Technical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods
|
|
- Walter Watkins
- 8 years ago
- Views:
Transcription
1 ForeScout CounterACT Endpoint
2 Contents Introduction Overview of ForeScout CounterACT... 3 Overview of Discovery and Inspection... 4 Host & Network Device Discovery... 4 Endpoint Detection & Inspection for Virtual Environments... 7 Database Integration... 7 Mobile Device Management (MDM) System Integration... 8 Summary... 9
3 Introduction This document has been created to explain the mechanisms used by ForeScout CounterACT to detect and inspect endpoints that are connected to a network. In addition, this document will clarify how CounterACT identifies unauthorized network devices such as switches, routers, and rogue WAPs (wireless access points) Overview of ForeScout CounterACT In brief, ForeScout CounterACT is an integrated security automation system that delivers real-time visibility and control of all devices on your network. CounterACT is delivered as an appliance which is deployed out-of-band on your network and integrates with network layer devices such as routers, switches, wireless access points, and authentication services. CounterACT automatically identifies who and what is on your network, controls access to your network, measures compliance with your endpoint security policies, and remediates security problems when they occur. Discovery and inspection are the first two steps in the approach that ForeScout CounterACT uses for IT risk management, as shown in the diagram below. Figure 1: Steps for IT risk management 3
4 Overview of Discovery and Inspection CounterACT uses a combination of techniques to gather data quickly, accurately and continuously from endpoints that are connecting and connected to a network. Some are primary discovery techniques built into the product, and some are secondary discovery techniques that rely on queries of external systems. CounterACT leverages the knowledge of other systems (e.g. databases, inventory systems, directories, next generation firewalls, etc.) through its large number of customer integrations as well as its open integration framework known as the Control Fabric Interface. The following pages will describe CounterACT s discovery and inspection techniques in terms of passive and active discovery and inspection, specific device interrogation, and data collected from integration with third-party products. Host & Network Device Discovery ForeScout CounterACT utilizes both passive and active discovery techniques as described below: Passive Discovery Passive discovery allows CounterACT to detect devices communicating across your network without any need for CounterACT to be connected inline of the data-flow path. Therefore, this is a key function that is used for monitoring endpoints that are connecting to your remote organizational networks. With passive monitoring, CounterACT simply receives a mirror (or SPAN) of the data-flow (either port based or VLAN) and discovers devices through the following techniques: Passive Authentication Monitoring ForeScout CounterACT passively monitors the authentication traffic of users and endpoints attempting to connect to an existing server or group of servers. By monitoring this authentication traffic, CounterACT can identify the user name, the user s authentication status, and the device IP and MAC address. Passive Nmap From the traffic that it sees, ForeScout CounterACT analyses the network and transport layer data within each packet. From this analysis, CounterACT determines the operating system and services being run on each host. DHCP & ARP Request Monitoring By monitoring DHCP and ARP requests, CounterACT identifies hosts and devices the moment they connect to the network. This is accomplished by analyzing data from the DHCP and ARP admission events, which CounterACT uses to determine the initial real-time location of each device as it connects to your network. CounterACT utilizes a DHCP Classification Plugin to monitor remote networks. This plugin is freely available to all ForeScout customers. The DHCP Classify function comes into play when communication between clients and DHCP server expands beyond a single IP broadcast domain that is typical when dealing with remote networks. The DHCP Classify function extracts host information when endpoints communicate with the DHCP server to acquire and maintain their network addresses. With this plugin installed, CounterACT processes this extracted host information in DHCP fingerprinting to determine the operating system and other host configuration information. The DHCP Classify Plugin enables organizations with geographically dispersed offices to deploy CounterACT in a centralized location and still maintain visibility and control over the entire network. HTTP User Agents An HTTP User Agent often identifies itself, its application type, operating system, software vendor, and/or software revision, by submitting a characteristic identification string to its operating peer. CounterACT uses the information from the HTTP User Agent to profile mobile devices connecting to your network. HTTP User Agent data is obtained by passively listening to HTTP traffic in order to see this browser information. Passive Banners CounterACT collects banner information by examining traffic on the network and uses it to determine the operating system of an endpoint. Since banner information is configurable by the user, CounterACT automatically supplements this information with additional information that it described elsewhere in this document. 4
