antivirus, encryption, intrusion prevention, vulnerability assessment, firewalls, data leak prevention, security information and event management (SIEM), and mobile device management (MDM). Each of these systems serves a valuable function, but each typically operates as an independent silo. This robs you of critical synergies such as the ability to share contextual information and automate security management workflows. Without information sharing, you can t optimize the effectiveness of your IT security investments. 2. Security alerts aren t the same as enforcement Many IT security systems issue alerts, but they can t take immediate action to mitigate a risk or control a breach. This burdens your IT staff who have to manually sift through the alerts and follow up on them, and it gives hackers more time to compromise your systems. Vulnerability assessment, advanced threat detection and SIEM systems commonly suffer from this weakness. Manual intervention simply cannot address today s relentless pace of cyberattacks. 3. Too many IT security processes are periodic, not continuous Many network access control systems examine the security posture of an endpoint at the time of admission, then ignore the endpoint after it s on the network. Vulnerability assessment systems are typically configured to scan networks on a periodic basis, such as monthly or quarterly, so they fail to scan many transient devices. And patching processes are typically done on a periodic basis (often monthly), not continuously. 4. Security agents only work when they are installed and up to date Agents serve a valuable function, but their scope is limited to known devices, such as corporate-owned computers. Increasingly, enterprise networks contain devices that are not corporateowned, as employees and contractors bring their own devices (BYOD), or endpoints that can t accommodate management agents, such as industrial equipment or non-traditional Internet of Things (IoT) endpoints. Also, agents often fail or become misconfigured. These situations create security blind spots, leaving networks vulnerable to cyberattack.

The Solution The ForeScout ControlFabric TM Architecture extends the capabilities of ForeScout CounterACT TM to a wide variety of enterprise security and management systems, allowing the combined solution to exchange information and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can squeeze higher utility from your existing security investments, efficiently preempt and contain exposures and enhance your overall security posture. Making Disjointed Security Products Work As One The intelligence and functionality of CounterACT and the ControlFabric Architecture can be summed up in three words: See, Control and Orchestrate. ForeScout Base and Extended Modules leverage the capabilities of the ForeScout ControlFabric Architecture to provide ForeScout CounterACT with unprecedented interoperability, integration and multivendor security orchestration capabilities. Base Modules are included with ForeScout CounterACT to provide open integration with a broad range of network and security infrastructure. Extended Modules are co-developed by ForeScout and ForeScout Technology Partners to orchestrate information sharing and policy-based security enforcement operations between CounterACT and leading IT and security management products. These separately licensed software modules are available for a free, 30-day, evaluation. Advanced Threat Defense (ATD) Our ATD modules provide true security orchestration between CounterACT and your ATD system. The combined solution can automatically detect indicators of compromise (IOCs) on your network and quarantine infected devices, thereby limiting malware propagation and breaking the cyber kill chain. 1. The ATD system detects malware then informs CounterACT about the affected system(s) and IOCs. 2. Based on your policy, CounterACT leverages its IOC repository to scan other endpoints that are attempting to connect or are already connected to your network for presence of infection. 3. CounterACT automatically takes policy-based mitigation actions to contain and respond to the threat. Various actions can be performed depending on the severity or priority of the threat. Vulnerability Assessment (VA) Our VA modules share comprehensive vulnerability assessment data between CounterACT and leading VA systems to initiate VA scanning of devices and automate policy-based enforcement actions as necessary. 1. CounterACT triggers the VA system to perform a real-time scan of the connecting device when it joins the network. 2. CounterACT isolates the connecting device in an inspection VLAN while the VA system performs a scan. 3. CounterACT triggers VA scans on devices that meet certain policy conditions, such as endpoints with specific applications, or when endpoint configuration changes are detected. 4. After the VA system scans a device, CounterACT can obtain the scan results and initiate risk mitigation actions if vulnerabilities are detected. See Discover devices the instant they connect to your network without requiring agents Profile and classify devices, users, applications and operating systems Continuously monitor managed devices, BYOD and IoT endpoints Control Allow, deny or limit network access based on device posture and security policies Assess and remediate malicious or high-risk endpoints Improve compliance with industry mandates and regulations Orchestrate Share contextual insight with IT security and management systems Automate common workflows, IT tasks and security processes across systems Accelerate system-wide response to quickly mitigate risks and data breaches

