ForeScout CounterACT Endpoint Compliance
Size: px
Start display at page:

Download "ForeScout CounterACT Endpoint Compliance"

Transcription

1 Highlights Benefits Continuous Monitoring: Identify security posture of devices on your network in real-time. Remediation: Ensure ends are properly configured, security agents are updated and running properly, vulnerabilities are patched, and the latest software versions are installed. Cost savings: By proactively identifying the unmanaged systems and/or insecure ends on your network, CounterACT lets you reduce your infection rate and subsequent remediation costs. Large organizations have reported saving $ million per year with ForeScout CounterACT. Time savings: CounterACT s real-time data and compliance reports show you problems on your network right now, so you can take action while the problem still exists. And when you improve your end security posture, your helpdesk team will spend fewer s re-imaging and disinfecting computers. Before having CounterACT, we had no idea what was on our network. After CounterACT, we re able to see all the applications and end devices and start to remediate security flaws, zero-day issues, and different applications and hardware across all 6 sites globally. Nick Duda Principal Information Security Engineer Vistaprint ForeScout CounterACT is a continuous monitoring and mitigation platform that delivers real-time visibility and control of devices on your network. ForeScout CounterACT assures end security by automatically identifying policy violations, remediating end security deficiencies, and measuring adherence to compliance mandates. Unlike most other end security systems, ForeScout CounterACT works over the network. It does not require the deployment of additional agents to your corporate-owned ends Challenges of Maintaining End Security Studies have shown that 80% of successful cyber attacks exploit well-known vulnerabilities. Why are these vulnerabilities still present on our networks, despite heavy investment in end security systems? Here are two of the reasons: Incomplete visibility. Most end security systems are based on agents. The unfortunate truth is that agents are hard to manage. Sometimes they stop working, or they may be intentionally disabled by the user or by malware. In such circumstances, IT security managers have incomplete visibility to the state of their environment. In addition, IT security managers typically have no visibility to the state of personally owned computers (BYOD) on the network because these are unmanaged devices. Old information. Most vulnerability assessment systems are based on periodic network scans. Typically, these scans are programmed to initiate on a weekly or monthly basis. Therefore, these scans miss transient devices that come onto the network for a few s and then leave. This leaves IT security managers blind to the vulnerabilities on these transient devices. How ForeScout CounterACT Works ForeScout CounterACT is an appliance that physically deploys out-of-band on your network. From that position, CounterACT monitors network traffic and integrates with your networking infrastructure so it can see new devices the moment they try to access your network. Based on this network information, CounterACT can identify the device type, whether the device is a member of your domain, location, user, and other basic information. CounterACT then obtains detailed information about the security posture of the device by querying the device over the network. CounterACT uses administrative credentials to query corporate-owned devices, which means that CounterACT does not require an end agent to glean the information. To glean detailed information about personally-owned devices, CounterACT can install a lightweight agent onto the device when the device comes onto the network. Once CounterACT discovers a security problem on an end, CounterACT s sophisticated policy manager can automatically execute a range of responses, depending on the severity of the problem. Minor violations might result in a warning message sent to the end-user. Serious violations could result in actions such as quarantine of the device; reinstallation of a security agent; restart an agent or process; trigger the end to fetch an operating system patch. Through optional ControlFabric integration modules, CounterACT can share the information it gleans with third-party systems such as your vulnerability assessment system, your security information and event management system, your mobile device management system, and more. Automating GRC and with SIEM and NAC, the Ogren Group, 20.

