1 Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify unauthorized or non-compliant Identify mobile without password protection Identify mobile that are missing required apps, for example, management or security apps Send messages to mobile users Work with ForeScout CounterACT to block or limit network access based on who, what, when, where, and how secure the device is Unified network access policy management and reporting of all endpoint on the network regardless of user, device ownership, device type, connection method, or location Identify and block malicious activity Benefits Improved visibility across all mobile connected to your network Enhanced security against non-compliant Operational efficiency with automated enrollment ForeScout ForeScout is the fastest and most comprehensive way to configure for enterprise access and secure corporate data on smartphones and tablets all from a single screen. ForeScout is an easy to use platform that includes all of the essential functionality for end-to-end management of ios, Android, Windows Phone, and BlackBerry. ForeScout is powered by MaaS60, a powerful cloud-based technology used by over 000 organizations around the world to secure over 1 million mobile, and named Leader in the Gartner Magic Quadrant for MDM Software and Winner of the 201 SIIA CODiE Award for Best Mobile Device Application for Enterprises Total Endpoint Policy Management With the explosion of handheld mobile, we are all hurtling toward a post PC world in which employees will be carrying various mobile, some owned by them, some owned by the company. This new paradigm of computing is challenging our existing paradigms of network security, data security, and device security. Wouldn t it be nice if, instead of implementing new security silos that are limited to mobile, you could extend your PC and network security systems to encompass mobile? With a single unified security management and reporting system, you would be confident that your network is secure regardless of what type of device a user may be carrying a PC, a Mac, a smartphone or tablet. You would minimize costs and administrative overhead. That future is today. ForeScout ForeScout, powered by MaaS60, includes all of the essential functionality that you need for end-to-end management of ios, Android, Windows Phone, and Blackberry. And what s better is that it integrates with ForeScout CounterACT, our flagship network security and policy automation system, to give you unified visibility and control over everything on your network. ForeScout is a cloud-based solution, so deployment is quick and easy. In just a few clicks, IT can start enrolling and managing the entire mobile device lifecycle, from enrollment to security, monitoring, application management and support. Together with ForeScout CounterACT, ForeScout provides a whole new level of centralized visibility and control for actionable insights into your entire computing landscape. Secure All Mobile Devices: ForeScout supports all major smartphone and tablet platforms including ios, Android, Windows Phone, and BlackBerry in both Exchange and Lotus Notes environments. Embrace BYOD: ForeScout provides workflows to discover, enroll, manage and report on personally owned as part of your mobile device operations. Experience Simple Device Enrollment and Approval: ForeScout provides auto-quarantine for Exchange, and alerts IT personnel to approve all new. Additionally it provides for easy user self-enrollment via web, or SMS.
2 Enterprises must be prepared to manage and secure a wide range of, some of which they don t own. Multiplatform MDM tools are one way to achieve this. Gartner, Top 10 Mobile Technologies for 2012 and 201, 14 February 2012, Nick Jones No matter what [BYOD] strategy is selected, the ability to detect when unmanaged are in use for business purposes will be required and that requires NAC. Gartner, NAC Strategies for Supporting BYOD Environments, 22 December 2011, Lawrence Orans and John Pescatore How ForeScout Works With an intuitive interface and easy to use workflows, ForeScout enables you to support the entire mobility lifecycle from enrollment to configuration management, compliance, security, app and document management, along with help desk support. Provision: ForeScout streamlines the configuration and device enrollment process using SMS, or a custom URL to make life simple for IT and mobile employees. Device enrollment takes just minutes. When combined with ForeScout CounterACT, provisioning is highly automated for any new device that accesses the network. Users can be authenticated over the network using Active Directory/LDAP, using a one-time passcode, or with SAML. Integrate: With ForeScout Cloud Extender, you can securely integrate with all major , calendar and contacts platforms including Exchange, Lotus Notes, and Microsoft Office 65, plus Active Directory and any required Certificate Authorities. Manage: OTA configuration management provides simple delivery and maintenance of corporate device profiles, including Wi-Fi and VPN settings. Create custom groups for granular management. Define role-based administrative portal access rights. Decommission by removing corporate data and MDM control (see Figure 1). Secure: ForeScout provides dynamic, end-to-end security and compliance management. Enforcement of passcode policies and strong encryption keys protects sensitive business and personal data on mobile. Through real-time compliance management, ForeScout can detect when users opt out of your MDM program, install prohibited applications, jailbreak/root their mobile, or initiate SIM changes. Take automated actions such as messaging the user, blocking , wiping corporate data from the device, or removing it from the network. Monitor: ForeScout provides integrated reporting and analytics to provide a high level view into your mobile device landscape across your enterprise with detailed hardware and software inventory reports, plus configuration and vulnerability details. Mobility Intelligence dashboards deliver an interactive, graphical summary of your mobile device operations and compliance. Support: ForeScout provides robust help desk capabilities for support procedures such as locating a device with GPS, resetting a user s passcode, and sending a direct message to a device. ForeScout also provides an end-user support portal that allows users to do basic self-management of their device, such as wiping or resetting the password on a lost device. Application Management: ForeScout lets you have your own centrally managed Application Catalog of approved or recommended public applications and in-house developed applications. Within the catalog users can instantly view apps available to them, install apps, and be alerted to update apps. IT administrators can set policies for blacklisted, whitelisted and required apps (see Figure 2). Expense Management: ForeScout enables organizations to set corporate-wide expense policies, and to proactively monitor and track mobile data and application usage. This lets you optimize your mobile spend and shift the accountability to business units and/or individual employees.
3 ForeScout Figure 4: Secure allows employees to collaborate with colleges without risk of data leak. Figure 1: OTA confirguration management provides visibility and control over mobile. Figure 5: Mobile Application Security let s you integrate full security management. Figure 2: Enterprise allows you to centrally manage applications. Figure : Distribute documents securely to mobile. Figure 6: Set secure browser policies for users.
4 Combine NAC and mobile device management (MDM) to enforce policies in a BYOD environment. Personally owned that are not managed by MDM agents should be limited to Internet access only, or placed in a limited access zone where they can access a subset of applications and network resources as per user/group role. Recommendation from the Gartner Case Study Document Management: ForeScout lets you distribute business documents to users of mobile while providing total manageability and control. Each document can have its own security policy, including required authentication, share restriction and time-based expiration, and be distributed to all users, selected groups, or individual. Documents are distributed to the ForeScout Document Catalog on mobile, which is an encrypted document container that provides complete security, including data loss prevention controls and protection from unauthorized distribution. Integrate with content in SharePoint or Box, or leverage the MaaS60 Doc Cloud, a globally optimized distribution network which reduces network load and increases scalability and performance (see Figure ). Secure Mail: ForeScout delivers a secure office productivity app with , calendar and contacts to allow employees to securely collaborate with colleagues while preserving the mobile experience on their personal. This addresses key concerns of data loss risks. Through authentication and authorization, only approved, valid users can access sensitive s and data. With policies for data leak prevention, you can restrict sharing by users, forwarding of attachments and copying and pasting of text. Devices that are lost, stolen or compromised can be selectively wiped to remove the secure container, all attachments and profiles (see Figure 4). Mobile Application Security: Using our simple application wrapper or Software Development Kit (SDK), you can secure in-house applications with a mobile application container. You can integrate full security management including enforcing authentication and data leak prevention controls, such as restricting copy, paste, and cloud data backups. Device compliance checks can be enforced prior to launching a secured application and real-time alerts can be sent to the administrator when compliance violations occur. Provision app-level tunnels for secure access to corporate data without needing a device VPN (see Figure 5). Secure Document Sharing: ForeScout not only enables users to view content, but create, edit and save content securely on-the-go, all in an encrypted container. The secure office productivity app works with all common file types including Word, Excel, PowerPoint, and text formats. Users can seamlessly access and share content via Secure Mail, MaaS60 Doc Cloud and corporate file shares (e.g., SharePoint, Box). Secure Browser: ForeScout includes a Secure Browser app which reduces the vulnerability your mobile have to risky websites that may contain malware, violate HR policies, or simply waste your users precious time. The Secure Browser blocks known malware and malicious websites using a scanning engine and reputation database. IT administrators can specify categories of web content that are blocked, for example social networking sites, download sites, and explicit sites. Send custom text or HTML notifications to users when they try to access a prohibited URL. Redirect users to a specific URL when policies are violated. Alert administrators in real time when users try to access forbidden sites. Optionally disable native or third party browsers. Setup secure access to corporate intranet sites and enterprise networks with no VPN required (see Figure 6).
5 The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete security solution for the following reasons: 1. MDM systems can only see and manage that have already been enrolled in the MDM system. 2. MDM systems typically do not control access to the network.. MDM systems are often operated as another management silo, with another set of reports. Through a simple plug-in module, ForeScout integrates with ForeScout CounterACT, our flagship network access control and security automation product. Once integrated, you will obtain many valuable synergies: Automated real-time detection of mobile the moment they try to connect to your network, including unmanaged and unknown. Improved security by blocking unauthorized users and from the network. Unified compliance reporting for all endpoint PCs, smartphones, and tablets. Automated installation of MDM agents by directing unmanaged to an installation web page. Unified network access control policy enforcement options. Allow compliant and managed onto the network. Limit network access based on device type, ownership, time of day, and compliance. Block non-compliant, or certain types of, from your network completely. Guest registration for personal mobile that are not owned by employees. Once a guest has registered and been approved, ForeScout CounterACT can restrict the user s access to just the Internet. Continuous protection. If malware on a mobile device tries to propagate or interrogate your network, ForeScout CounterACT will block the threat, and remove the device from your network. Visibility NAC Alone MDM Alone NAC + MDM Basic OS info on all Full info on managed only Complete Network Access Control Complete No Complete Mobile Device Compliance Very limited Complete Complete Agent Deployment Network based Pre-registration Both Figure 7: NAC + MDM = Complete security.
