ControlFabric Interop Demo Guide

Transcription

1 ControlFabric Interop Demo Guide Featuring

2 The ForeScout ControlFabric Interop Demo at It-Sa 2014 showcases integrations with our partners and other leading vendors that can help you achieve continuous monitoring and mitigation capabilities, better leverage your infrastructure investments, and optimize your IT resources.* SAP Rapid7 Palo Alto Networks IBM Gigamon ForeScout CounterACT is a pervasive network security platform that enables IT organizations to efficiently address network visibility, access control, endpoint compliance, mobile security and threat management challenges within today s complex enterprise networks. Based on nextgeneration NAC technologies, CounterACT delivers both real-time intelligence and policy-based controls to preempt threats and remediate problems while preserving business productivity. ForeScout CounterACT integrates with your network, security and identity infrastructure through our ControlFabric architecture. Many security exposures are due to a growing number of unaccounted for, unmanaged, poorly maintained and vulnerable devices on enterprise networks, including employee and contractor systems, legacy, non-standard or embedded systems (e.g., medical devices, manufacturing equipment), virtual systems, and the proliferation of personal and mobile devices. CounterACT automatically discovers, classifies and applies policies for users, devices, operating systems and applications on your network, allowing you to gain real-time visibility and risk posture intelligence, and enabling you to mitigate endpoint security deficiencies and cyber threats. Offering a range of built-in and extensible templates, CounterACT can flexibly and seamlessly enforce controls with a level of response appropriate to the issue at hand. Additionally, it gives you oversight on the personal and mobile devices on your network, allowing your organizations to embrace BYOD (Bring your own device) while preserving security. Figure 1: CounterACT with ControlFabric technology delivers real-time visibility and control over your network * The interoperability between Rapid7 is not presently commercially available. 1

3 According to Frost and Sullivan 1, Next-Generation NAC systems can dynamically identify, inspect, and control all network-connecting devices, including wired, wireless, and remote endpoints, as well as ensure endpoint compliance and threat mitigation. As a result, the value of Next- Generation NAC has transcended far beyond the simple access authorization offered by earlier NAC solutions, in that these solutions yield better use of security investments and IT resources, as well as enable IT to be more responsive to thwart threats and maintain endpoint compliance. ForeScout ControlFabric is a set of open integration technologies that enable ForeScout CounterACT and other IT solutions to exchange information, enhance control context, and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can reduce the problem of information silos and bring real-time control and automated remediation capabilities to those IT and security systems that heretofore have been limited to collecting, generating, analyzing or storing information. CounterACT includes a wide variety of ControlFabric base integrations with network and IT infrastructure (switches, wireless controllers, VPN, routers, directories), endpoints (Windows, Mac, Linux, ios, Android and other devices), and endpoint software (antivirus, instant messaging, WMI, etc.). CounterACT currently supports over 60 integrations with IT infrastructure products and services. These base ControlFabric integrations give you tremendous power to discover and classify endpoints; track users and applications; assess security posture; control network access; enforce endpoint compliance policy; and fix security gaps such as broken endpoint security agents. The ControlFabric partner ecosystem includes popular network, security, IT management and mobile infrastructure vendors that have teamed with ForeScout to develop ControlFabric extended integrations. These integrations are available as separately licensed software modules that can be added to ForeScout CounterACT. Additionally, ForeScout s open ControlFabric interface allows any third party to easily implement custom integrations based on common standards-based protocols. Continuous Visibility EPP SIEM ADT NGFW IAM VA MDM CMDB Endpoint Mitigation Network Enforcement Information Integration Endpoint Authentication & Inspection EPP SIEM ADT NGFW IAM VA MDM CMDB Figure 2: ForeScout CounterACT platform interoperates with popular IT and security management systems to further enhance continuous monitoring, intelligence and mitigation capabilities. 2

4 According to a recent Gartner, Inc. report 2, to enable a truly adaptive and risk-based response to advanced threats, the core of a next- generation security protection process will be continuous, pervasive monitoring and visibility that are constantly analyzed for indications of compromise. Enterprise monitoring should be pervasive and encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions and user activity monitoring. This visibility must include enterprise-owned and employee-owned devices, and it must span enterprise data centers as well as the consumption of services from cloud-based providers. The future of defense indepth lies not only in layers of controls, but also in layers of monitoring and visibility. ForeScout CounterACT along with ControlFabric technology provides customers continuous monitoring and operational intelligence, a means to enforce network and endpoint controls, and a mechanism to invoke policy-based, automated mitigation to optimize security and compliance management. ForeScout ControlFabric Interop Demo Presentation Schedule (subject to change) ForeScout Booth # Tuesday, October 7 10:30 AM ForeScout 11:15 AM Gigamon 12:00 PM IBM 1:30 PM ForeScout 2:15 PM Palo Alto Networks 3:00 PM Rapid7 3:45 PM SAP 4:30 PM ForeScout Wednesday, October 8 10:30 AM ForeScout 11:15 AM IBM 12:00 PM Gigamon 1:30 PM ForeScout 2:15 PM Rapid7 3:00 PM SAP 3:45 PM Palo Alto Networks 4:30 PM ForeScout Thursday, October 9 10:30 AM ForeScout 11:15 AM IBM 12:00 PM Gigamon 1:30 PM ForeScout 2:15 PM SAP 3:00 PM Palo Alto Networks 3:45 PM Rapid7 1 Frost & Sullivan, Continuous Compliance and Next Generation NAC: A Cornerstone Defense for Dynamic Endpoint Intelligence and Risk Mitigation, 2013, Chris Rodriguez. 2 Gartner, Designing an Adaptive Security Architecture for Protection From Advanced Attacks, 12 February 2014, Neil MacDonald, Peter Firstbrook. 3

5 The ForeScout-SAP Solution ForeScout CounterACT integrates with the SAP Mobile Secure to provide continuous monitoring and mitigation of security risks associated with mobile devices.* When used in conjunction with SAP Mobile Secure, CounterACT provides: Automated real-time detection of mobile devices the moment they connect to your network, regardless of the type of device, and regardless of whether it has been enrolled in SAP Mobile Secure. Seamless enrollment and installation of SAP Mobile Secure s mobile device management (MDM) solution on unmanaged devices by initially placing them in a limited access network, directing them to an installation web page, and then allowing access once the device has passed all required compliance checks. Unified view and comprehensive intelligence of all network devices personal 2013 ForeScout and corporate; Technologies, PCs, Page Macs, 9 smartphones, tablets and others ForeScout Technologies, Page 9 CONFIDENTIAL SAP Mobile Secure offers an integrated, cloud-based EMM portfolio. IT admins are able to quickly get their company up and running. End users benefit from a consumer-grade solution that removes complexity, enables app discovery, and promotes content collaboration. Coupled with SAP Mobile Platform, enterprises are able to create innovative mobile apps, seamlessly and securely deploy them, and efficiently manage their lifecycle throughout the entire process. For more information on SAP Mobile Secure, visit Scan Results Connect Continuous Monitoring and Mitigation Challenges No Agent Isolate MDM solutions, such as those from SAP Mobile Secure, can help IT security managers secure sensitive corporate data on mobile devices. However, MDM systems by themselves do not address the following challenges: MDM systems can only see devices that have already been enrolled in the system. This leaves IT managers blind to unmanaged devices on the network. MDM systems primarily work with components and settings on the mobile device and do not have visibility into the network. This means that they can t control access to the network or control where the user goes within the network. Allow Block * SAP Mobile Secure, formerly SAP Afaria Figure 3: ForeScout CounterACT receives detailed information about enrolled mobile devices from SAP Mobile Secure 4

6 The ForeScout-Rapid7 Solution ForeScout CounterACT and Rapid7 Nexpose work together to address the continuous monitoring and mitigation challenges.* CounterACT detects devices when they try to connect to the network and can invoke Nexpose to perform a scan on the connecting device. For highly security conscious organizations that abide by the comply to connect security philosophy, CounterACT can isolate the connecting device in an inspection VLAN while the Nexpose scan is performed. This approach delivers real-time scan information for all devices as they connect to the network, including transient devices. Nexpose provides the endpoint scan results and risk score to CounterACT to be used for risk mitigation and access control decisions. CounterACT can quarantine devices that require remediation, initiate built-in or external remediation processes and block devices that are non-compliant or those that present a high security risk to the network. Rapid7 security analytics software and services reduce cyber threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune We understand the attacker better than anyone and build that insight into our solutions to help you improve risk management and stop threats faster. For more information on Rapid7 security analytics solutions visit Allow Block Isolate Continuous Monitoring and Mitigation Challenges Vulnerability assessment (VA) is considered a security best practice to protect against today s threats. However, VA systems such as Rapid7 Nexpose, are unable to address the following challenges by themselves: VA systems typically do periodic scanning. Thus, the information gathered is limited to a certain point in time, and may be out-of-date and invalid between scheduled scans. With the increasing number of transient devices, a large number of endpoints may be offline during scheduled scans and may not get scanned, thus leading to incomplete VA reports. VA systems are not meant to take action or mitigate security risks. Thus they only provide information, leaving risk mitigation to other systems or human intervention. Initiate Scan Scan Results Connect Scan * The interoperability described between ForeScout and Rapid7 solutions are not presently commercially available. Figure 4: CounterACT classifies connected devices and performs appropriate actions 5

7 The ForeScout-Palo Alto Networks Solution ForeScout and Palo Alto Networks have partnered to deliver solutions that enable secure network and application access and comprehensive threat management.* This allows organizations to enforce user and role-based access controls, ensure endpoint compliance, and identify and contain advanced persistent threats (APTs), malware and zero-day attacks. CounterACT provides real-time user-to-device mapping and device security posture to Palo Alto Networks next-generation firewalls. This enables your firewalls to enforce access to applications and content based on the user, regardless of which device, IP address or location the user connects from. Palo Alto Networks WildFire platform stops attacks from the web or via that traditional security controls miss and informs CounterACT of the affected systems and indicators of compromise (IOCs). When CounterACT learns about an infected system, it automatically takes whatever actions are defined by policy, such as to quarantine the endpoint to prevent malware propagation and/or to trigger external VA or remediation systems. Additionally, CounterACT uses the IOC information from Palo Alto Networks WildFire to detect and quarantine other endpoints that may have been compromised via infection pathways not detected or monitored by WildFire. Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today s dynamic computing environments: applications, users, and content. For more information on Palo Alto Networks visit User-ID Security Posture Detect APT Connect Continuous Monitoring and Mitigation Challenges Any serious attempt to monitor and mitigate security risk must start with complete knowledge of the devices, systems, applications and users on your network, including visibility into whether these devices are compliant with your security standards. Traditional IT security and management systems are blind to unmanaged devices (e.g. BYOD systems), and are also frequently unaware of security problems on managed systems. As a result, you have an incomplete picture of the users, devices and security risks on your network. Without the ability to rapidly identify compliance violations and advanced persistent threats (APTs), and to quickly take risk mitigation actions to prevent the propagation of malware, you are leaving the window open for security breaches and data exfiltratation. *The interoperability described between ForeScout and Palo Alto Networks solutions will be commercially available at the end of Fall Figure 5: ForeScout CounterACT receives information from Palo Alto Networks WildFire and takes actions against compromised endpoints 6

