INSERT COMPANY LOGO HERE

Transcription

1 INSERT COMPANY LOGO HERE 2014 Frost & Sullivan 1 We Accelerate Growth

2 Technology Innovation Leadership Award Network Security Global, 2014 Frost & Sullivan s Global Research Platform Frost & Sullivan is in its 50th year in business with a global research organization of 1,800 analysts and consultants who monitor more than 300 industries and 250,000 companies. The company s research philosophy originates with the CEO s 360-Degree Perspective, which serves as the foundation of its TEAM Research methodology. This unique approach enables us to determine how best-in-class companies worldwide manage growth, innovation and leadership. Based on the findings of this Best Practices research, Frost & Sullivan is proud to present the 2014 Global Technology Innovation Leadership Award in Network Security to ForeScout Technologies, Inc. for its CounterACT platform and ControlFabric architecture. Significance of the Visionary Innovation Award Key Industry Challenges Addressed by Visionary Innovation The security industry has been commendable in creating new point solutions to address an ever-evolving threat landscape. Information security professionals have adopted a defense-in-depth approach towards applying point solutions for each threat category. However, unforeseen consequences have developed. As the number of security technologies grew, so did management complexity increase in terms of the number of tools and controls and the sheer volume of data and sources. This problem of security management complexity is further exacerbated by increased network complexity and device diversity as more organizations adopt virtual, mobile and cloud technologies, and as employees increasingly access corporate resources through their personal and mobile devices - the IT consumerization trend often referred to as BYOD (bring your own device). The expanded exposure to cyber attacks, compliance violations and data leakage risk is a growing concern for IT organizations as they are already overtaxed. Related as captured in a recent survey conducted by Frost & Sullivan of over 12,000 information security professionals, 56 percent report that their organizations have too few information security workers. Network and security operations, like other IT organizations, need to optimize resources and gain greater efficiencies. The result of increased infrastructure complexity and strained security departments has affected an organization s level of operational intelligence and their ability to maintain a level of security quality is suffering. As a reflection of this, according to the IBM X-Force 2013 Mid-Year Trend and Risk Report, Many of the breaches reported in the last year were a result of poorly applied security fundamentals and policies and could have been 2014 Frost & Sullivan 2 We Accelerate Growth

3 mitigated by putting some basic security hygiene into practice. Attackers seem to be capitalizing on this lack of security basics by using a model of operational sophistication that allows them to increase their return on exploit. The idea that even basic security hygiene (the ability to maintain configuration standards, reduce known vulnerabilities and ensure host-based security is installed, active and up-to-date) is not upheld in organizations, leads us to believe that, for a variety of reasons, companies are struggling with a commitment to apply basic security fundamentals. The message from the marketplace is clear: administrators of security technologies need tools that simplify and automate the task of managing security. Organizations need to think beyond reacting to exposures and explore technical mechanisms that better leverage their existing infrastructure and arsenal of point security products. As such, security platforms must provide greater visibility, context, and integrated management functionality across multiple security technologies. The need for improved network monitoring and intelligence tools is echoed by security professionals. Three out of four network security professionals believe network monitoring and intelligence will provide significant improvements to system and network security. Almost as many (72 percent) believe Improved intrusion detection and prevention technologies will provide necessary means to preempt threats and reduce cyberattacks. Figure 1- Technologies that Significantly Improve System and Network Security Beyond tools, network and security organizations must consider that: 1. processes and control must evolve to support continuous monitoring and mitigation 2014 Frost & Sullivan 3 We Accelerate Growth