5 Active Discovery ForeScout CounterACT also employs active discovery techniques through the network infrastructure and authentication services by querying these units/services via SNMP, CLI, or domain administrator credentials as follows: Firewalls, Routers, Switches, Remote Access VPN CounterACT integrates with network devices and queries the endpoint data on these devices, such as the ARP and CAM tables, to gain information about endpoints that are connected to these devices. CounterACT can integrate with VPN gateway servers to monitor and inspect connected hosts for compliance by finding the endpoint location and then performing active inspections as discussed below. In the case where a switch or an access point that is in bridge mode has been connected to the network, CounterACT can be configured to notify the administrator when it sees more than a specified number of MAC addresses sitting on a non-trunk switch port. If this happens, it is an indication that a new (probably rogue) network device has been connected. LDAP, RADIUS & 802.1X In addition to passively monitoring authentication traffic to discover the type of device that is connecting to your network, CounterACT integrates with multiple authentication services to actively determine the authentication status of every device on the network, before authorizing access to network resources. CounterACT integrates with the authentication services including LDAP and Active Directory to augment endpoint security profiles so it can apply its contextual based security decisions or actions against a company s security policy. Active Inspection CounterACT is able to actively inspect endpoints by using domain credentials. This is a major differentiator between CounterACT and most other NAC products which require endpoint agents to inspect the endpoint. Without using agents, CounterACT can actively inspect endpoints, both initially and on a continuous basis, to learn details about the host state and the location of the connected device. Active inspection techniques include the following: NAT Device Detection CounterACT includes a proprietary NAT detection analysis engine that accurately identifies when an unknown network device is connected to the network. Once CounterACT discovers such a device, CounterACT can notify the administrator and/or block the device from the network. External Scan For non-windows devices, ForeScout CounterACT can run an active Nmap scan against endpoints to gather detailed information with respect to the operating system, vendor, services, applications, processes, and available files (where applicable). This data is then revealed within the CounterACT management GUI, providing administrators with a detailed, real-time view regarding the type of device, or state of the host that has connected to the network. Active Banners CounterACT actively collects banner data to identify an operating system by opening a connection and reading the banner or response sent by the application. Many , FTP, and web servers will respond to a telnet connection with the name and version of the software. This aids in fingerprinting the operating system and application software. For example, a Microsoft Exchange server would only be installed on a Windows operating system. The banner information is completely configurable by the user, so this can be used to profile devices that belong to typical users or corporate users, but must be verified with additional information. CounterACT can further interrogate an endpoint for information through access with either a service level account access to domain machines, an SSH public key for Mac/Linux devices, or through the installation of a thin-client called SecureConnector. SecureConnector is a small piece of software that creates a communication tunnel between the endpoint and the CounterACT appliance. Once access to the endpoint is established, the CounterACT appliance can perform an internal scan of the host devices on the network with the following methods: Mobile Operating Systems ios & Android The ForeScout Mobile Security Module for Android is a CounterACT plug-in and a lightweight application for Android devices. The application collects hardware, software, and configuration information on the device it is installed on, and reports this to the CounterACT appliance. Similarly, ForeScout Mobile Security Module for ios natively supports ios devices, such as the ipad and iphone, by employing the Apple Mobile Device Management API and the Apple Push Notification service (APNs) which are built into the ios4 operating system. 5
6 Other Operating Systems SNMP & CLI With respect to network devices such as printers, manageable switches, routers and wireless access points, CounterACT can be configured to use SNMP or CLI to retrieve further detailed information from the network device on OS type, device type, connected host devices and much more. All this information is revealed within the CounterACT management GUI to help administrators check on compliance levels. ForeScout CounterACT continuously monitors endpoints after they have connected to your network. Through this, CounterACT discovers endpoint changes that might be undesirable, as well as suspicious and/or malicious behaviour, with the following: Threat Detection CounterACT s threat detection engine is powered by ForeScout s patented ActiveResponse technology. ActiveResponse monitors the behaviour of endpoints and can detect endpoints that have malicious intention. This unique technology does not require signatures or any form of maintenance, so the total cost of ownership is very low. Here is a brief summary of how ActiveResponse works: The first step for most network attacks is reconnaissance, where an attacker (either human or automated) gathers information about the network s configuration and vulnerabilities. ForeScout s ActiveResponse technology detects this reconnaissance and responds with counterfeit or marked information. Any subsequent attempt to use this marked information is proof of malicious intent. This allows ForeScout products that contain ActiveResponse technology to block the attack without the need for signatures, deep-packet inspection or manual intervention. ActiveResponse is able to detect hosts performing malicious actions such as port scans, attempted infections, service scans, etc. and immediately report and/or remediate such hosts or devices on your network. More information about ActiveResponse can be found here on ForeScout s web site. Tracking Changes CounterACT identifies changes on endpoints such as: applications installed, host names, operating systems, shared folders, switches, users, Windows services, and new TCP/IP ports. CounterACT s unique combination of endpoint discovery and inspection techniques are used to track endpoint changes making CounterACT instrumental in continuously monitoring endpoints while they are connected to the network. CounterACT uses its real-time collection of endpoint data to build a current profile for all network endpoints and compares the real-time data matching a profile to see if it is different from the existing endpoint profile data. If changes on an endpoint are detected, then the endpoint is completely re-inspected to see if it meets the current security policies set up by the company in CounterACT providing an event driven response to endpoint changes. Behavior Changes CounterACT can be configured to use both its event driven response to tracked changes and the ActiveResponse threat detection engine to detect changes in endpoint behavior. For example, when a printer starts to behave like an endpoint by trying to connect to a server; this behavior change could be a tell-tale sign that an intruder is on your network because he spoofed the printer s MAC address. Optional notification actions can be used to inform users at the malicious endpoint, as well as the CounterACT administrator that the endpoint is malicious and/or compromised. CounterACT also provides an extensive range of information about endpoint threats, and about users connected to them, to increase situational awareness with real-time and trend reports on threat activity across your network. CounterACT continuously tracks endpoint behavior changes to prevent network attacks and control four common categories of threats to your network; Malicious Hosts: Harmful network activity, such as a worm infection or malware propagation attempts. ARP Spoofing: Attempts to illegally gain access to your network, modify the traffic, or stop the traffic altogether using the Address Resolution Protocol. Impersonation: Attempts to masquerade as a legitimate corporate device in order to gain access to your network. Dual Homed: Effectively this is a bridge connection to your network, created by a host such as a rogue wireless access point. 6
7 Endpoint Detection & Inspection for Virtual Environments The virtual environment is typically more dynamic than physical environments, and virtual machines (VMs) can appear on your network quite easily and possibly without IT awareness. CounterACT gives you real-time visibility and control over your virtual environment, such as VMware, Microsoft, and Citrix. CounterACT discovers and inspects a VM just as it does a physical machine first finding the physical location of the virtual machine, and then collecting further data in passive and active discovery modes. CounterACT is an excellent complement to VMware vshield. The domain in which vshield operates is limited to a VMware environment. The domain in which CounterACT operates is a superset of that environment. CounterACT provides visibility and network access control through its combination of endpoint and inspection techniques over everything touching the network that has an IP address multiple types and brands of VMs; multiple types of physical operating systems (Windows, Mac, Linux, ios, Android, Blackberry, etc); and vari ous kinds of network devices that have no operating systems (wireless access points, routers, hubs, cameras, machinery, etc.). Database Integration Database integration is a secondary way for CounterACT to learn about endpoints. CounterACT can exchange data with third-party database, inventory, and directory systems by using the Data Exchange (DEX) module and/or LDAP queries. CounterACT can also provide real-time endpoint information and compliance data back to these business applications and reporting systems. Custom queries can be used to collate information about users, hosts, mobile devices, properties, and permissions. This information can be incorporated into CounterACT for use in network access policies or endpoint compliance policies. The Data Exchange Module supports a wide range of databases including Oracle, SQL Server, MySQL, and more, since the open integration system is customizable enough to address most database query requirements. The Data Exchange Module can be used to address various discovery and inspection use cases such as: Get information about hosts and their properties from Configuration Management Database (CMDB) systems. This can be used to apply different policies in CounterACT based on server or endpoint properties. For example, if a Windows endpoint is in the process of being imaged, it can be excluded from endpoint compliance checks, thereby eliminating false positives. Retrieve detailed attributes about objects from various directory systems, such as employee cost centre information, employee employment location, employee hire date, etc., for budgetary planning of software upgrades for endpoints and servers. This information can be incorporated into CounterACT policy decisions. Distinguish between corporate and personal devices by accessing a repository that contains MAC addresses, serial numbers, or other identifiers of corporate devices. Query a third-party database for the authorized user of each corporate device. Compare current user to expected user and enforce network access. Retrieve an approved list of BYOD users and devices from a repository to make BYOD provisioning decisions. Identify and alert on devices and equipment listed in inventory systems, such as patch management or vulnerability assessment systems, but that are not seen connected and/or used on the network; or identify and alert on devices seen on the network but that are not listed in the inventory. Incorporate business context such as user roles and rights from systems such as PeopleSoft, Oracle and SAP used by HR, legal, finance or other departments. CounterACT also integrates with McAfee s epolicy Orchestrator (epo), and Microsoft s System Center Configuration Manager (SCCM) through separate plugins that focus on the specific information exchange between these systems. 7
