ForeScout Mobile Security Module

Overview

ForeScout Mobile Security Module is the easiest and most economical way for IT security managers to say “yes” to Android and Apple iOS devices on the enterprise network without compromising security.

ForeScout Mobile Security Module runs as an add-on to ForeScout’s market-leading network access control (NAC) platform, ForeScout CounterACT. Together, these two products provide real-time visibility and control of everything on the network—wired and wireless, managed and unmanaged, PCs and handheld devices—and give you special visibility and control over Android and iOS devices.

Relative to a full-blown MDM system, ForeScout CounterACT with the ForeScout Mobile Security Module is:

  • More affordable. The price of ForeScout CounterACT and the ForeScout Mobile Security Module is a fraction of the price of a typical MDM system.
  • More unified. ForeScout CounterACT working with the ForeScout Mobile Security Module allows you to apply intelligent network access control policies for everything on your network regardless of the type of device (PC, Mac, tablet, smartphone), the type of connection (wired, wireless, VPN) or the owner of the device (corporate or personal).
  • More real-time. ForeScout CounterACT working with the ForeScout Mobile Security Module provides real-time visibility of all devices on your network, even those that have not been “enrolled” in an MDM system.

The ForeScout Mobile Security Module includes plugins and apps that work with Android and iOS devices.

On Android, the ForeScout Mobile app collects hardware, software and configuration information for each device on which it is installed and reports this to the CounterACT appliance. This allows CounterACT to determine the compliance of the device, restrict network access on the basis of that information, and send automatic notifications to users to help them remediate security problems.

On iOS, hardware, software and configuration information is collected by the native iOS operating system and transmitted to the CounterACT appliance via the Apple MDM API and the Apple Push Notification Service (APNs). Additionally, the ForeScout Mobile Security Module can configure iOS policies and profiles and apply them to iOS devices which are connected to the network via WiFi or VPN or which are connected to a broadband carrier (over-the-air).

Features of ForeScout CounterACT with the ForeScout Mobile Security Module include:

  • Automated real-time detection. ForeScout CounterACT lets you detect mobile devices the moment they try to connect to your network. No agents or software are required.
  • Visibility. ForeScout CounterACT categorizes and reports on hand-held mobile devices by type (iOS, Android, Windows Mobile, Blackberry, etc.) and by user. The additional visibility provided by ForeScout Mobile Security Module includes information such as hardware model, OS version, installed apps, IP address, serial number, phone number.
  • Compliance management. ForeScout Mobile Security Module gives CounterACT additional visibility into Android and iOS devices, allowing CounterACT to assess compliance with security policy. For example:
    • Identify mobile devices without password protection
    • Identify mobile devices that are missing required apps, for example, management or security apps
    • Identify mobile devices that are running black-listed apps
    • Identify mobile devices that are jailbroken or rooted
  • Enforcement options.ForeScout Mobile Security Module works with ForeScout CounterACT and provides a wide variety of enforcement options:
    • Monitor—learn who and what are on your network, and identify non-compliant systems
    • Notify—send emails or messages to IT personnel or end-users, or HTTP hijack end-users. Automated messages can guide end-users to take remediation steps, such as install specific MDM applications or security tokens onto their smartphones.
    • Limit—limit the network access based on device type, device ownership, time of day, and device compliance. The limited access network can allow access to a subset of applications and data, blocking access to more sensitive corporate resources.
    • Block—keep all (or just certain types of) devices off your network completely.
    • Remediate—directly remediate (without end-user intervention) iOS devices with actions such as enforce password policy; require apps such as anti-virus, MDM or virtualization; remove or disable native apps such as the camera; and enforce specific WiFi access methods.
  • Guest registration. If you wish to setup a guest network for personal mobile devices, you can use ForeScout CounterACT’s built-in guest registration system. Once a guest has been approved, CounterACT can dynamically enforce your security policies, such as restricting the user’s access to just the Internet.
  • Continuous protection. If malware exists on the mobile device and tries to propagate or interrogate your network, ForeScout CounterACT will detect the malicious behavior, block the threat, and can automatically quarantine or remove the mobile device from your network. ForeScout CounterACT includes ForeScout’s patented ActiveResponse™ technology which can detect and block zero-day threats.

 
ForeScout Mobile Security Module is one of several advanced functions that are available with ForeScout’s ControlFabric architecture.
 

Product Tours

Product Demonstrations

Mobile Handheld Security

This video demonstrates the use of ForeScout CounterACT to identify mobile handheld devices on the network and offer role-based access. Corporate devices are provided full access automatically while guests can be registered via SMS for 100% user verification.

Product Screenshots

Click image to enlarge.

Guest Registration

ForeScout CounterACT allows guests to register for access to your network.

Mobile Devices

ForeScout CounterACT identifies handheld devices on your network – iPhone, iPad, Android, Windows Mobile, Blackberry, Nokia Symbian.

Mobile Device Properties

ForesScout mobile shows you an inventory of mobile device properties on your network.

Compare

= Best = Good = Fair = Poor*
ForeScout CounterACT ForeScout CounterACT + ForeScout Mobile Security Module ForeScout CounterACT + MDM Integration + MDM MDM
Operational Management
Expense management
Inventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Configuration enforcement
Containerization / encryption
Jailbreak and root detection
Unified visibility and network access policy
User impact
Transparent Lightweight Lightweight Lightweight
Price
$ $$ $$$* $$$$

*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower risk devices/users are managed by ForeScout Mobile Security Module.

Specs

ForeScout CounterACT Mobile Security Module Android version 2.1 and above and

iOS version 4.0 and above.

In addition to the specific capabilities offered by ForeScout Mobile Security Module, ForeScout CounterACT supports an extremely wide range of devices and operating systems including printers, switches, routers, computers, tablets, and smartphones.