Addressing BYOD Challenges with ForeScout and Motorola Solutions

Similar documents
10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

ForeScout CounterACT. Continuous Monitoring and Mitigation

ForeScout MDM Enterprise

The ForeScout Difference

Network Access Control in Virtual Environments. Technical Note

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Embracing Complete BYOD Security with MDM and NAC

Technical Note. ForeScout MDM Data Security

Technical Note. CounterACT: 802.1X and Network Access Control

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Whitepaper. Securing Visitor Access through Network Access Control Technology

ForeScout CounterACT Endpoint Compliance

Securing BYOD With Network Access Control, a Case Study

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Technical Note. ForeScout CounterACT: Virtual Firewall

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

ControlFabric Interop Demo Guide

Network and Device Level Mobile Security Controls IT Considera-ons in the BYOD Era

BYOD: BRING YOUR OWN DEVICE.

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

How To Improve Your Network Security

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

WhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls

Technical Note. ForeScout CounterACT Rogue Device Detection

Athena Mobile Device Management from Symantec

ClearPass: Understanding BYOD and today s evolving network access security requirements

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

IBM Endpoint Manager for Mobile Devices

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management 7.2

Symantec Mobile Management 7.1

INSERT COMPANY LOGO HERE

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Technical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods

Symantec Mobile Management Suite

Symantec Mobile Management 7.1

Reducing the cost and complexity of endpoint management

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

NAC at the endpoint: control your network through device compliance

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Conquering today s bring-your-own-device challenges

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

An Intelligent Solution for the Mobile Enterprise

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Symantec Client Management Suite 8.0

Simple, scalable and secure unified wired and wireless networking

Policy Management: The Avenda Approach To An Essential Network Service

Cisco TrustSec Solution Overview

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

Real-World Scale for Mobile IT: Nine Core Performance Requirements

Best Practices for Secure Mobile Access

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Mobile device Management mit NAC

Preparing your network for the mobile onslaught

Addressing NIST and DOD Requirements for Mobile Device Management

Readiness Assessments: Vital to Secure Mobility

What We Do: Simplify Enterprise Mobility

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Symantec IT Management Suite 7.5 powered by Altiris

How To Write A Mobile Device Policy

A Bring-Your-Own-Device (BYOD) Solution Brief

Conquering Today s Bring Your Own Device Challenges. A framework for successful BYOD initiatives

Mobile Device Management for CFAES

ForeScout CounterACT Edge

The Cloud App Visibility Blindspot

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Cisco Mobile Collaboration Management Service

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Proven LANDesk Solutions

SA Series SSL VPN Virtual Appliances

IT Security. Muscat 15+ ABOUT US IN A GLANCE

Whitepaper. A Blueprint for Pervasive Network Security. How to accelerate continuous visibility, control intelligence, and policy-based response.

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

ForeScout Technologies Is A Leader Among Network Access Control Vendors

Vulnerability Management

Avoiding the Top 5 Vulnerability Management Mistakes

Transcription:

Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless networks. Complete coverage Comprehensive network access control for every type of device and every type of network wired, wireless, VPN, multi-vendor support. Visitor management Allow guests to register for network access, or provide pre-approved vouchers for guests to access your network. Flexible authentication options Multiple identity stores, and multiple authentication protocols and/or processes can be used to ensure efficient operation within your environment. A Joint Framework for Successful BYOD Initiatives Mobile devices such as smartphones and tablets have entered the workplace en masse, quickly becoming essential tools for employees. A recent market study found that 95% of organizations in the United States currently permit employeeowned devices, and many are going a step further and actually requiring employees to purchase their own mobile devices. IT departments are being forced to respond to pressure from executives, business units and employees to provide widespread support for BYOD (bring your own device) environments. ForeScout s automated security control platform for network access control (NAC), endpoint compliance and mobile device management (MDM), along with Motorola Solutions WLAN products and Secure Access Enrollment Server, provide organizations a framework for successfully implementing BYOD initiatives. The integrated solution provides an automated self serving network framework that does not require the IT team s involvement in provisioning or monitoring BYOD devices. The chart below shows an example of the tremendous flexibility provided by the ForeScout-Motorola joint solution. Who are you? employee partner guest Motorola + Forescout Network Management Automation MDM Integration Integrate with a wide variety of MDM systems to provide superior security and operational efficiency. Enhanced Security Block unauthorized and/or noncompliant devices. Assess the security of each device the moment it tries to access your network and on an ongoing basis. Who owns your device? What type of device? Is your device compliant? Do you require remediation? corporation BYOD Windows Mac ios Android printer configuration software security agents OS software SSID certificate Authentication Onboarding Remediation Network access control Fig 1. The ForeScout-Motorola BYOD solution provides comprehensive, flexible policy management.