8 Mobile Device Management (MDM) System Integration CounterACT also integrates with ForeScout MDM Enterprise as well as leading MDM solutions from vendors such as AirWatch, Citrix, Fiberlink, and MobileIron. Through this integration, ForeScout can obtain a broad range of information about mobile devices. CounterACT can also obtain ios and Android device properties through the use of the ForeScout Mobile Security Module. This product is a lightweight extension of CounterACT through the use of plugins and agents for ios and Android. The ForeScout Mobile Security Module is designed to provide CounterACT a rich set of mobile device information (similar to what can be obtained from a full-blown MDM system) at a fraction of the price of a complete MDM system. Regardless of whether you use the ForeScout Mobile Security Module or integrate with a full-blown MDM system, CounterACT will be able to discover the following types of mobile device properties and use these properties within any policy you can define within CounterACT: ios Model and serial number Operating system Home network/current network Amount of free storage Applications, versions and size Device ID (phone number, IMEI, address) Device configuration: Encryption level Jailbreak detection Passcode status Device restrictions Installed profiles Security policies Android Device ID (phone number, IMEI, address) Serial number Processor and RAM Amount of free storage Battery level and condition Operating system Home network/current network Applications, versions and size Device restrictions Running services Security policies Encryption level Rooted detection Passcode status 8
9 Summary Forescout CounterACT uses multiple technologies to learn about everything on your network. The following is a partial list of the information that CounterACT can discover. This list provides an example of available properties that can be found on an endpoint by CounterACT. Device Information Device type (printer, wireless network device, laptop, etc.) Device authentication/netbios/domain membership System information (manufacturer, model name, number of processors, etc.) Storage information (drive type, volume name, size, name, etc.) Motherboard (manufacturer, model, serial number, removable, etc.) RAM (memory type, capacity, manufacturer, serial number, speed, etc.) Network adapter (DeviceID, name, adapter type, speed, etc.) Processors (number of cores, description, family, manufacturer, etc.) MAC/IP address NIC vendor Hostname Security Status Anti-malware agents status (installed/running) and database versions Patch management agent status (installed/running) Firewall status (installed/running) Audit trail of changes to OS/configuration/ application X509 certificates User Information Username Full name Authentication status Workgroup address Phone number Guest/authentication status Device Information Device type (printer, wireless network device, laptop, etc.) Device authentication/netbios/domain membership MAC/IP address NIC vendor System Information Type Version number Patch level Processes and services installed or running Registry and configuration File name/size/date/version Shared directories Security Status Anti-malware agents status (installed/running) and database versions Patch management agent status (installed/running) Firewall status (installed/running) Audit trail of changes to OS/configuration/ application 9
10 Hardware Information Certificate Computer Disks Monitors Motherboard Network Adapter Physical Device Physical Memory Plug N Play Device Processor Application Information Authorized applications installed/running Rogue applications installed/running P2P/IM clients Installed/running Application name and version number Registry values File sizes Modification date and patch level Peripheral Information Device class (disk, printer, DVD/CD, modem, NIC, memory, phone, etc.) Connection type (USB, Bluetooth, infrared, wireless, etc.) Device information (make, model, device ID, serial number, etc.) Network Traffic Information Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.) Traffic source/destination Rogue NAT/DHCP behavior Physical Layer Information Switch IP, description, location Switch port VLAN Number of devices on any port 802.1x authentication status Network Traffic Information Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.) Traffic source/destination Rogue NAT/DHCP behavior IPV6 tunnels through IPV About ForeScout ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks. The company s CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based mitigation of security issues. ForeScout s open ControlFabric platform allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at ForeScout Technologies, Inc. Products protected by US Patent #6,363,489, March All rights reserved. ForeScout Technologies, the ForeScout logo, CounterACT, ForeScout Mobile and ControlFabric are trademarks of ForeScout Technologies, Inc. All other trademarks are the property of their respective owners. Doc:
ForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationTechnical Note. ForeScout CounterACT Rogue Device Detection
ForeScout CounterACT Contents Introduction.... 3 The Importance of... 3 Types of Rogue Devices................................................................................................................................3
More informationWhitepaper. Securing Visitor Access through Network Access Control Technology
Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationForeScout CounterACT. Continuous Monitoring and Mitigation
Brochure ForeScout CounterACT Real-time Visibility Network Access Control Endpoint Compliance Mobile Security Rapid Threat Response Continuous Monitoring and Mitigation Benefits Security Gain real-time
More informationPaul Cochran - Account Manager. Chris Czerwinski System Engineer
Paul Cochran - Account Manager Chris Czerwinski System Engineer Next-Generation NAC Fast and easy deployment No infrastructure changes or network upgrades No need for endpoint agents 802.1X is optional
More informationThe ForeScout Difference
The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete
More informationForeScout MDM Enterprise
Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationForeScout CounterACT Edge
ForeScout is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout is extremely easy to install and manage. It does not
More informationCounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile
CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...
More informationIntegration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6
Integration Guide Manager for use with epolicy Orchestrator 4.6 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationDetecting rogue systems
Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More informationBypassing Network Access Control Systems
1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution
More informationForeScout CounterACT Endpoint Compliance
Highlights Benefits Continuous Monitoring: Identify security posture of devices on your network in real-time. Remediation: Ensure ends are properly configured, security agents are updated and running properly,
More informationTechnical Note. CounterACT: Powerful, Automated Network Protection Inside and Out
CounterACT: Powerful, Contents Introduction...3 Automated Threat Protection against Conficker... 3 How the Conficker Worm Works.... 3 How to Use CounterACT to Protect vs. the Conficker Worm...4 1. Use
More informationBypassing Network Access Control Systems
Bypassing Network Access Control Systems Ofir Arkin Chief Technology Officer Insightix Ltd. September 2006 United States International 945 Concord Street 13 Hasadna Street Framingham, MA 01701 Ra'anana,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls
WhatWorks in Blocking Network-based Attacks with Automating Network Access, Endpoint Compliance and Threat Management Controls WhatWorks is a user-to-user program in which security managers who have implemented
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More information10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)
10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3
More informationINSERT COMPANY LOGO HERE
INSERT COMPANY LOGO HERE 2014 Frost & Sullivan 1 We Accelerate Growth Technology Innovation Leadership Award Network Security Global, 2014 Frost & Sullivan s Global Research Platform Frost & Sullivan is
More informationThe User is Evolving. July 12, 2011
McAfee Enterprise Mobility Management Securing Mobile Applications An overview for MEEC The User is Evolving 2 The User is Evolving 3 IT s Challenge with Mobile Devices Web 2.0, Apps 2.0, Mobility 2.0
More informationTechnology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time
Technology Blueprint Assess Your Vulnerabilities Maintain a continuous understanding of assets and manage vulnerabilities in real time LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationControlFabric Interop Demo Guide
ControlFabric Interop Demo Guide Featuring The ForeScout ControlFabric Interop Demo at It-Sa 2014 showcases integrations with our partners and other leading vendors that can help you achieve continuous
More informationForeScout Technologies Is A Leader Among Network Access Control Vendors
For ForeScout Technologies Is A Leader Among Network Access Control Vendors Excerpted From The Forrester Wave : Network Access Control, Q2 2011 by John Kindervag with Stephanie Balaouras, Robert Whiteley,
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationEmbracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout
Embracing BYOD with MDM and NAC Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout 1 Today s Agenda The BYOD Landscape Network Access Control (NAC) 101 Embracing BYOD with MDM and NAC Use Cases 2 The BYOD
More informationOneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT
DATA SHEET OneFabric Connect Extend the OneFabric architecture to 3rd party applications BUSINESS ALIGNMENT Embrace BYOD by mixing and matching managed and unmanaged devices on the same infrastructure
More informationGRAVITYZONE HERE. Deployment Guide VLE Environment
GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationVirtualization Guide. McAfee Vulnerability Manager Virtualization
Virtualization Guide McAfee Vulnerability Manager Virtualization COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationUsing Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)
Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
More informationCounterACT 7.0 Single CounterACT Appliance
CounterACT 7.0 Single CounterACT Appliance Quick Installation Guide Table of Contents Welcome to CounterACT Version 7.0....3 Included in your CounterACT Package....3 Overview...4 1. Create a Deployment
More informationReview: McAfee Vulnerability Manager
Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.