2 The ForeScout Difference ForeScout CounterACT for End Compliance offers a fast, easy way to measure and improve end security. Here is why: Turnkey. Everything is contained in a single physical or virtual appliance. Setup is fast and easy with built-in configuration wizards and templates. Agentless. ForeScout CounterACT can identify, classify, authenticate and control network access of both managed and unmanaged (BYOD) ends without any help from agents or any kind of preconfigured end software. Deep end inspection can also be done without an agent as long as CounterACT has administrative credentials on the end. In situations where CounterACT does not have administrative credentials (e.g. BYOD), deep inspection can be performed with the help of our optional SecureConnector agent. Non-disruptive. CounterACT can be deployed in a phased approach which minimizes disruption and yields rich compliance details. In the initial phase, CounterACT gives you visibility to your trouble spots. When you want to move forward with automated remediation and/or network quarantine, you can do so gradually, starting with the most critical scenarios or sensitive resources and choosing an appropriate enforcement action. Accelerated results. CounterACT provides useful results on Day by giving you visibility to end compliance problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately. Real-time information. Unlike vulnerability scanners which operate periodically, CounterACT provides realtime information about the security posture of ends. Policy Manager Attributes Conditions Device type of device manufacturer location connection type User name authentication status workgroup and phone number Operating System OS type version number patch level services and processes Security Posture anti-malware agents patch management agents firewall status configuration Applications installed running version number Peripherals type of device manufacturer connection type Network Traffic malicious traffic traffic source & destination rogue DHCP or NAT behavior Figure : ForeScout CounterACT s policy manager lets you create custom policies based on an extensive list of attributes, and utilizing a wide range of actions. 2 Actions User Communication send send to web page open trouble ticket force re-authentication Network Access Control allow block restrict register guest OS Remediation install patch configure registry start or stop process trigger external remediation service Security Agent Remediation install agent start agent update agent update configuration Application Control stop or stop application update application Peripherals Control disable peripheral Network Protection block malicious traffic quarantine malicious device

3 Features Management and General ControlFabric technology ForeScout CounterACT is the centerpiece of the ControlFabric architecture that enables ForeScout CounterACT and other solutions to exchange information and resolve a wide variety of network, security and operational issues. Problem Identification Detect when devices or users are out of compliance with your security policy. Track down users who are engaging in risky behavior such as using P2P applications, external storage drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including the reason for non-compliance and complete details such as location of the device. Control End Remediation CounterACT can direct anti-virus to autoupdate the non-compliant host, prompt the patch management system to update the device s operating system, or disable unauthorized software, or update the end s anti-virus. Active Asset Management CounterACT builds a database of ends on your network including devices, operating systems, applications, processes, open ports, peripheral devices, vulnerabilities, and users. Each entity is automatically discovered and classified by type. You can build custom groupings either on-the-fly or manually to help you manage your assets and apply policies to each group. Compliance Reporting CounterACT has a fully integrated reporting engine that helps you monitor your level of policy compliance, fulfill regulatory audit requirements, and produce real-time inventory reports. Flexible Policy Enforcement When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable (see Figure ). Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users and IT personnel that a security policy has been violated. Policy Manager Quickly create end security policies using pre-built policy templates and wizards. CounterACT includes a built-in knowledge base of common security configurations for things such as external storage, antivirus, peer-to-peer, personal firewall, instant messaging, Windows updates, and MacOS updates. Custom policies can be configured using any of the visibility attributes shown in Figure as triggers for the policy, and any of the actions shown in Figure as controls for the policy. Qualifications ForeScout CounterACT is military grade with the following qualifications: USMC ATO US Army CoN (Certificate of Networthiness) UC APL (Unified Capabilities Approved Product List) Common Criteria EAL L4+ Agentless operation ForeScout CounterACT can identify, classify, authenticate and control network access without an agent. Deep end inspection can also be done without an agent as long as CounterACT has administrative credentials on the end. In situations where CounterACT does not have administrative credentials (e.g. BYOD), deep inspection can be performed with the help of our optional SecureConnector agent which is included with CounterACT at no additional charge. Scalable Models ForeScout CounterACT has been proven in customer networks exceeding 500,000 ends. CounterACT appliances are available in a range of sizes to accommodate networks of different sizes. Large networks that require multiple appliances can be centrally managed by ForeScout CounterACT Enterprise Manager. ForeScout CounterACT is available in either a physical or virtual appliance form factor. Each ForeScout CounterACT appliance includes a perpetual license for a specified number of network devices. Licenses are available for 00, 500, 000, 2500, 4000, and 0,000 devices per appliance. For details on our licensing policy, see ForeScout CounterACT is fully integrated with functionality contained in a single product. This simple model avoids the administrative burdens and costs that are required to maintain multiple products, components, portals and licenses. Physical appliance specifications are shown on the next page. For virtual appliance specifications, visit 3

