ForeScout Technologies Pervasive Network Security€¦ · Incident Investigation, Response Reputation Loss, ... Complete Visibility, ... •Higher levels of endpoint compliance

© 2013 ForeScout Technologies, Page 1 ForeScout Confidential

Scott Gordon (CISSP-ISSMP), Chief Marketing Officer

ForeScout Technologies — Pervasive Network Security

May, 2013

Realizing Continuous Compliance


About ForeScout

ForeScout is the leading global provider of pervasive network security solutions for Global

2000 enterprises and government organizations.

• Independent Network Access

Control (NAC) market leader

Foundation

• 1400+ global implementations

• Financial services, government,

healthcare, manufacturing,

retail, education…

• Cupertino HQ, 185 employees

• 200+ global channel partners

Enterprise Deployments Market Leadership

**NAC Competitive Landscape

April 2013, Frost&Sullivan ForeScout

*Magic Quadrant for Network Access

Control, December 2012, Gartner Inc.

ForeScout Technologies


4 Converging Trends Affecting InfoSec Effectiveness


Increasing Security, Risk Management Costs

Resources

Remediation

Incident

Investigation,

Response

Reputation

Loss,

Defense

Operations

Prevention

$ $ $

$

$

$


Increasing Compliance Mandates, Reduced Impact on Operational Results

Incidents and Violations

Security Expenditure Variance


?

?

?

x x

? ?

Exploding Network Access and Threat Dynamics

? X

X

? ?

?

?

?

?

X

?


Disruptive IT Consumerization

App Stores and Web Apps

Diverse

Device

OS

Standards

Mobile

Apps

Personal and Mobile Devices


The Enterprise Challenge Accessibility Without Compromising Access and Endpoint Protection

• Demand for pervasive network

resource and data accessibility

• 20% of infrastructure is

unknown, invisible

• Up to 50% of endpoints are

non-compliant

• IT consumerization

“Endpoint baselining scans reveal that many

endpoints (up to 50%) are noncompliant…“

Gartner

“…enterprise perimeter is becoming more open and

extended...“

IDC

“Enterprises are only aware of 80% of the devices on

their networks.

Gartner

“NAC Strategies for Supporting BYOD Environments”, 22 December 2011, document G00226204

Gartner report - “Bring Your Own Device: The Facts and the Future, Gartner, May, 2013, David Willis

“ Architecting a Flexible Strategy for Securing Enterprise Bring Your Own Device (BYOD) ” IDC #233664, June 2012,

“By 2017, 50% of employers will require employees

to bring their own device to the workplace.

Gartner


Don’t Worry - Innovate


Impact of Access, Network and Threat Dynamics

Question: Can you accurately answer how many wired or

wireless devices are on your network?

Assuming you could, would you know how many are:

Are in violation:

• OS Patches

• Host-based security

Antivirus, Encryption, DLP…

• Unwanted software

IM, P2P, unlicensed…

• Configuration management

• Manageable

• Unmanageable

• Guests

• Unknown

• Misconfigured

• Vulnerable

• Windows

• Linux/Unix

• Mac

• Hand Held

• Printers

• VoIP

• Networking

…etc


Technology that identifies users and network-attached devices and

automatically enforces security policy.

What is Network Access Control (NAC)?

Limit Resolve


NAC Expanding Value Proposition

Endpoints

Network Devices

Applications

Users

Non-Corporate/BYOD

No Protection Possible

Corporate Resources

NAC Real-time Visibility and Automated Control

Unwanted application…

Not Visible

Antivirus out of date…

Encryption, DLP or Sys.Mgmt.

agent not installed / running

?

Protection Possible

Visible


Pervasive Network Security Platform Continuous Visibility, Monitoring and Remediation

Allow, Block, Limit, Alert, Inform

User-guided, Automated, via External System

Alert, Report, Bi-directional Intelligence

Continuous

Visibility

Network

Enforcement

Endpoint

Remediation

Information

Integration

Endpoint

Authentication &

Inspection

Device Discovery, Profiling

Security Posture, Control Validation

Pervasive

Network

Security


Pervasive Network Security Platform Complete Visibility, Control and Automation

Continuous

Monitoring &

Mitigation

Allow, Block, Limit, Alert, Inform

User-guided, Automated, via External System

Alert, Report, Bi-directional Intelligence

Continuous

Visibility

Network

Enforcement

Endpoint

Remediation

Information

Integration

Endpoint

Authentication

& Inspection

Device Discovery, Profiling

Security Posture, Control Validation

Pervasive

Network

Security


Gain Unprecedented Visibility, Control, Automation

See All devices:

Managed, Rogue,

Wired, Wireless,

PC, Mobile…

Filter By:

Business Unit,

Network, Issue,

Device Types…

Instant Intelligence:

Who, What, Where,

When, Security

Posture…

Instant Status:

Devices, Policy

Violations…

Granular, Extensible

Policies, Automated

Enforcement


Endpoint Intelligence and Compliance

NextGen NAC

• 100% visibility of all devices,

including unmanaged and

rogue devices

• Higher levels of endpoint

compliance

• Automate the installation,

activation and update of

endpoint agents

• Control network access

• Identify and block malicious

network behavior


Complete Asset Intelligence


Policy-Based Endpoint Profiling


Operational Integration

• Complete, accurate asset

intelligence

• 100% visibility of endpoint risks,

e.g. rogue, unmanaged devices

• Send intelligence to external

systems, external systems can

leverage CounterACT response

• Faster, more automated

mitigation of security issues

• Full guest &contractor mgmt.

• Cost savings due to automation NextGen NAC


Leveraging CounterACT Interoperability

McAfee ePO Integration

• Certified integration with ePO

• Endpoint protection policy assurance

• CounterACT real-time inspection informs ePO

• Fortifies HBSS compliance

McAfee ESM integration

• CounterACT sends access, violations and action events to SIEM

• CounterACT to send endpoint intelligence to McAfee ESM

• CounterACT enforcement based on McAfee ESM correlated data

ePO


SIEM Integration with NAC SIEM Correlated Event Triggers CounterACT Response


BYOD Disruption Compounds Security Challenges

“78% say there are more than twice as many personal devices connecting to

corporate networks now than compared to two years ago.”

Dimension Research

Less Control Over

Applications

Devices,

Mobile OS

standards

Users

Enroll, enforce security

Lock Down Configurations

Assure appropriate access

to sensitive resources

More Costly to


BYOD/CYOD Control Assess Control Flexibility and Cost-Effectiveness

“Only a subset of corporate mobile users need advanced Mobile Device Management.“

IDC Research

VDI - Virtual Desktop

Infrastructure

MAW – Mobile Application

Wrapper

WAP – Wireless Access Point

MDM - Mobile Device

Management

NAC – Network Access Control


Automated Guest Registration Management


How NAC Supports BYOD / CYOD

MDM

LDAP

WAP

Switch

Endpoints

NAC


Why Combine NAC with MDM for BYOD/CYOD

• 100% visibility of all mobile

devices, managed & unmanaged

• Prevent unauthorized devices

from accessing the network

• Automate MDM enrollment

• Assess posture assessment

upon network connection

• Network mitigation

• Unified compliance reporting of

all network devices

NextGen NAC


Unified Mobile Security Rich MDM Interoperability


Secure

Gateway

Achieving Continuous Monitoring & Remediation Mitigate the Risk of Rogue Devices, APT, Zero-Day Attacks

Sys

Mgmt.

Secure Asset

Management

MDM

MAM

Host

Controls

Security Risk

Management

VA /

DLP GRC

SIEM

AAA

Network

Operations

ForeScout

NAC

NGFW

/ VPN

Silo’d Tool Exposures Coordination, Containment

MDM

MAM

Sys

Mgmt.

Secure Asset

Management

ForeScout

CounterACT

Platform VA /

DLP

SIEM

NGFW

/ VPN

AAA

Host

Controls


Cyber Security Automation, More Than Technology

Service Level Agreement

IT Security Efficiency

Effectiveness

Security Risk Mgmt.

Network Operations

Policy

Controls

Tools

Results

Coordination

Device Is Unknown,

On Core Network

Automatic

Quarantine


NAC, Accelerating IT-GRC Control Effectiveness Empowering Pervasive Network Security

Visibility • Unique network presence; see, control everything

• Real-time network intelligence: who, what, where…

Control Automation • Next-gen NAC closes the gaps

• Automate authentication, access control

• Automate compliance, verification

• Automate remediation and mitigation

• Bi-directional integration: network, security, identity,

wireless, mobile, GRC platforms

Requires • Policy and operational agreement between security

operations and network operations

• Next-gen NAC (ForeScout CounterACT)


Thank You

*This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of

the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service

]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings.

Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of

fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or

fitness for a particular purpose.

**Frost & Sullivan 2013 report NC91-74, Analysis of

the Network Access Control Market: Evolving

Business Practices and Technologies Rejuvenate

Market Growth” Chard base year 2012.

Documents

ForeScout Technologies Pervasive Network Security€¦ · Incident Investigation, Response Reputation Loss, ... Complete Visibility, ... •Higher levels of endpoint compliance