The ControlFabric Architecture extends the advanced visibility, control and remediation capabilities of ForeScout CounterACT to a wide variety of enterprise security products and management systems. ForeScout ControlFabric represents a flexible approach to gain the context and policies necessary to advance endpoint compliance, continuous monitoring and security analytics. Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group Enterprise Mobility Management (EMM) Our EMM modules facilitate policy-based orchestration between CounterACT and leading EMM systems to provide unified security policy management for mobile devices on your network. 1. CounterACT instantly profiles managed and agentless mobile devices connected to the enterprise network. 2. CounterACT provides comprehensive information about devices to EMM systems. 3. When CounterACT discovers a device without a functional EMM agent, CounterACT redirects it to the EMM app store for installation according to policy. 4. CounterACT enforces network security policies, monitors and reports on policy compliance and sees network information such as where and how devices connect to your network. Security Information and Event Management (SIEM) Our SIEM modules facilitate information sharing and policy management between CounterACT and leading SIEM systems to improve situational awareness and mitigate risks using advanced analytics. 1. CounterACT discovers infected endpoints then sends the information to the SIEM. 2. CounterACT receives instructions from the SIEM and automatically takes policy-based mitigation actions to contain and respond to the threat. 3. Various actions can be performed depending on the severity or priority of the threat, such as: o Quarantine endpoints o Initiate direct remediation o Share real-time context with other incident response systems o Initiate a scan by another thirdparty product o Notify the end user via email or SMS Endpoint Protection Platform (EPP) Our EPP modules provide bi-directional integration between CounterACT and leading endpoint protection platforms to facilitate compliance with antivirus, patch management, encryption and other endpoint management policies. 1. CounterACT detects and profiles endpoint systems as they connect to the network and shares this information with the EPP. 2. If the system s endpoint agent is working, the EPP tells CounterACT what it knows about the device s compliance status. 3. CounterACT allows access to compliant devices and authorized users.

4. If the device has a missing/broken agent, CounterACT informs the EPP to install/repair the agent. CounterACT can also capture the endpoint s browser and send the user to a self-remediation page. CounterACT continues to monitor systems for compliance and threatening behavior. 5. Based upon your security policies, CounterACT can perform a wide range of control actions, including endpoint isolation, killing a malicious process or initiating other remediation actions and alerting the user. Open Integration Module Custom integrations can be developed via the Open Integration Module, which allows customers, systems integrators and technology vendors to integrate security and management systems with CounterACT. This module supports the following open, standards-based integration mechanisms: 1. Web Services API for sending and receiving XML messages. 2. SQL, allowing reading from and writing to databases, such as Oracle, MySQL, and SQL Server. 3. LDAP, enabling reading from standard directories Custom Integrations Using the ForeScout Open Integration Module ForeScout s open ControlFabric Interface allows you or third parties to easily implement new integrations based on common, standards-based protocols. The ControlFabric Interface can be enabled on the CounterACT appliance by purchasing the Open Integration Module. This module supports the following open, standards-based integration mechanisms: Web Services API for sending and receiving XML messages SQL, allowing reading from and writing to databases, such as Oracle, MySQL, and SQL Server ENDPOINTS LDAP, enabling reading from standard directories CounterACT also natively supports the syslog interface, which can be used to send and receive information to a designated server. This interface is used for a variety of integrations with products that aggregate logs and enable log analysis, such as SIEM systems. MDM ENDPOINT PROTECTION NETWORK INFRASTRUCTURE SIEM VULNERABILITY ASSESSMENT ADVANCED THREAT DETECTION IDENTITY CONTROLFABRIC TM INTERFACE DATA PROVIDERS Open Standards-based API Web Service (client or server), SQL, LDAP, syslog Bidirectional integration DATA CONSUMERS Figure 1: ControlFabric Ecosystem ControlFabric Architecture lets CounterACT share contextual insights and automate workflows with third-party security tools over your existing network infrastructure to improve and unify system-wide security. ForeScout currently integrates with more than 70 network, security, mobility and IT management products,* with additional integrations underway.

About ForeScout ForeScout Technologies, Inc. is transforming security through visibility. ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings. More than 2,000 customers in over 60 countries* improve their network security and compliance posture with ForeScout solutions. Put the Power of ControlFabric to Work for You ForeScout ControlFabric offers a solution for everyone in the security value chain. Whether you are a technology vendor looking to leverage the capabilities of ForeScout CounterACT, an integrator seeking to automate system-wide security or an enterprise customer who needs to improve security effectiveness and maximize the return on investment of your existing security products, you owe it to yourself to check out ControlFabric. Learn more at www. forescout.com/controlfabric today. To request a demo, visit www. forescout.com/request-demo. ForeScout Technologies, Inc. 900 E. Hamilton Avenue #300 Campbell, CA 95008 USA *As of January 2016 Toll-Free (US) 1-866-377-8771 Tel (Intl) +1-408-213-3191 Support 1-708-237-6591 Fax 1-408-371-2284 Copyright 2016. All rights reserved. ForeScout Technologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners. Version 1_16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback