57
Phatchara Maichandi Presales Engineer Throughwave (Thailand) Co., Ltd.

Throughwave Day 2015 - ForeScout Automated Security Control

Embed Size (px)

Citation preview

Page 1: Throughwave Day 2015 - ForeScout Automated Security Control

Phatchara MaichandiPresales Engineer

Throughwave (Thailand) Co., Ltd.

Page 2: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 2

• Enterprise Security Trend

• ForeScout Capabilities

• ForeScout Integration

• BYOD Security

• Case Studies

• Conclusion

Page 3: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 3

Page 4: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 4

Corporate Resources

Antivirus out of date

Unauthorized applicationAgents not installed or not running

Endpoints

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

Non-corporate

VM

Users

Applications

NetworkDevices

Page 5: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 5

Page 6: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 6

Page 7: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 7

Page 8: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 8

• Complex architecture

• Requires reconfiguration and upgrade of existing switches

• Requires installation of endpoint agents

• Requires 802.1X

• Long drawn-out implementations

• Brittle, prone to disruption and breakage

Outdated NAC

Page 9: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 9

Fast and easy deployment– No infrastructure changes

or network upgrades– No need for endpoint agents– 802.1X is optional– Integrated appliance

(physical or virtual)

Streamline and automate existing IT processes

– Guest registration

– MDM enrollment

– BYOD onboarding

– Asset intelligence

Shift away from restrictive allow-or-deny policies

– Flexible controls, based on user and device context

– Preserve user experience

Integrate with other IT systems

– Break down information silos

– Reduce window of vulnerability by automating controls & actions

Page 10: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 10

Page 11: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 11

Strong Foundation Market Leadership Enterprise Deployments

#1

• In business 13 years• Campbell, CA

headquarters• 200+ global channel

partners

• Independent Network Access Control (NAC) Market Leader

• Focus: Pervasive Network Security

• 1,800+ customers worldwide• Financial services, government,

healthcare, manufacturing, retail, education

• From 100 to >1M endpoints• From 62 countries around the

world

Page 12: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 12

*Magic Quadrant for Network Access Control, December 2014, Gartner Inc.

*This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner "Magic Quadrant for Network Access Control,” Lawrence Orans and Claudio Neiva, December 10, 2014.

Page 13: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 13

Device type, owner, login, location

Applications, security profile

Captures transient users and devices

Real-time Intelligence

Page 14: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 14

Device and user-specific policies

Mitigate OS, configuration and

security risks

Start/stop applications and

disable peripherals

Real-time Intelligence

Granular Controls

Page 15: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 15

Real-time Intelligence

Granular Controls

Information Sharing and Automation

Bi-directional information exchange

Automated mitigation and control

Enhancedcollaboration

Page 16: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 16

See

Grant

Fix

Protect

Who and what are on your network?

Allow, limit or block network access

Remediate Endpoint Systems

Block internal attack

Page 17: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 17

Page 18: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 18

Who are you? Who owns your device?

What type of device?

What is thedevice hygiene?

• Employee

• Partner

• Contractor

• Guest

• Corporate

• BYOD

• Rogue

• Windows, Mac

• iOS, Android

• VM

• Non-user devices

• Configuration• Software• Services• Patches• Security Agents

• Switch• Controller• VPN• Port, SSID• IP, MAC• VLAN

Where/how are you connecting?

Page 19: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 19

Dynamic and Multi-faceted

DHCPREQUESTS

AD, LDAP, RADIUSSERVER

AGENT ACTIVEDIRECTORY

MIRRORTRAFFIC

NMAP SCAN

Page 20: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 20

Complete Situational Awareness

Page 21: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 21

Complete Situational Awareness

Compliance Problems:Agents, Apps, Vulnerabilities,

Configurations

See Devices: Managed, Unmanaged, Wired,

Wireless, PC, Mobile…

Page 22: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 22

Complete Situational Awareness

Filter Information By:Business Unit,

Location,Device Type…

Page 23: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 23

Complete Situational Awareness

See Device Details:What, Where, Who, Security Posture…

Page 24: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 24

Complete Situational Awareness

Site Summary:Devices,

Policy Violations…

Page 25: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 25

Page 26: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 26

Modest Strong

Open trouble ticket

Send email notification

SNMP Traps

Start application

Run script

Auditable end-user acknowledgement

Send information to external systems such as SIEM etc.

HTTP browser hijack

Deploy a virtual firewall around the device

Reassign the device to a VLAN with restricted access

Update access lists (ACLs) on switches, firewalls and routers to restrict access

DNS hijack (captive portal)

Automatically move device to a pre- configured guest network

Trigger external controls such as endpoint protection, VA etc.

