ForeScout | Access Ability

Overview

Real-time Network Visibility

ForeScout CounterACT gives you real-time visibility into everything on your network — all devices, all operating systems, all users, all applications.

The Problem

Before you can manage your network’s security, you have to have visibility into everything on your network.   This includes:

• Authorized and unauthorized users (employees, guests, contractors)
• Authorized and unauthorized devices (computers, wireless access points, handheld phones, USB memory devices, printers, etc.)
• Authorized and unauthorized applications
• Security configurations and security posture of all devices on your network

Many IT managers think they know what is on their network, but in reality this is quite difficult.   The information provided by agent-based security systems (Symantec, McAfee, Trend, Sophos, etc.) or patch management systems (BigFix, Lumension, Microsoft, etc.) is often incorrect.

Agent-based security systems are typically limited to corporate-owned devices. As a result, security teams typically have no visibility into the security of employee-owned devices and devices that are not computers.   The list includes:

• Personal laptops
• Smartphones
• Tablet computers
• Smart printers (many of today’s printers contain an embedded operating system)
• Peripheral devices such as USB memory sticks
• Industrial equipment
• Rogue wiring devices

The Solution

ForeScout CounterACT is a network appliance that reveals everything on your network: computers, switches, VoIP phones, printers, personal cell phones, rogue wireless access points, USB drives, and more. CounterACT incorporates the most granular host interrogation engine in the industry and can determine almost every configuration detail on every endpoint. CounterACT automatically builds a complete profile of each endpoint, including:

• identity of the person logged in
• user’s behavior once logged in
• operating system
• applications running
• patch levels for all software
• status of security agents (running or not running)
• endpoint-connected devices such as USB drives
• network-connected mobile devices, such as smart phones

Administrators can access this information using a simple Google-like search interface that displays a detailed catalog of all connected users and devices. From there, they can easily locate problematic or nonconforming users, endpoints, and devices – right down to physical switches and switch-ports.

ForeScout CounterACT is easy to deploy.   It is a simple appliance that installs out-of-band on the network.   It requires no software installation on host computers.

Features

ForeScout CounterACT uses multiple technologies to learn about everything on your network.   The following is the information that CounterACT will show you:

Device Information

• Device type (printer, wireless network device, laptop, etc.)
• Device authentication/NETBIOS/domain membership
• System information (manufacturer, model name, number of processors, etc.)
• Storage information (drive type, volume name, size, name, etc.)
• Motherboard (manufacturer, model, serial number, removable, etc.)
• RAM (memory type, capacity, manufacturer, serial number, speed, etc.)
• Network adapter (DeviceID, name, adapter type, speed, etc.)
• Processors (number of cores, description, family, manufacturer, etc.)
• MAC/IP address
• NIC vendor
• Hostname

Security Status

• Anti-malware agents status (installed/running) and database versions
• Patch management agent status (installed/running)
• Firewall status (installed/running)
• Audit trail of changes to OS/configuration/ application
• X509 certificates

User Information

• Username
• Full name
• Authentication status
• Workgroup
• Email address
• Phone number
• Guest/authentication status Device Information
• Device type (printer, wireless network device, laptop, etc.)
• Device authentication/NETBIOS/domain membership
• MAC/IP address
• NIC vendo

Operating System Status

• Type
• Version number
• Patch level
• Processes and services installed or running
• Registry and configuration
• File name/size/date/version
• Shared directories Security Status
• Anti-malware agents status (installed/running) and database versions
• Patch management agent status (installed/running)
• Firewall status (installed/running)
• Audit trail of changes to OS/configuration/ application

Application Information

• Authorized applications installed/running
• Rogue applications installed/running
• P2P/IM clients Installed/running
• Application name and version number
• Registry values
• File sizes
• Modification date and patch level

Peripheral information

• Device class (disk, printer, DVD/CD, modem, NIC, memory, phone, etc.)
• Connection type (USB, Bluetooth, infrared, wireless, etc.)
• Device information (make, model, device ID, serial number, etc.) Network Traffic Information
• Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
• Traffic source/destination
• Rogue NAT/DHCP behavior

Physical Layer Information

• Switch IP, description, location
• Switch port
• VLAN
• Number of devices on any port
• 802.1x authentication status

Network Traffic Information

• Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
• Traffic source/destination
• Rogue NAT/DHCP behavior
• IPV6 tunnels through IPV4

Benefits

Painless deployment

ForeScout CounterACT is a simple appliance that installs out-of-band on your network.   It requires no software installation.

Improve security awareness

By knowing about everything and everyone on your network, you will be in a better position to assess risks and take action to remediate vulnerabilities.

Improve network stability

ForeScout CounterACT lets you identify network infrastructure not provisioned by IT such as wiring hubs, wireless access points, and DHCP servers. Often these unauthorized devices are the source of network instability and outages.

Get full ROI from your existing security investments.

Don’t risk network protection with a false sense of security. ForeScout CounterACT shows you which endpoints have broken, out-of-date, or missing anti-virus, patch management, encryption, or DLP tools.

Reduce IT Support Costs.

By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. Also, help desk personnel find the information provided by CounterACT to be very valuable for troubleshooting problems with endpoint systems.