4 2. operational security will require, faster and broader control context and interoperability 3. the IT organization will need to establish mutually agreed upon SLAs that can be reflected in policy and technical controls in order to enable security automation Network security tools improvements come in three distinct phases of evolution with the more advanced phases relying on the preceding phases (i.e., the building of a pyramid). These three phases are: (1) visibility, (2) implementation, and (3) automation. Visibility Visibility is more than just aggregating disparate tool data and information. Visibility includes the presentation of source, behavior and signaturebased heuristics; enabling security professionals to see and understand users, devices, applications and actions, and available controls enterprise-wise. This visibility enables proper filtering, viewing, reporting and policy-based action. By providing integrated views across systems and technologies in a singular, easy to use console, the results alleviates the burden of diagnosis and allow security professionals to implement controls and respond to issues expeditiously. Implementation Essentially, once a security professional can see across multiple security tools, he or she needs to be able to easily implement changes. This would allow administrators to establish one set of policies that can be automatically implemented across their infrastructure. Automation By providing ability to see across the network infrastructure, and with the ability to take action, manageability tools should be able to implement control adjustments or make changes automatically based on policy, without the constant need for security professional involvement. The aim of reducing the network security professional involvement is not to reduce headcount, but to try to do more with the existing teams, as the threat landscape heaps new challenges on the network security function daily. Moreover, overburdened with daily security tasks, time constraints limit the security staff s involvement in equally important strategic risk management initiatives. As individual companies, and the security industry as a whole, take incremental steps in automation implementation, two significant issues will be addressed. These issues are the need for policies and the need to leverage standards. The definition of security policies is required to enable automation. Security automation will not be accomplished without defining policies within available controls, and ensuring that there are procedures to support the policies. Vendor s support of standards would allow security tools to use protocols for integration, facilitating auto-discovery between different security vendors and technologies; and, thus, accelerating the move to automation. Simple Network Management Protocol (SNMP) is an example where once a proliferation of standardized tools arose to tie in different network appliances to monitoring tools Frost & Sullivan 4 We Accelerate Growth

5 Improvements in network security manageability are more than theory; there are several companies that have made notable strides across all three phases of evolution. ForeScout s CounterACT platform, which provides visibility, control and mitigation, and their ControlFabric architecture, which enables interoperability between network and security infrastructure, delivers such network security innovation today. Key Benchmarking Criteria for Global Technology Innovation Award The Frost & Sullivan Award for Global Technology Innovation is presented each year to the company that has demonstrated excellence in implementing strategies that proactively create value for its customers with a focus on improving the return on the investment that customers make in its services or products. This award recognizes a company's inordinate focus on enhancing the value that its customers receive that leads to improved customer retention and ultimately increased market potential. ForeScout Technologies, Inc. (ForeScout) was chosen from a category comprised network security vendors with respective technical innovations that were recommended and subsequently reviewed for final consideration of this award. Top companies were researched according to Frost & Sullivan s best practice methodology comprised of industry and category analysis, strategic vendor assessment, technology appraisal and customer interviews. The 10-step awarding process is illustrated in Chart 1. Chart 1: Frost & Sullivan s 10-Step Process for Identifying Award Recipients For the Technology Innovation Award, the following criteria were used to benchmark ForeScout s relative performance against other candidates: uniqueness of technology; impact on new products/applications; impact on functionality, impact on customer value; and relevance of innovation to industry Frost & Sullivan 5 We Accelerate Growth

6 Global Technology Leadership Award for ForeScout ForeScout s Performance in Network Security ForeScout is a provider of network security solutions that encompass network access, mobile security, endpoint compliance, and threat prevention. ForeScout has been distinguished by Frost & Sullivan for its market share growth and platform capability to meet market demands. 2 After years of protecting organizations networks from unauthorized access and malware and deploying numerous host-based defenses, Next-Generation Network Access Control (NAC) is fast developing a reputation as an indispensable security platform that offers a wealth of functionality predicated on the importance of dynamic endpoint intelligence and policy-based remediation. Next-Generation NAC can dynamically identify, inspect, and control all network-connecting devices, including wired, wireless, and remote endpoints, as well as ensure endpoint compliance and threat mitigation both pre-admission and post network admission. As a result, the value of Next-Generation NAC has transcended far beyond the simple access authorization offered by earlier NAC solutions, in that these solutions yield better use of security investments and IT resources, as well as enable IT to be more responsive to thwart threats and maintain endpoint compliance. This continuous network visibility and control addresses risks concerning several ongoing trends in enterprise computing increased demand for access to network resources; growing diversity and numbers of mobile and personal endpoints; and increasing adoption of mobile, virtual and cloud services which has driven NAC into broader market adoption. 3 Key Performance Drivers for Visionary Innovation Leadership In October 2013, ForeScout extended its CounterACT platform with an open, standardsbased communication architecture, referred to as ControlFabric. ControlFabric technology, which been evolving since 2008, provides bi-directional interfaces and protocols for visibility, intelligence and remediation across multiple network, security and management tool sets. The ControlFabric architecture allows developers, customers, and system integrators to integrate their network, security, and management applications into ForeScout s network security platform. CounterACT can securely share its real-time endpoint intelligence with other systems to enhance context within their controls, and conversely, external systems can provide CounterACT greater operational context, as illustrated in Figure 2. In addition, these systems can also send information and instructions to CounterACT to take network enforcement and endpoint remediation action. As a result, visibility of network security data from multiple security tools is enabled, and can trigger (automatically or on demand 2014 Frost & Sullivan 6 We Accelerate Growth