In the joint solution, ForeScout CounterACT automatically identifies and profiles endpoints upon connection to the network. Based on this profile information, access control, provisioning, posture assessment and remediation functions are applied, interacting with ForeScout MDM and Motorola Secure Access Enrollment Server as needed. Neither preregistration of new devices nor pre-installation of agents is required, thus avoiding costly software roll-outs and enabling a significantly lower total cost of ownership. With this joint solution, IT organizations achieve improved security, automated onboarding, and superior control of both managed and unmanaged devices on the network, including guest and employee-owned mobile devices commonly used in BYOD environments. ForeScout CounterACT and ForeScout MDM deploy seamlessly with Motorola WLAN products without the need to upgrade or re-architect the network. The CounterACT appliance installs out-of-band, avoiding latency or the potential for network failure, and provides access control using 802.1X or alternative authentication technologies. BYOD Drivers Until recently, BYOD programs were atypical in virtually all business environments despite the occasional stealth use of personal devices. But today, formal programs supported by IT are rapidly gaining steam. Employees are overwhelmingly in favor of using personal devices in the workplace, and organizations are also discovering the tangible and intangible benefits of BYOD: Improved employee productivity and mobility Ability to attract and retain talent Increased employee satisfaction Reduced capital expenditure and inventory Faster adoption of new technology BYOD Challenges While the benefits of BYOD are undeniable, there are inherent security risks associated with BYOD adoption that IT organizations must address and mitigate: Preventing unauthorized users from connecting to the network Preventing unauthorized devices from connecting to the network Protecting the network from attack by devices that contain malware Controlling the information that can be accessed by BYOD endpoints Providing proper enforcement of security policies to meet compliance and audit requirements Provisioning a wide spectrum of unmanaged devices without overwhelming IT resources Recommended Approach BYOD requires a new understanding between businesses and their employees. Organizations can establish policies that create a common ground where employees are allowed to use personally owned devices in the workplace, while the organization maintains an appropriate degree of control over the device. ForeScout and Motorola Solutions recommend the following best practices to overcome BYOD challenges and implement a successful program: Self serving network. Full automation for discovering, profiling, and onboarding all endpoints is essential. As the turnover of those devices is high, a successful BYOD program should automate the registration, provisioning and monitoring of BYOD devices. Otherwise, the burden on IT and helpdesk might engulf the benefits of BYOD. BYOD policies should be broad-based and protect both wired and wireless networks. Use cases should address smartphones and tablets that need wireless access and laptops (Mac and Windows) that need wired or wireless access. Onboarding should be able to address different user and device types such as employee BYOD devices, corporate issued assets, vendors, contractors and guests. The BYOD solution should be able to provision certificates and authenticate using corporate AD, sponsored voucher, guest credentials, etc. Protecting corporate data on personal devices from loss or leakage

A guest solution must be easy to use, support multi-tiered administration and sponsor capabilities, and automate the ability to include contextual elements within policies that take into account time-of-day and day-of-week privileges. The corporate data on the personal devices should be protected and separated from the personal environment of the device. The solution should provide IT with control over the corporate data on the device while respecting the employees privacy with their personal data. A combination of NAC, MDM, automated provisioning solutions, and WLAN infrastructure will enable a flexible BYOD environment with an acceptable level of risk for most organizations. Finally and most importantly, organizations should choose the components and features that best meet their strategy. Let your strategy dictate your controls, not vice-versa. Here are some of the specific Network Access Control requirements to support a successful BYOD implementation: Joint Solution Capabilities The ForeScout-Motorola joint solution provides a fully integrated end-to-end framework for BYOD. It includes automated profiling, onboarding, access control, posture assessment, remediation, data protection and mobile device management capabilities, allowing organizations to securely implement a BYOD program. Key capabilities include: Unified Visibility Across All Networks and Device Types: ForeScout CounterACT provides real-time visibility into everything on your wired and wireless network all devices, operating systems, users, applications and more. CounterACT incorporates the most granular host profiling engine in the industry and can categorize endpoints by various hardware, software and user attributes. This profiling data is subsequently used in provisioning, onboarding, access control, posture assessment and remediation functions in a BYOD environment. Network Access Control policies should be based on authentication of device and user, and real-time security posture of the device. NAC should check posture pre-admission and also post-admission to detect real-time changes in the risk profile of a device. The NAC system should include automated discovery, profiling and network onboarding of headless devices (such as printers, IP phones, manufacturing, medical and security equipment) in order to minimize the administrative overhead. The NAC system should be able to check for the presence of an MDM agent on mobile devices such as smartphones and tablets. Depending on the organization s policy, the NAC system should be able to block Network endpoints that do not Access Control have the agent or provide limited access (for BYOD example, internet Mobile Device Ready! Wireless access only) Infrastructure Management until the agent can be installed. Fig 2. ForeScout CounterACT detects and classifies everything on your network, in real time. Easy Onboarding of All Users and Devices: Motorola Secure Access Enrollment server automates the onboarding of all users types (employees, contractors, partners, guests etc.) and device types (corporate or personal). It enables different workflows to be defined for each class of user and/ or device in order to customize the provisioning process and user experience. Broad device support includes provisioning and onboarding Windows, Mac OS, Linux, ios and Android endpoints.

