ForeScout | Access Ability

Overview

ForeScout CounterACT helps protect your sensitive data by providing real-time visibility and control of all devices, users and applications on your network.

The Problem

You may have already deployed data security controls such as encryption, DLP, and data access policies. These controls are good, but are they sufficient? Are they working properly on all your endpoint systems?   How can you be sure?

Consider these issues:

1. Agent-based security systems such as encryption, DLP, and host attack prevention (e.g. antivirus) are good, but they are only deployed onto managed systems. They do not protect your network from “unmanaged” systems – computers brought in by guests, contractors, smart printers, and smart phones for example.   These kinds of systems may be connecting to your network in large numbers and introducing security risk.
2. Agent-based security systems are not 100% effective.   They can be turned-off. Bypassed. The policies and signature files can become out of date. Nearly all organizations who have suffered embarrassing and expensive data breaches have discovered this fact the hard way. An investigation by Microsoft in 2007 indicated that over 50% of their own computers had a problem with their security agents or configuration.

You may also have security policies that prohibit running unauthorized applications or utilizing unencrypted USB memory devices. But how do you detect whether users are complying with your policies?   How do you educate users of your policies?   How do you enforce your policies?

The Solution

ForeScout CounterACT solves these problems. CounterACT is an automated security control platform that gives you realtime visibility and control over both managed and unmanaged endpoints. Since CounterACT operates over the network, it does not rely on host-based software, thus it avoids the complexity and problematic nature of agent-based security systems.

ForeScout CounterACT includes five layers of data security protection:

Features

ForeScout CounterACT helps you protect your sensitive data by giving you real-time visibility and control of all devices, users and applications on your network.   Features include:

Policy Manager

ForeScout CounterACT lets you create and enforce security policies to protect your data. Configuration and administration is fast and easy thanks to CounterACT’s built-in policy wizard and knowledge base of device classifications, rules and reports.

Network Access Control

ForeScout CounterACT will enforce network access policies to ensue that unauthorized users and rogue network devices are not on your network.

Endpoint Compliance

A secure system is less likely to lose data than one which is infected or compromised.   ForeScout CounterACT ensures that all of your endpoint systems have up-to-date security software (antivirus, encryption, etc.) and are properly patched.

ForeScout CounterACT is agentless, which allows it to work with all type of endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover gaps and weaknesses in your existing agent-based security systems that would otherwise go undetected.

Automated Remediation

ForeScout CounterACT can automatically remediate endpoint security deficiencies.   CounterACT includes a wide spectrum of remediation options which lets you tailor the action to fit the severity of the incidence:

• Notifications can be sent to violating users in the form of a trouble ticket, email, browser redirect, trap, or syslog. An auditable end-user acknowledgement lets you track non-compliance warnings to users.
• Access Control can be automatically applied to limit network access for non-compliant devices without disrupting user productivity while remedial action is taken. For example, if a device has out-of-date anti-virus definitions, the device can be moved to a quarantine VLAN, or the access control list (ACL) on the switch can be adjusted to protect other users on the network.
• Remediation can be triggered, for example by directing the anti-virus server to auto-update a specific device or prompting the patch management system to update the device’s operating system.
• Disabling can be performed by killing unauthorized processes and applications on the endpoint.

Threat Prevention

These days, most attacks come from compromised systems inside the network. ForeScout CounterACT contains a patented threat-detection engine that protects your network from zero-day threats and infected systems. Our unique technology does not require signature updates or other forms of maintenance. ForeScout CounterACT provided zero-day protection against Conficker, Zeus and Stuxnet.

User Behavior Control

ForeScout CounterACT lets you monitor who is running forbidden applications such as P2P, or using USB memory sticks, etc. Send users who are violating policies just-in-time notifications, including an auditable acknowledgement that the user has read the security policy that they just violated. Optionally disable or kill prohibited devices or processes.

Benefits

ForeScout CounterACT is an extremely valuable component of an overall data security program. Benefits include:

Painless deployment

Unlike traditional agent-based security systems, ForeScout CounterACT is a simple appliance that installs out-of-band on your network.   It requires no software installation. It works without agents.

100% coverage

Unlike traditional agent-based security systems, ForeScout CounterACT allows you to enforce security policies on every device on your network–known and unknown, managed and unmanaged, corporate and personal.

Automated actions

ForeScout CounterACT sees problems in real-time and can react without the need for manual intervention. Response is fast, and valuable time of IT administrators is not wasted.

Non-disruptive

Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to more assertive (update software) to most aggressive (kill process, block from network). The range of enforcement actions helps you be more successful by working with users, not against them.

100% compatible

ForeScout CounterACT works with what you have–all your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems. We take what you have and make it better.

Accelerated results

ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.