7 by the operator) proactive network security changes implemented through policy-based controls. Figure 2 - Illustration of ForeScout ControlFabric Communication Architecture For example, a ForeScout CounterACT can detect the moment that a new device enters the network and can assess the device against corporate-define security policy. The endpoint intelligence can be shared with an HP ArcSight SIEM to enhance analytics coverage. The results of CounterACT s device inspection can used as a policy-based trigger for CounterACT to inform Microsoft SCCM to update the system due to a missing patch or to inform McAfee epo (e-policy orchestrator) to reinstall the missing spo client software. Conversely, a correlated query from Splunk Enterprise SIEM can set a rule that sends data to CounterACT to directly change a device setting, or a zero-day malware can be identified by FireEye Advanced Threat Detection (ATD) engine can invoke an action that sends CounterACT details to quarantine an infected devices. As result, visibility of network security data from multiple security tools is enabled and can be used to trigger proactive network security changes, implemented through policy-based controls. CounterACT with its ControlFabric architecture provides a prime example of all three phases of Network Security Manageability Tool Evolution (1) Visibility, (2) Implementation, and (3) Automation synergistically operating together. ForeScout has provided standardsbased communication interfaces and protocols necessary for visibility and data exchange via its ControlFabric architecture. The CounterACT platform includes base integrations that work with popular network infrastructure, endpoints, directories, systems management, such as Microsoft SCCM, and endpoint security software, such as antivirus. Extended integration can be licensed as plugin modules to enable more advanced bi-directional interoperability with the following 2014 Frost & Sullivan 7 We Accelerate Growth

8 categories of products: Mobile Device Management, Advanced Threat Detection, Security Information and Event Management, Endpoint Protection Suites, and Vulnerability assessment. 4 Key Performance Drivers for Visionary Innovation Leadership (continued) 5 Conclusion The need to make network security more usable, proactive and responsive is clear. The demands on security professionals are ever increasing; staffing levels are not increasing at the same rate. As security vendors look to enhance their tools for usability, they should focus on the three stages of network security tool evolution: (1) visibility, (2) implementation, and (3) automation. ForeScout demonstrated visionary leadership to enhance network security manageability with the introduction of ControlFabric architecture, demonstrating that the company gets it. ControlFabric technology provides essential bi-directional interfaces and protocols for 2014 Frost & Sullivan 8 We Accelerate Growth

9 visibility, intelligence, and remediation across multiple network, security, and management tool sets. Extending the CounterAct platform with ControlFabric enables network security vendors to work together and cooperate to make network security easier for security professionals to achieve continuous monitoring and mitigation capabilities. Critical Importance of TEAM Research Frost & Sullivan s TEAM Research methodology represents the analytical rigor of our research process. It offers a 360-degree view of industry challenges, trends, and issues by integrating all seven of Frost & Sullivan's research methodologies. The integration of these research disciplines into the TEAM Research methodology provides an evaluation platform for benchmarking industry players and for creating highpotential growth strategies for our clients. Chart 2: Benchmarking Performance with TEAM Research About ForeScout Technologies, Inc. ForeScout delivers pervasive network security by allowing organizations to continuous monitor and mitigate security exposures and cyberattacks. The company s CounterACT platform dynamically identifies and assesses all network users, endpoints and applications to provide visibility, intelligence and policy-based mitigation of security issues. ForeScout s open ControlFabric technology allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best-practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 40 offices on six continents. To join our Growth Partnership, please visit Frost & Sullivan 9 We Accelerate Growth

10 1 Frost & Sullivan, Network Security Manageability Tools, The Three Phases of Evolution 2 Frost & Sullivan, 2013 Analysis of Global NAC Market, Report NC Frost & Sullivan, Next-Generation NAC:A Cornerstone Defense for Dynamic Endpoint Intelligence and Risk Mitigation 2014 Frost & Sullivan 10 We Accelerate Growth