Move device to quarantine VLAN

Block access with 802.1X

Alter login credentials to block access, VPN block

Block access with device authentication

Turn off switch port (802.1X,SNMP)

Install/update agents, trigger external remediation systems

Wi-Fi port block

Alert / Allow Trigger / Limit Remediate / Block

Page 27: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 27

• Visibility of corporate andpersonal devices

• Network Access Control– Identify who, what, where, when,

configuration, security posture

• Flexible policy controls – Register guests– Grant access (none, limited, full)– Enforce time of day, connection

type, device type controls

• Block unauthorized devices from the network

EMPLOYEE

CONTRACTOR

GUEST

UNAUTHORIZED

WEB EMAIL CRM

Page 28: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 28

User Type

Limited Internal Access

Authenticate via Contractor Credentials

BYOD Posture Check

Contractor/PartnerGuest

Internet Access

Guest Registration

SponsorAuthorization

Personal Device Corporate Asset

Authenticate via Corporate Credentials

BYOD Posture Check

Internal Access

Corporate Asset Posture Check

Employee

Page 29: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 29

Page 30: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 30

CORESWITCHES

ACTIVEDIRECTORY

SCCM

ENDPOINTPROTECTION

SIEM

VA

MDM

ATD

DATACENTER

REMOTE USERS VPN CONCENTRATOR

COUNTERACTENTERPRISE MANAGER

SERVER FARM

Page 31: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 31

DATACENTER

REMOTE USERS VPN CONCENTRATOR

ACTIVEDIRECTORY

SCCM

ENDPOINTPROTECTION

SIEM

VA

MDM

ATD

COUNTERACTENTERPRISE MANAGER

CORESWITCHES

SERVER FARM

Page 32: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 32

CORESWITCHES

DATACENTER

REMOTE USERS VPN CONCENTRATOR

COUNTERACTENTERPRISE MANAGER

ACTIVEDIRECTORY

SCCM

ENDPOINTPROTECTION

SIEM

VA

MDM

ATD

CounterACT Deployed at the Core Layer

Management Port

Mirror Traffic

Page 33: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 33

Page 34: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 34

Switches & Routers

Network Devices

Endpoints

IT Network Services

Wireless

Firewall & VPN

Endpoint & APT Protection

Vulnerability Assessment

SIEM/GRC

MDM

Page 35: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 35

Page 36: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 36

• Visibility of all devices, unmanaged & rogue

• Does not require agents

• Automate agent installation, activation, update

• Quarantine and remediate

• Bi-directional integration– Endpoint protection– Vulnerability Assessment– Advanced Threat Detection– Patch management ForeScout

Page 37: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 37

• ForeScout sends both low-level (who, what, where) and high-level (compliance status) information about endpoints to SIEM

• SIEM correlates ForeScout information with information from other sources and identifies risks posed by infected, malicious or high-risk endpoints

• SIEM initiates automated risk mitigation using ForeScout

• ForeScout takes risk mitigation action on endpoint

SIEMReal-time Info

Correlate, Identify Risks

Initiate Mitigation

Rem

edia

te

Qua

rant

ine

Page 38: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 38

Initiate Scan

Scan

Scan Results

Connect

Blo

ck o

r A

llow

EndpointSwitch

Vulnerability Assessment

System

Page 39: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 39

Visibility

• Detection of virtual machines that are located in the wrong zone (e.g. port group)

• Detection of virtual machines that lack an up-to-date version of VMware tools

• Detection of peripheral devices (e.g. a physical USB drive) connected to a virtual machine

• Detection of the hardware associated with each virtual machine

• Detection of the guest operating system running on each virtual machine

Page 40: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 40

VMware vSphere VMware vSphere VMware vSphere

VMware vCenter Server

Manage

vSphere Distributed Switch

VMware Plugins

Mirror Traffic

Page 41: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 41

Core Switch Virtual EnvironmentServer VirtualizationVirtual Desktop Infrastructure

Endpoint• Mobile Phone• Laptop• PC Desktop• Printer• VOIP

Thin Client

Policy for Virtual

Policy for Physical Desktop

Policy for Thin Client

ForeScout

Page 42: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 43

Web Services API LDAPSQL

Page 43: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 44

Page 44: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 45

• Mobility and BYOD are transforming the enterprise

– Mobile device adoption and diversity has exploded

– Enterprise perimeter becoming more open and extended

– Over 60% of employees use a personal device for work1

– Capabilities of consumer technology meet or exceed the features of IT-supplied assets

