Challenge:Automatizzare le azioni di isolamento e

contenimento delle minacce

rilevate tramite soluzioni di malware analysis

Security Automation

Network Admission Control

Not VisibleVisible

Visible withIoT

See

Managed Unmanaged

DIRECTORIES

PATCH

SIEM

ATD

VA

EMM

OTHER

Computing Devices

Network Devices

Applications

Antivirus out-of-date

Broken agent

Vulnerability

Continuous

Agentless

Users EndpointsNetwork Existing IT

Control

Automated

Policy-driven

Orchestrate

Automate

workflows

Share

context

IBM

IBM

ControlFabric Open APIs

FIREWALL SIEM ATD VA ENDPOINT PATCH EMM

Network Infrastructure

IT Security – With ForeScout

Managed DevicesBYOD Devices Rogue DevicesIoT Devices

Network

Internet

11 See corporate, BYOD, IoT, rogue devices.

2

3

Automate enrollment for guests and BYOD including mobile devices

Find and fix vulnerabilities and security problems on managed endpoints

4

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

5

IBM

IBM

Directories

IT Security – With ForeScout

FIREWALL SIEM ATD VA ENDPOINT PATCH EMM

Network Infrastructure

Managed DevicesBYOD Devices IoT Devices

Network

Internet

See corporate, BYOD, IoT, rogue devices.

2

3

Automate enrollment for guests and BYOD including mobile devices

Find and fix vulnerabilities and security problems on managed endpoints

4

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

5

1

2

Rogue Devices

IBM

IBM

Directories

IT Security – With ForeScout

FIREWALL SIEM ATD VA ENDPOINT PATCH EMM

Network Infrastructure

Managed DevicesBYOD Devices Rogue DevicesIoT Devices

Network

Internet

See corporate, BYOD, IoT, rogue devices.

1

2

3

Automate enrollment for guests and BYOD including mobile devices

Find and fix vulnerabilities and security problems on managed endpoints

4

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

5

3

IBM

IBM

Directories

IT Security – With ForeScout

EMM

Network Infrastructure

Managed DevicesBYOD Devices IoT Devices

Network

Internet

See corporate, BYOD, IoT, rogue devices.

1

2

3

Automate enrollment for guests and BYOD including mobile devices

Find and fix vulnerabilities and security problems on managed endpoints

5

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

5

4

FIREWALL SIEM ATD VA ENDPOINT PATCH

IBM

IBM

Directories

IT Security – With ForeScout

FIREWALL SIEM ATD VA ENDPOINT PATCH EMM

Network Infrastructure

Network

Internet

See corporate, BYOD, IoT, rogue devices.

1

2

3

Automate enrollment for guests and BYOD including mobile devices

Find and fix vulnerabilities and security problems on managed endpoints

4

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

65

IBM

IBM

Directories

Managed DevicesBYOD Devices Rogue DevicesIoT Devices

Granular Controls

Modest Strong

Open trouble ticket

Send email notification

SNMP Traps

Syslog

HTTP browser hijack

Auditable end-user acknowledgement

Self-remediation

Integrate with systems and security management platforms. Send to WebService. Write to SQL/LDAP.

Deploy a virtual firewall around an infected or non-compliant device

Reassign the device into a VLAN with restricted access

Update access lists (ACLs) on switches, firewalls and routers to restrict access

DNS hijack (captive portal)

Automatically move device to a pre-configured guest network

Reassign device from production VLAN to quarantine VLAN

Block access with 802.1X

Alter login credentials to block access, VPN block

Block access with device authentication

Turn off switch port (802.1X, SNMP)

Wi-Fi port block

Terminate unauthorized applications

Disable peripheral device

Alert & Remediate Limit Access Move & Disable

Next Generation Security Platform

Next Generation Security Platform

Identification Technologies Transform the Firewall

•App-ID™

•Identify the application

•User-ID™

•Identify the user

•Content-ID™

•Scan the content

Single-Pass Parallel Processing™ (SP3) Architecture

Single Pass

• Operations once per packet

- Traffic classification (app identification)

- User/group mapping

- Content scanning –threats, URLs, confidential data

• One policy

Parallel Processing

• Function-specific parallel processing hardware engines

• Separate data/control planes

Up to 200Gbps, Low Latency

Wildfire

TrapsAdvanced Endpoint Protection

Prevent ExploitsIncluding zero-day exploits

Prevent MalwareIncluding advanced & unknown malware

Collect Attempted-Attack ForensicsFor further analysis

Scalable & LightweightMust be user-friendly and cover complete enterprise

Integrate with Network and Cloud SecurityFor data exchange and crossed-organization protection

Security Reimagined

Multi-Vector Virtual Execution Engine

PURPOSE-BUILT FOR SECURITY

HARDENED HYPERVISOR

SIGNATURE-LESS

EXPLOIT BASED DETECTION, NOT JUST FILE

FINDS KNOWN AND UNKNOWN THREATS

MULTI-VECTOR

PERFORMANCE

EFFICACY

Analyze, Detonate and Correlate

WITHIN VMs

ACROSS VMs

CROSS ENTERPRISE

DETONATE

CORRELATE

2 MILLION

OBJECTS

PER HOUR

ANALYZE

FireEye Ecosystem

Put pieces together!

Forescout + PaloAlto

Forescout + FireEye

DEMO!

Q&A