6 Device Support ios version 4. and higher Android version 2.2 and higher BlackBerry Enterprise Server (BES) version 5.0 and higher Windows Phone 7.5 and 8 when integrated with Exchange ActiveSync and Lotus Traveler Figure 8: ForeScout MDM integration scope and coverage. Take the ForeScout Challenge Let us know which ForeScout solution is right for you, and we ll arrange a free on-site evaluation About ForeScout ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyberattacks. The company s CounterACT platform dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based remediation of security faults. Because ForeScout s pervasive network security solution is easy to deploy, unobtrusive, open and scalable, it has been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at ForeScout Technologies, Inc. 900 E. Hamilton Ave., Suite 00 Campbell, CA U.S.A. T (US) T (Intl.) F (Intl.) 201 ForeScout Technologies, Inc. Products protected by US Patent #6,6,489, March All rights reserved. ForeScout Technologies, the ForeScout logo and ForeScout Mobile are trademarks of ForeScout Technologies, Inc. All other trademarks are the property of their respective owners. Doc: W
Enterprise Mobility Management: A Data Security Checklist Executive Summary Secure file sharing, syncing and productivity solutions enable mobile workers to access the files they need from any source at
Oracle Access Management Complete, Integrated, Scalable Access Management Solution O R A C L E W H I T E P A P E R M A Y 2 0 1 5 Disclaimer The following is intended to outline our general product direction.
SOLUTION BRIEF: 5 MUST-HAVES FOR AN ENTERPRISE MOBILITY......... MANAGEMENT.............. (EMM)...... SOLUTION........... 5 Must-Haves for an Enterprise Mobility Management (EMM) Solution Who should read
10 must-haves for secure enterprise mobility White Paper The 10 musthaves for secure enterprise mobility A security framework and evaluators checklist 2 Becoming a mobile enterprise means new opportunities
WHITE PAPER: TWO-FACTOR AUTHENTICATION: A TCO VIEWPOINT........................................ Two-Factor Authentication Who should read this paper This whitepaper is directed at IT, Security, and Compliance
BEST PRACTICES WHITE PAPER A path to improving the end-user experience By David Williams, Vice President of Strategy, Office of the CTO, BMC Software TABLE OF CONTENTS EXECUTIVE SUMMARY...............................................
IBM Software Thought Leadership White Paper February 2012 Automated, centralized management for enterprise servers Servers present unique management challenges but IBM Endpoint Manager is up to the job
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
What ios 7 Means for the Enterprise Introduction 3 1. ios 7 Mobile Application Management Enhancements 4 Enhancements to Accelerate Enterprise Application Development and Use 5 Enterprise Application Single
White Paper Getting ahead in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : March 2013 Users are demanding access to applications and services from wherever they are, whenever
B U I L T T 0 K E E P Y O U R B U S I N E S S M O V I N G Multi-OS Enterprise Mobility Management Perfectly balancing end-user and corporate needs Enterprise mobility enables organizations to transform
. The Radicati Group, Inc. Palo Alto, CA 94301 Phone: (650) 322-8059 www.radicati.com THE RADICATI GROUP, INC. ediscovery Market Quadrant 2014.......... An Analysis of the Market for ediscovery, Revealing
The Custom Defense Against Targeted Attacks A Trend Micro White Paper Contents Executive Summary...3 The Anatomy of a Targeted Attack...4 The Reality and Costs of Targeted Attacks...5 Strategic Choices
OpenText Managed File Transfer Technical Overview Abstract The Email-integrated Manage File Transfer solution from OpenText provides an extensive and well-balanced solution to file-transfer problems. Unbound
Overview Guide ShareFile Enterprise technical overview Secure data sync and sharing services ShareFile empowers users to securely share files with anyone and to sync files across all of their devices The
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
MOBILE FIRST ENTERPRISE 1 White Paper Mobile-first Enterprise: Easing the IT Burden 10 Requirements for Optimizing Your Network for Mobility 2 MOBILE FIRST ENTERPRISE Table of Contents Executive Summary
VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
WHITE PAPER Enabling BYOD in K-12 with Seamless Mobile Device Accountability and Control How to ideally support mobile devices and maintain Web security and policy compliance in your schools About This
QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.