– Employees can purchase and use mobile technology faster than IT adoption cycles

1 Gartner, “Bring Your Own Device: The Facts and the Future”, April 2013, David A. Willis

1

Page 45: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 46

Secure the Device Secure the Data Secure the Network

• Secure configuration• Enforce passwords• Control user actions

• Manage content & apps• Protect privacy• Remote wiping

Mobile Device Management

(MDM)

• What is on my network?• Control access• Enforce security posture

MDM + MCM+

VDI

Next-Generation Network Access Control (NAC)

Page 46: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 47

• 100% visibility of all mobile devices, including those not yet enrolled in the MDM system

• Prevent unauthorized devices from accessing the network.

• More highly automated MDM enrollment process

• Real-time security posture assessment upon network connection

• Unified compliance reporting of allnetwork devices – Windows, Mac, phones, tablets, etc. ForeScout CounterACT

Page 47: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 48

) ) ) ) ) ) )

?

– Device connects to network Classify by type Check for mobile agent

– If agent is missing Quarantine device Install mobile agent

(HTTP Redirect)

– Once agent is activated Check compliance Allow policy-based access Continue monitoring

Enterprise Network

MDM

MDM

1

2

3

Device can access to internal server

ForeScout CounterACT

Page 48: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 49

Device-based control Network-based control

Enterprise App Mgmt (Distribution, Config)

InventoryManagement

Device Management (App Inventory,

Remote Wipe, etc.)

Policy Compliance (Jailbreak detection, PIN

lock, etc.)

Secure Data Containers

Guest Registration

Network Access Control (Wireless, Wired, VPN)Cert + Supplicant

Provisioning

Mobile + PC

Network Threat Prevention

Visibility of Unmanaged Devices

Page 49: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 50

Page 50: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 51

ต้องการระบบ Authentication สําหรับพนักงาน

ภายในองค์กรทัง้หมด โดยสามารถทาํได้ทัง้

ระบบ Wired และ Wireless ภายในอุปกรณ์ชุด

เดียว

• User ทําการ Authentication ผ่าน ForeScout

• ทํา MAC Authentication ให้กบัผู้บริหาร

• ตรวจสอบ Antivirus Compliance

(Installed/Running)

• สง่ HTTP Notification แจ้งเตือนเคร่ืองท่ีไม่ตดิตัง้

Antivirus

Page 51: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 52

ต้องการระบบ Authentication และระบบ

Hardware/Software Inventory ภายในอุปกรณ์ชุด

เดียว

• ทําระบบ BYOD

• User ทําการ Authentication ผ่าน ForeScout

• ใช้งานร่วมกบัระบบ MDM

• ตรวจสอบ Endpoint Compliance

• Threat Prevention

• ประกาศขา่วสารผ่าน HTTP Notification

Page 52: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 53

Page 53: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 54

Corporate Resources

Endpoints

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

Non-corporate

VM

Users

Applications

NetworkDevices

Antivirus out of date

Unauthorized applicationAgents not installed or not running

ForeScout Continuous Monitoring and Mitigation

Page 54: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 55

Endpoint Mitigation

Endpoint Authentication & Inspection

Network Enforcement

Information Integration

Continuous Visibility

Page 55: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 56

Fast and easy to deploy

Infrastructure Agnostic

Flexible and Customizable

Agentless andnon-disruptive

Scalable, no re-architecting

Works with mixed, legacy environment

Avoid vendor lock-in

Optimized for diversity and BYOD

Supports openintegration standards

Page 56: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 57

SUITE OF PACKAGED SOFTWARE

INTEGRATION MODULES

Vulnerability Assessment

Advance Threat Detection

SIEM (Bi-directional)

MDM

McAfee ePO

Open (Customer Development)

FAMILY OF APPLIANCE MANAGERS

A single appliance to handle up to # of ForeScout

appliances5102550100150200

Virtual appliances are also available.

FAMILY OF APPLIANCES

A single appliance to handle up to # of endpoints

Endpoints100500

1,0002,5004,00010,000

Virtual appliances are also available.

Page 57: Throughwave Day 2015 - ForeScout Automated Security Control

© 2014 ForeScout Technologies, Page 58

Choose ForeScout when you need…

• Hardware & Software Inventory

• Network Access Control

• BYOD Security

• Guest Networking

• Endpoint Compliance

• Threat Prevention

CT- 4000

CT-R

CT-100

CT-1000

CT-2000