Posts Tagged ‘CounterACT’

Could ForeScout CounterACT have stopped Operation Aurora attacks on Google?

Monday, August 2nd, 2010

In January 2010, Google disclosed that sophisticated cyber attacks on its computer systems had resulted in the theft of Google intellectual property. According to sources such as NetworkWorld, the attack, referred to as “Operation Aurora”, originated in China and was directed at some 100 companies or entities. The attackers entered via Instant Messenger (IM) and leveraged a vulnerability in Internet Explorer to upload a malicious payload. The malware was then used to try to steal intellectual property and gain access to customer data.

It may seem, at first, that corporations looking to protect themselves from an attack of this type have limited options. Experts such as Gartner, as well as some vendors, have gone as far as to recommend disruptive measures such as uninstalling Internet Explorer companywide or the use of application white listing.  While these approaches may solve the problem, they come at a great cost. Application white listing in particular is disruptive to business productivity.

Could an integrated security appliance which includes network access control, network threat protection and endpoint security enforcement – such as ForeScout CounterACT – stop such an attack? It is quite possible.

In a New York Times article, “Cyberattack on Google Said to Hit Password System,” John Markoff explains how the Google attack started with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program.  By clicking on a link, the employee unintentionally provided access to his personal computer and then to Google’s network.

ForeScout CounterACT allows a corporation to gain control of its endpoints and enforce security policies.  CounterACT can prevent the use of IM and Peer-to-Peer applications. If Google had a corporate policy against external instant messaging – and a way to enforce it — perhaps the threat would have never penetrated their network.

If the attack did not enter via IM but came in another way, could CounterACT have stopped it? As many have pointed out, in persistent threats such as Operation Aurora, the sole purpose is to get around firewalls, antivirus software, intrusion detection systems and other controls.  Before this can happen, an attack such as this must gather information about potential vulnerability and configuration information through scanning and probing the network. ForeScout’s CounterACT detects attackers’ reconnaissance and responds to them with counterfeit information. If an intruder attempts to use this information to attack the network, he has proven his malicious intent and can be blocked before the network is compromised.

As we pointed out in a recent press release, ForeScout CounterACT includes strong post-connect security. Analysts such as Gartner have recently stated that post-connect security is important for NAC products to protect against targeted malware. Few NAC products contain as strong post-connect security as ForeScout CounterACT contains.

A third control that ForeScout CounterACT offers is the ability to segregate your corporate network and ensure that only authorized people can access sensitive data (like password, finance, CRM, IP servers). Depending on the policies that you establish, CounterACT will give different levels of network access to each type of user — guests, contractors, and employees of various stripes. This kind of internal network hardening makes it harder (or impossible) for an attacker who has compromised one computer to steal data on sensitive servers.

The details surrounding the attack and theft of the software from Google have been a closely guarded secret by the company. It is difficult to tell if a solution like CounterACT could have protected the network without more specifics on the attack. We do know, however, that sophisticated threats such as this are becoming more common. Traditional network security solutions, which are designed to protect against external attack, have become insufficient. Solutions such as ForeScout CounterACT offer a number of ways to protect your internal network without disrupting the productivity of your business.

  • Share/Bookmark

Tags: , , , , ,
Posted in ForeScout | No Comments »

Enforcing your Acceptable Use Policy

Wednesday, June 30th, 2010

Would your company be more secure if all employees knew about and followed the Acceptable Use Policy?

The Acceptable Use Policy (AUP) is a cornerstone of IT security. The AUP defines how a company’s IT resources can be used. Most companies require all employees to read and sign the AUP, typically when the employee first hires on and annually thereafter.

The problem is that this is a perfunctory exercise at best. Most companies do not have a good mechanism for catching employees who violate the AUP. As a result, employees’ awareness of and level of commitment to the AUP is typically very low. In such an environment, is it no wonder that most employees feel that security is unimportant and that taking risks with IT data is acceptable.

ForeScout CounterACT lets you take a proactive stance on your AUP and provide a real sense of user participation in your security program. For example, if your organization’s AUP states that instant messaging (IM) should not be utilized, ForeScout CounterACT can be used to enforce this policy. If an employee installs IM on their company-issued computer, CounterACT can detect this, can notify the employee of the AUP violation, and can direct the employee to the intranet page where the company’s AUP is stored. Education is swift and timely. And the message is given that the organization takes security very seriously.

ForeScout CounterACT is typically purchased for network access control, but this example shows that the product is a whole lot more powerful than just NAC.

  • Share/Bookmark

Tags: , , , , , , , ,
Posted in Uncategorized | No Comments »

CounterACT Offers 24/7/365 Protection vs. Conficker

Wednesday, February 4th, 2009

When the recent Conficker outbreak wreaked havoc upon Windows-based LANs in enterprises worldwide, CounterACT customers called in to let us know their networks were fully protected thanks to CounterACT.

Conficker (aka Downup, Downadup and Kido) is an aggressive worm that targets Windows-based systems. It’s been estimated that the bug infected over 10 million PCs in just a few short weeks (over a million in a single 24-hour period) … making it one of the most prolific, dangerous and widespread infections in recent times.

Anyone using a Windows-based system was cautioned to verify that their system was free of the Conficker worm and was running the latest, patched version of Microsoft Windows: http://support.microsoft.com/kb/962007

CounterACT users, of course, had the peace of mind that their systems were automatically protected: read the Tech Note or view the webinar to learn why.

  • Share/Bookmark

Tags: , , ,
Posted in ForeScout | No Comments »