8 The ForeScout-IBM QRadar Security Intelligence Platform Solution ForeScout CounterACT and IBM QRadar work together to address continuous monitoring and mitigation challenges. ForeScout CounterACT provides QRadar real-time information about endpoints, including mobile and BYOD devices, as they connect to the network. This information can include information about the security posture of each device, as well as contextual information such as who owns each device, where it is, who s logged in and how it is connected to the network. QRadar correlates the real-time endpoint information provided by CounterACT with information and logs provided from other sources such as network infrastructure, security products, databases and applications, to rapidly identify security threats and policy violations that pose the highest business risk. QRadar leverages CounterACT s real-time control and automated remediation actions to mitigate risks originating from malicious, infected, unsanctioned or non-compliant endpoints and drive down meantime-to-resolution. IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned X-Force research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. For more information on IBM QRadar SIEM visit Remediate Quarantine Initiate Mitigation Real-time Info Correlate, Identify Risks Continuous Monitoring and Mitigation Challenges Security information and event management (SIEM) systems are considered a security best practice to protect against today s threats. However, SIEM systems such as IBM QRadar Security Intelligence Platform rely on information from other IT products and are often challenged in the following areas: Traditional agent-based systems and vulnerability scanners do not provide in-depth realtime endpoint information and usually miss transient, guest and BYOD devices. SIEMs are only as good as the information that is fed into them, and if the SIEM is not aware of all the network endpoints on a continuous basis, then it is not able to produce a fully accurate security snapshot of your network. By themselves, most SIEM systems are not meant to take action or mitigate security risks. Thus they only provide information, leaving risk mitigation to other systems or human intervention. Figure 6: ForeScout CounterACT feeds information to QRadar, for example the presence of external devices such as unencrypted USB memory sticks. 7

9 The ForeScout-Gigamon Solution ForeScout and Gigamon have partnered to enable the availability and efficient monitoring of network traffic to obtain real-time visibility and automated control over users, devices, systems, applications and VMs accessing network resources and other sensitive data. The joint solution capabilities include: Alleviate SPAN port and port density limitations by employing a Gigamon Traffic Visibility Fabric. Pass data streams of all network traffic to the ForeScout CounterACT platform for device discovery and analysis, network admission, mobile security, endpoint compliance and threat prevention. Provide real-time asset intelligence, security posture assessment, and policy-based mitigation of exposures while allowing users to seamlessly connect to the network without disruptions or changes in end-user experience unless necessary. Gigamon provides an intelligent Visibility Fabric architecture to enable the management of increasingly complex networks. Through patented technologies, centralized management and a portfolio of high availability and high-density fabric nodes, network traffic is intelligently delivered to the appropriate management, monitoring and security systems. For more information on Gigamon Visibility Fabric visit MPLS Network Quarantine Malware and Attacks ATD IPS Continuous Monitoring and Mitigation Challenges Paramount to enabling continuous monitoring and mitigation is the ability to have an immediate and rich understanding of activity on your network. To accomplish this, network security solutions require the means to tap into your core switch infrastructure. This requirement can be challenging due to lack of mirror ports on core switches and the sheer volume of network traffic. The multitude of access points, user types and devices introduces security gaps and a variety of risks ranging from data leakage and malware propagation to targeted attacks and compliance violations. Identifying and assessing the security posture of the assets on your network is critical to close security gaps and expedite incident response. 8

10 ControlFabric Interop Demo Guide Find Out More About Our Integration Partners About ControlFabric ControlFabric enables ForeScout CounterACT and other IT solutions to exchange information and more efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources. Learn more at About ForeScout ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks. The company s CounterACT appliance dynamically identifies and assesses network users, endpoints and applications to provide visibility, intelligence and policy-based mitigation of security issues. ForeScout s open ControlFabric technology allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at ForeScout Technologies, Inc. 900 E. Hamilton Ave., Suite 300 Campbell, CA U.S.A. T (US) T (Intl.) F (Intl.) ForeScout Technologies, Inc. All rights reserved. ForeScout Technologies, the ForeScout logo, CounterACT and ControlFabric are trademarks of ForeScout Technologies, Inc. All other trademarks are the property of their respective owners. 9