ForeScout CounterACT Edge

Similar documents
ForeScout CounterACT Endpoint Compliance

Technical Note. ForeScout CounterACT: Virtual Firewall

Whitepaper. Securing Visitor Access through Network Access Control Technology

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Network Access Control in Virtual Environments. Technical Note

SECURITY REIMAGINED. FireEye Network Threat Prevention Platform. Threat Prevention Platform that Combats Web-based Cyber Attacks

WhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Cisco IPS 4200 Series Sensors

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Technical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods

Addressing BYOD Challenges with ForeScout and Motorola Solutions

ForeScout CounterACT. Continuous Monitoring and Mitigation

How To Buy Nitro Security

Cisco IPS Tuning Overview

ControlFabric Interop Demo Guide

Introducing FortiDDoS. Mar, 2013

McAfee Network Security Platform A uniquely intelligent approach to network security

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Cisco Advanced Services for Network Security

Architecture Overview

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

On-Premises DDoS Mitigation for the Enterprise

CaptIO Policy-Based Security Device

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Cisco Security Intelligence Operations

INSERT COMPANY LOGO HERE

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

The ForeScout Difference

NSFOCUS Web Application Firewall

IBM QRadar Security Intelligence April 2013

McAfee Network Security Platform A uniquely intelligent approach to network security

Extreme Networks Security Analytics G2 Vulnerability Manager

IBM Security QRadar Vulnerability Manager

Panorama. Panorama provides network security management beyond other central management solutions.

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

SANS Top 20 Critical Controls for Effective Cyber Defense

Does your Citrix or Terminal Server environment have an Achilles heel?

McAfee Intrusion Prevention System

End-user Security Analytics Strengthens Protection with ArcSight

Network Immunity Solution. Technical White paper. ProCurve Networking

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Radware s Attack Mitigation Solution On-line Business Protection

Host-based Intrusion Prevention System (HIPS)

McAfee Network Security Platform A uniquely intelligent approach to network security

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

CounterACT 7.0 Single CounterACT Appliance

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Bio-inspired cyber security for your enterprise

Cisco IPS 4200 Series Sensors

Cisco Security Optimization Service

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

IDS / IPS. James E. Thiel S.W.A.T.

Intrusion Detection Systems

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Database Security in Virtualization and Cloud Computing Environments

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

Symantec Endpoint Protection

Technical Note. ForeScout MDM Data Security

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Security Toolsets for ISP Defense

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Solution Brief: Enterprise Security

How To Create An Intelligent Infrastructure Solution

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Next-Generation Firewalls: Critical to SMB Network Security

HP S Intrusion Prevention System (IPS) Series

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Reduce Your Network's Attack Surface

IPS AIM for Cisco Integrated Services Routers

Proven LANDesk Solutions

Uncover security risks on your enterprise network

Complete Protection against Evolving DDoS Threats

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

ForeScout MDM Enterprise

Virtualized Security: The Next Generation of Consolidation

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

First Look Trend Micro Deep Discovery Inspector

Intrusion Detection & SNORT. Fakrul Alam fakrul@bdhbu.com

Fail-Safe IPS Integration with Bypass Technology

Network Security Monitoring: Looking Beyond the Network

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Critical Security Controls

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

AppGuard. Defeats Malware

McAfee Network Security Platform Administration Course

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

Firewall and UTM Solutions Guide

HONEYPOT SECURITY. February The Government of the Hong Kong Special Administrative Region

Norton Personal Firewall for Macintosh

Radware s Behavioral Server Cracking Protection

Transcription:

ForeScout is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout is extremely easy to install and manage. It does not require frequent updates, tuning, or management overhead. It is powerful, and painless. Threat Protection Made Simple ForeScout is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout is extremely easy to install and manage. It does not require frequent updates, tuning, or management overhead. It is powerful, and painless................................................................................................... The Challenge of the Modern Attack Despite advancements in security controls, organizations are increasingly affected by zero-day exploits, low-and-slow attacks, and targeted attacks (APTs). Traditional network intrusion prevention systems (IPS) are primarily based on signatures, which are useless against zero-day attacks. Furthermore, most IPS systems are designed with traffic intensity thresholds, which causes them to miss low-and-slow attacks. A second problem with traditional IPS systems is the fact that they are prone to false positives, in which legitimate business traffic is mistaken for an attack. This wastes valuable IT management time, as the devices need to be tuned and logs need to be constantly analyzed. In an attempt to detect zero-day attacks, some IPS devices incorporate network behavioral analysis in addition to signatures. However, most network behavioral technologies are so prone to false positives that IT managers are reluctant to use them in blocking mode. ForeScout Rather than chase the latest threats and develop new signatures to address them, ForeScout offers an effective threat prevention technology called ActiveResponse. ActiveResponse does not rely on signatures to detect zero-day threats. ActiveResponse does not produce false positives, nor does it require any tuning period or maintenance. ForeScout is a high performance security appliance that uses ActiveResponse to protect your network against intrusion and attack. Unlike traditional IPS products, CounterACT Edge is extremely easy to install and requires approximately zero management overhead. is: Accurate: does not block legitimate traffic Powerful: stops intelligent attackers and zero-day attacks Easy to install: plug it in, configure and walk away. Easy to maintain: no signatures, tuning or maintenance. 1

How ForeScout Works ForeScout deploys outside your firewall to protect against incoming attacks. It is connected to a switch via a mirror. It installs out of band, not in-line with traffic. There is no bump in the wire, no latency, no single point of failure. Use Cases #1: Primary IPS ForeScout can be used as a primary IPS system in front of your existing network firewall. The amount of time that you will spend planning, installing, and managing your network defenses will be lower than with any other product combination. is effective against both human and automated attack patterns, including zero-day and low and slow attacks. Figure 1: A network firewall after implementing Use Cases #2: Secondary IPS ForeScout can be used in front of your existing signature-based IPS to save you time and money. In this configuration, CounterACT Edge will greatly reduce the number of events that your signature-based IPS system needs to process; this can extend the life of your existing hardware if it is nearing its capacity limit. It will also reduce your administrative overhead because you will have fewer events that you need to monitor and analyze. operates with accuracy, so the events (attacks) that blocks do not need to be reviewed by a human. filters out the noise, leaving traditional IPS devices to deal with a small number of other attacks. The amount of time and money that you can save depends on many factors. Only a trial in your actual environment can tell you for sure what your savings will be. The figure below is for illustration purposes only. 2

How ActiveResponse Works Step 1: Monitor for Reconnaissance Activity The first step of a network attack is almost always reconnaissance. In this step, an attacker (either human or automated) gathers information about the network s configuration and vulnerabilities. ForeScout ActiveResponse detects this reconnaissance. Step 1: Monitor for Reconnaissance Activity Step 2: Interact with Reconnaissance Activity In step 2, ForeScout ActiveResponse responds with counterfeit or marked information. This response is not distinguishable from a network s legitimate response. It will look similar to what the source is expecting to receive from the real network. Step 2: Interact with Reconnaissance Activity Step 3: Prove the Intent of the Attacker and Block the Attack In step 3, the attacker tries to use the marked information to attack the network. This is proof of malicious intent. There is no legitimate reason for machines (or users) on the network to scan for resources, receive fake targets, and then try to access them. Step 3: Prove the Intent of the Attacker and Block the Attack In this way, ActiveResponse can determine with confidence that this source has malicious intent and needs to be blocked. By focusing on attacker intent, ActiveResponse can block the attack without the need for signatures, deep-packet inspection or manual intervention. It s brilliant. And it s patented. 3

The ForeScout Difference IT managers should evaluate network security products both in terms of their effectiveness (how accurate is it? does it block zero-day attacks?) as well as their management and operational costs. Real-world experience and test results from independent labs show that signature-based and statistical anomaly-based IPS products on the market today do not deliver an attractive scorecard on either effectiveness or cost. Their weaknesses can leave organizations vulnerable to threats such as zero-day attacks, and severely challenged by problems such as false positives and high management costs. The cost of managing an IPS system that requires frequent tuning and signature updates can be multiple times the cost of procuring such a system. ForeScout is an effective layer of network security which costs very little. blocks zero-day attacks without producing false positives. It is a true set-and-forget solution that does not require costly management and oversight. Based on ActiveResponse Technology Signature/Anomaly Detection Based on signature and heuristics Zero-Day prevention Delayed prevention Out-of-band Inline (point of failure and delay) Set and forget Significant management overhead Unprecedented accuracy False positives Features Defense or Unique Attributes ActiveResponse Technology ForeScout uses ForeScout s patented ActiveResponse technology to detect and stop attacks without any need for signatures, anomaly detection or pattern matching. Stop Low-and-Slow Attacks. Unlike traditional IPS systems which have a time-out period built into their attack signatures, has no time-out period. It doesn t need one. And that allows it to be effective against the low-and-slow attacker someone who is just looking for one folder, one credit card number, or one social security number. Suppress Propagating Worms is effective against even hard-to-stop worms such as the infamous Conficker. Traditional IPS and antivirus systems had trouble blocking Conficker, but was able to block Conficker with extreme efficiency and accuracy. Accuracy. ForeScout communicates with external entities during the reconnaissance phase of an attack. This allows CounterACT Edge to identify the subsequent attack with accuracy. This fact allows you to comfortably put the product into blocking mode and walk away from it. It is truly set and forget. Preempt Zero-Day Attacks will detect and block any attack that goes over the network and relies on reconnaissance to identify possible targets (which almost all zero-day attacks do). blocked Zeus and Stuxnet on day-zero, before any security company anywhere had developed a signature for these attacks. 4

Operational Flexibility Firewall Integration seamlessly integrates with firewalls to enable immediate containment of active threats in real time. Easy to Install You plug it in, configure it (usually in less than an hour), and walk away. ForeScout begins protecting your network immediately with accuracy. No lengthy tuning period. Easy to Maintain needs no signatures, no updates, no tuning, no maintenance. Forever. Multiple Blocking Modes ForeScout provides multiple ways of blocking attacks. The primary blocking mode utilizes an advanced TCP session reset. Unlike conventional TCP resets, which are sensitive to timing subtleties, TCP resets are activated during the initiation of the TCP session, providing more efficient blocking. Other blocking modes include tarpit blocking, UDP blocking, and firewall ACL integration. Management and Usability Alerting & Reing. provides flexible, intuitive alerting and reing options to ensure that security managers get the information they need, when they need it: Geographical maps. features a world map with geographical locations of monitored and/or blocked sources, and offers history res for any specific point in time or time range. Complete event documentation and reing. records detected malicious activity, enabling security person nel to thoroughly investigate incidents. Comprehensive res feature current and historical data of activity. Trend analysis. maintains a historical database of reconnaissance and malicious activity, enabling security managers to pinpoint trends and take the appropriate action. E-mail alerts. Event information is sent based on user-defined parameters. SNMP Traps & Management ForeScout can send SNMP traps about specific attack and operational events to authorized SNMP manage ment stations. Various communities can be defined, allowing read-only access to different parts of the management information database. WhoIs. sends WhoIs service information on suspected attackers to security staff, including their geographic location, corporate affiliation and contact information. Administration Privileges The Site and Enterprise Managers enable authorized users to configure and control the appliance from authorized locations. Individual users can be authorized to access specific functions, as needed. Enterprise Manager Organizations that require multilpe appliances can manage them from one central consolue using ForeScout Enterprise Manager. This product provides a visual overview of threat prevention activity, including a geographical representation of the location of potential and actual attackers, their IP addresses, their activities, and the preventive steps that were taken against them. Event information from geographically dispersed appliances is consolidated into a single view on the Enterprise Manager. 5

Scalable Models ForeScout is sold as an appliance. Six models are available, as shown below. For details on our licensing policy, see www.forescout.com/licensing. Figure 3: model specifications. About ForeScout SC-2 SC-10 SC-50 SC-100 SC-200 SC-1000 Bandwidth 2 Mbps 10 Mbps 50 Mbps 100 Mbps 200 Mbps 1 Gbps Network Ports Copper (RJ-45) Fiber I/O Sup USB Ports 2 back + 1 front 4 8 (depending on specific model) (Up to 4 total) 2 back + 1 front VGA 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) CD-ROM 1 1 1 1 1 1 4 8 (depending on specific model) (Up to 4 total) Hard Drives 3 HDD (RAID-1) 3 HDD (RAID-1) 3 HDD (RAID-1) 3 HDD (RAID-1) 3 HDD (RAID-1) 3 HDD (RAID-1) Power Supply 2 @ up to 750W Power Consumption 744W 744W 744W 744W 744W 744W Temperature Operating Storage -40 C to 5 C (-40 F to 149 F) with a maximum temperature gradation of 20 C per hour -40 C to 5 C (-40 F to 149 F) -40 C to 5 C (-40 F to 149 F) -40 C to 5 C (-40 F to 149 F) -40 C to 5 C (-40 F to 149 F) with a maximum temperature gradation of 20 C per hour 2 @ up to 750W Cooling Requirement 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr Humidity 20% to 80% (noncondensing) at a maximum wet bulb temperature of 29 C (84.2 F) -40 C to 5 C (-40 F to 149 F) Chassis 1U 19 rack mount 1U 19 rack mount 1U 19 rack mount 1U 19 rack mount 1U 19 rack mount 1U 19 rack mount Dimensions Height: 42.92mm (1.9 ) Shipment Height: 42.92mm (1.9) Height: 42.92mm (1.9 ) Height: 42.92mm (1.9 ) Height: 42.92mm (1.9 ) Height: 42.92mm (1.9 ) ForeScout enables organizations to continuously monitor and mitigate security exposures and cyber attacks. The company s CounterACT appliance dynamically identifies and evaluates network users, endpoints and applications to provide visibility, intelligence and policy-based mitigation of security problems. ForeScout s open ControlFabric architecture allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout s solutions are easy to deploy, unobtrusive, extensible and scalable, as of January 1, 2015, they have been chosen by more than 1,800 of the world s most secure enterprises and government agencies in over 2 countries. Headquartered in Campbell, California, ForeScout offers its solutions through its global network of authorized partners. Learn more at www.forescout.com...................................................................................................................................................... ForeScout Technologies, Inc. 900 E. Hamilton Ave., Suite 300 Campbell, CA 95008 U.S.A. Contact Us T 1-8-377-8771 (US) T + 1-408-213-3191 (Intl.) F + 1-408-371-2284 (Intl.) www.forescout.com 2015. ForeScout Technologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ControlFabric,, ActiveResponse and CounterACT are trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners. Doc. 2013.0115 REV. 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information