More informationProfessional Integrated SSL-VPN Appliance for Small and Medium-sized businesses
Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationKaseya IT Automation Framework
Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationAerohive Networks Inc. Free Bonjour Gateway FAQ
Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationNessus and Mobile Device Scanning. November 7, 2014 (Revision 12)
Nessus and Mobile Device Scanning November 7, 2014 (Revision 12) Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 Scanning for Mobile Devices with Nessus... 4 Creating a
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
More informationTechnical Note. CounterACT: 802.1X and Network Access Control
CounterACT: 802.1X and Contents Introduction...3 What is 802.1X?...3 Key Concepts.... 3 Protocol Operation...4 What is NAC?...4 Key Objectives.... 5 NAC Capabilities.... 5 The Role of 802.1X in NAC...6
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationTABLE OF CONTENTS NETWORK SECURITY 1...1
Network Security 1 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationSecuring Healthcare Data on Mobile Devices
Securing Healthcare Data on Mobile Devices Michelle Cook, Healthcare Mobility Specialist Keith Glynn, CISSP, Sr. Technical Solutions Engineer October 31, 2013 Poll Question #1 Has your organization deployed
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More informationIBM Endpoint Manager for Mobile Devices
IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity
More informationAPPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION
APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according
More informationSymantec Mobile Management 7.1
Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationHow To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device
Technical FAQ McAfee Enterprise Mobility Management (McAfee EMM ) 12.0 Frequently Asked Questions Q. What types of mobile devices does McAfee Enterprise Mobility Management (McAfee EMM ) support? A. McAfee
More informationQuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features
Overview (Retired) HP PCM+ Network Management Software is a Microsoft Windows -based network management platform that enables mapping, network and device configuration, and monitoring. HP PCM+ provides
More informationWhen your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.
Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using
More informationHow To Improve Your Network Security
Matthias Meier VP Engineering, bw digitronik 2013 ForeScout Technologies, Page 1 2014 ForeScout Technologies, Page 1 Inadequate Visibility Inadequate Collaboration Inadequate Automation 2013 ForeScout
More informationEmbracing Complete BYOD Security with MDM and NAC
Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013 Today s Speakers Clint Adams, CISSP
More informationData Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement
Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through
More informationDecember 2015 702P00860. Xerox App Studio 3.0 Information Assurance Disclosure
December 2015 702P00860 Xerox App Studio 3.0 Information Assurance Disclosure 2014 Xerox Corporation. All rights reserved. Xerox and Xerox and Design and ConnectKey are trademarks of Xerox Corporation
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationAthena Mobile Device Management from Symantec
Athena Mobile Device Management from Symantec Scalable, Secure, and Integrated Device Management for ios and Android Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationFreshservice Discovery Probe User Guide
Freshservice Discovery Probe User Guide 1. What is Freshservice Discovery Probe? 1.1 What details does Probe fetch? 1.2 How does Probe fetch the information? 2. What are the minimum system requirements
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased
More informationForeScout Technology Mobile Security Software
Extra Article ForeScout Technology Mobile Security Software According to latest market statistics, smartphone and tablet devices will outnumber personal computers by 2013, becoming the most used devices
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More informationReducing the cost and complexity of endpoint management
IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and
More informationModels HP IMC Smart Connect Edition Virtual Appliance Software E-LTU
Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU JG659AAE Key features Identity-based access, advanced device profiling, and real-time traffic quarantining Converged network support
More informationWhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More information