ForeScout | Access Ability

Overview

IT organizations today need visibility into and control over the mobile devices that are entering your enterprise, whether they are employee-owned or provided by your organization. ForeScout MDM, powered by MaaS360, provides a comprehensive set of capabilities to get devices configured for enterprise access and makes sure corporate data stored on these devices is secure.

ForeScout MDM supports the entire mobile device lifecycle: provisioning, integration, management, security, monitoring and support.

Provision – ForeScout MDM streamlines the configuration and device enrollment process to make life simple for IT and mobile employees. With automatic default policies for Exchange ActiveSync- and Lotus Notes Traveler-connected devices as well as iPhone, iPad, BlackBerry and Android devices (including the Kindle Fire), IT can simply modify an existing policy rather than creating one from scratch. Device enrollment takes just minutes instead of hours. ForeScout MDM discovers new users and devices, and allows IT to launch a simple end user self-service OTA enrollment process. For instance, ForeScout MDM doesn’t require the installation of an app on Apple iOS devices for enrollment. That’s one less step for the end user. And if IT is provisioning a large scale deployment of Apple devices before the user has associated the device, IT can do that much easier compared to other MDM solutions that require an iTunes app to enroll the device in the management platform.

Top

Integrate –Through our unique approach, ForeScout MDM makes enterprise system integration easy and straightforward. With ForeScout MDM Cloud Extender, you can securely integrate with all major email, calendar and contacts platforms including Exchange, Lotus Notes, and Microsoft’s upcoming Office 365, plus Active Directory and any required certificate authorities. Robust APIs ease the integration process for both the enterprise and channel partners.

Top

Manage – ForeScout MDM provides a unified management console for all smartphones, tablets, and laptops with centralized policy and control across multiple platforms. Through automated workflows, IT can discover, enroll, manage and report on enterprise-wide mobile devices as part of your mobile device operations. In addition, role-based ForeScout MDM portal rights allow you to expand or restrict access to authorized users.

OTA configuration management provides simple delivery and maintenance of corporate device profiles, including Wi-Fi and VPN settings. Through device quarantine and approval, IT is automatically notified of any new devices on the network and can block or approve them, ensuring compliance with corporate policies.

ForeScout MDM also delivers robust cross-platform, application management capabilities. ForeScout MDM allows enterprises to have their own app catalog on their device that presents users with approved or recommended public applications, in-house developed applications, and the ability to push updates of those applications as they are made available.

Additionally, enterprises can use ForeScout MDM SDKs for developing in-house apps for key functions such as authentication, updates, and usage reporting. These are invaluable tools for businesses building and managing their own in-house applications. By leveraging the ForeScout MDM mobile device management platform, you can speed in-house development, reduce security risks to enterprise infrastructure, and save costs by helping an enterprise avoid buying separate mobile enterprise application development platforms or gateways.

Top

Secure – ForeScout MDM provides dynamic, end-to-end security and compliance management capabilities for your devices. Enforcement of passcode policies and strong encryption keys protects sensitive business and personal data on mobile devices. With ForeScout MDM you can configure device passcode policies to meet your highest enterprise security standards, and actively monitor devices to ensure total compliance.

Through real-time compliance management, ForeScout MDM can detect when users opt out of your MDM program, install prohibited applications, or initiate SIM changes. Based on this information, you can take automated policy actions, such as messaging the user, blocking email, or even wiping the corporate data from the device. Through passcode and device restriction policies, IT can control approved devices to protect data from theft, and restrict unapproved features and applications. Remote wipe actions ensure lost or stolen devices are not a data leak risk, and with selective wipe, you can delete corporate data while leaving personal data intact.

ForeScout MDM’s optional secure document distribution system allows organizations to distribute sensitive documents and protect them within the ForeScout MDM app sandbox, utilizing native device encryption and policy-based restrictions on who can share what documents. Features include a web-based management console, automated alerts when new or updated content appears in each user’s document catalog, and an optional Doc Cloud distribution network which reduces load on your network and increases performance for end users.

Top

Monitor – Dashboards deliver an interactive, graphical summary of your mobile device operations and compliance. ForeScout MDM provides integrated MI reporting and analytics to provide a high level view into your mobile device landscape across your enterprise with detailed hardware and software inventory reports, plus configuration and vulnerability details.Your organization will gain insight into the distribution of mobile devices across the different operating system platforms, approval statuses, device capabilities, ownership and various other useful summaries and detail. Administrators can customize their Watch List to track and receive alerts about key events.

Top

Support – Supporting mobile workers requires a 24×7 operation that’s always on. You need the ability to diagnose and resolve device, user or application issues in real time from a centralized portal to keep mobile workers happy and productive. ForeScout MDM provides robust help desk capabilities for support procedures such as locating a device with GPS, resetting a user’s passcode, and sending a direct message to a device. ForeScout MDM also provides an end-user support portal that allows users to do basic self-management of their device, such as wiping or resetting the password on a lost device.

ForeScout MDM is powered by MaaS360, a powerful cloud-based technology used by over 1200 companies around the world, and named the “Clear Choice Test” winner by Network World.

Top

Integration with ForeScout CounterACT – ForeScout MDM integrates with ForeScout CounterACT using the ForeScout Mobile Integration Module. Through this integration, you gain the following features:

• Automated real-time detection. ForeScout CounterACT detects unknown mobile devices the moment they try to connect to your network.
• Improved security by blocking unauthorized users and devices from the network, as well as imposing whatever limits you want on mobile devices.
• Unified policy management and compliance reporting for all endpoint devices—PCs, smartphones, and tablets.
• Automated installation of MDM agents by automatically users with unmanaged devices through a simple self-enrollment process.
• Guest registration. If you wish to setup a guest network for personal mobile devices, you can use ForeScout CounterACT’s built-in guest registration system. Once a guest has been approved, CounterACT can dynamically enforce your security policies, such as restricting the user’s access to just the Internet.
• Continuous protection. If malware exists on the mobile device and tries to propagate or interrogate your network, ForeScout CounterACT will detect the malicious behavior, block the threat, and can automatically quarantine or remove the mobile device from your network. ForeScout CounterACT includes ForeScout’s patented ActiveResponse™ technology which can detect and block zero-day threats.

Top