Customizable WLAN Access Control Rules: Motorola Secure Access takes differentiated access to resources to the next level. When using Secure Access onboarding, Motorola wireless access points can apply unique firewall rule sets to each endpoint based on a combination of user identity and device type. This enables granular control over the resources accessible to guests, contractors, partners and even employee-owned personal devices. Fig 3. Flexible workflows for user classes Flexible Authentication Options: A wide variety of authentication options are available for different user types within an organization. Multiple identity stores, both public and private can be leveraged for user identification. For example, an employee may be identified using Active Directory, while a guest may be identified using a social media identity. Guest credentials can include sponsor-provided vouchers or self-registration via text messaging. 802.1X can be used on wireless networks, while other authentication mechanisms can be used on wired networks. Unified Network Access Control Policies: ForeScout CounterACT provides unified network access policy management for all endpoints on the network regardless of the type of device (Windows, Mac, Linux, smartphone, tablet), the type of connection (wired, wireless, VPN) or the ownership of the device (corporate or personal). Unlike early generation NAC products that employed heavy handed controls and disrupted users, CounterACT provides a full spectrum of enforcement options that let you tailor the response to the situation and risk profile of the organization. Automated MDM Registration and Provisioning: MDM is a critical component to control the corporate data on the personal devices. ForeScout CounterACT integrates with ForeScout MDM and other 3rd party MDM systems to automate the registration and installation of MDM agents on mobile BYOD endpoints. CounterACT can trigger the MDM system to perform just-in-time compliance checks and device remediation at network admission time. Additionally, the MDM system can send information about MDM-managed mobile devices to CounterACT, to be processed alongside information about unmanaged mobile devices and endpoints outside the scope of the MDM system (such as Windows, Mac and Linux machines). Fig 4. Automated device provisioning

This allows organizations to leverage a single console to view all connected devices, configure and enforce network security policies, and monitor and report on policy compliance. Post-connect Attack Prevention: ForeScout CounterACT includes ActiveResponse, a patented threat detection engine which monitors the behavior of devices post-connection for real-time awareness of anomalous activity and posture changes. ActiveResponse blocks zero-day self-propagating threats and other types of malicious behavior in a BYOD environment. Unlike other approaches, ActiveResponse does not rely on signature updates to remain effective, ensuring low management overhead. Conclusion The ForeScout-Motorola joint solution is extremely flexible and can be tailored to meet your organization s unique needs and security policies. Security policies vary from one organization to the next. One organization may need to allow BYOD MacBooks onto the network, while another organization may want to block them. One organization may allow Android devices onto the network, but only if they have been enrolled in an MDM system; another organization may block Android totally. In the same vein, organizations have different endpoint remediation preferences. One organization may strictly monitor and control the use of instant messaging or USB memory sticks on computers used by employees, regardless of whether they are corporate-owned or personally-owned computers. Another organization may have a more tolerant policy. Fig 5. ForeScout MDM provides complete security management for mobile devices. About ForeScout ForeScout enables organizations to accelerate productivity and connectivity by allowing users to access corporate network resources where, how and when needed without compromising security. ForeScout s realtime network security platform for access control, mobile security, endpoint compliance and threat prevention empower IT agility while preempting risks and eliminating remediation costs. Because the ForeScout CounterACT solution is easy to deploy, unobtrusive, intelligent and scalable, it has been chosen by more than 1,400 of the world s most secure enterprises and military installations for global deployments spanning 37 countries. Headquartered in Cupertino, California, ForeScout delivers its solutions through its network of authorized partners worldwide. Learn more at www.forescout.com About Motorola Solutions Motorola Solutions is a leading provider of missioncritical communication products and services for enterprise and government customers. Through leading-edge innovation and communications technology, it is a global leader that enables its customers to be their best in the moments that matter. To learn more, visit www.motorolasolutions.com 2013 ForeScout Technologies, Inc. All rights reserved. ForeScout Technologies, the ForeScout logo, CounterACT, ForeScout MDM, and ActiveResponse are trademarks of ForeScout Technologies, Inc. All other trademarks are the property of their respective owners. Doc 2013-0019 10001 N. De Anza Blvd., Cupertino, CA 95014 Tel: +1 (408) 213-3191 info@forescout.com www.forescout.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information