4 CT-R CT-00 CT-000 CT-2000 CT-4000 CT-0000 Devices Up to 00 Up to 500 Up to 000 Up to 2500 Up to 4000 Up to 0000 Bandwidth 00 Mbps 500 Mbps Gbps 2 Gbps Multi-Gbps Multi-Gbps Recommended Maximum Number of Managed Switches 2 Network Ports Copper Fiber N/A Available option (Up to 2 total) Available option (Up to I/O Support serial port (RJ45) serial port (DB9) serial port (DB9) serial port (DB9) serial port (DB9) serial port (DB9) USB Ports 2, USB 2.0-compliant VGA (DB5) (DB5) (DB5) (DB5) (DB5) (DB5) CD-ROM N/A Hard Drives HDD 3 HDD (RAID-+HS) 3 HDD (RAID-+HS) 3 HDD (RAID-+HS) 3 HDD (RAID-+HS) 3 HDD (RAID-+HS) Power up to 60w, up to 750w Power 45.3w 744w 744w 744w 744w 744w Consumption (max) Temperature Operating 5 to 40 C 0 to 70 C (RH), with 26 C max dew. Storage (-40 F to 49 F) temperature Cooling Requirement Humidity 20% - 90% 20% to 80% (noncondensing) at a maximum wet bulb temperature of 29 C (84.2 F) Chassis U desktop (steel slim line case) (RH), with 26 C max dew. (-40 F to 49 F) temperature gradation of 20 C per 0 C to 35 C (50 F to 95 F) at 0% to 80% (-40 F to 49 F) temperature gradation of 20 C per 0 C to 35 C (50 F to 95 F) at 0% to 80% (-40 F to 49 F) with a maximum temperature 0 C to 35 C (50 F to 95 F) at 0% to 80% (-40 F to 49 F) with a maximum temperature N/A 289 BTU/Hr 289 BTU/Hr 289 BTU/Hr 289 BTU/Hr 289 BTU/Hr Dimensions Height: 55mm (2.7 ) Width: 335mm (9.84 ) Depth: 23mm (8.39 ) Shipment Weight: 4 pounds 20% to 80% (noncondensing) at a maximum wet bulb temperature of 29 C (84.2 F) U 9 rack mount U 9 rack mount 2U 9 rack mount 2U 9 rack mount 2U 9 rack mount Height: 42.92mm(.69 ) Width: mm (8.99 ) Depth: 70.29mm (27.6 ) Weight: 56 pounds Height: 42.92mm(.69 ) Width: mm (8.99 ) Depth: 70.29mm (27.6 ) Weight: 57 pounds Width: 482.4mm(8.99 ) Weight: 65 pounds NOTE: All devices comply with FCC Part 5 of the FCC Rules, Class A; CANADA/USA: CSA and UL (Safety); ROHS. Width: 482.4mm(8.99 ) Weight: 66 pounds Width: 482.4mm(8.99 ) Weight: 67 pounds Device count, as determined by CounterACT, is the numerical sum of unique connections monitored by CounterACT made by on-site assets, off-site assets, and assets made known to CounterACT via third-party integrations. Network assets include user ends such as laptops, tablets and smartphones, network infrastructure devices such as switches, routers and access s, and non-user devices such as printers, IP phones, security/medical/manufacturing equipment etc. Device information is retained in CounterACT from initial discovery until such time the information is purged, based on aging preferences set in CounterACT. 2 Each CounterACT appliance is licensed for a specified device count. However, the maximum number of devices that a CounterACT appliance can manage will vary based on several factors, including but not limited to, network environment, product configuration and use cases. When managing more than the recommended maximum number of L2/L3 switches, there is a tradeoff between managed switch count and total managed device count. For a more detailed explanation, including capacity planning guidelines, refer to the CounterACT Switch Plugin Configuration Guide. 4

5 Take the ForeScout Challenge Let us know which ForeScout solution is right for you, and we ll arrange a free on-site evaluation About ForeScout ForeScout enables organizations to continuously monitor and mitigate security exposures and cyber attacks. The company s CounterACT appliance dynamically identifies and evaluates network users, ends and applications to provide visibility, intelligence and policy-based mitigation of security problems. ForeScout s open ControlFabric architecture allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout s solutions are easy to deploy, unobtrusive, extensible and scalable, as of January, 205, they have been chosen by more than,800 of the world s most secure enterprises and government agencies in over 62 countries. Headquartered in Campbell, California, ForeScout offers its solutions through its global network of authorized partners. Learn more at ForeScout Technologies, Inc. 900 E. Hamilton Ave., Suite 300 Campbell, CA U.S.A. Contact Us T (US) T (Intl.) F (Intl.) ForeScout Technologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners. Doc REV. 3 5

Similar documents
2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information