Endpoint Compliance

Overview

ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of all devices on your network. ForeScout CounterACT automatically measures compliance with your security policies and remediates endpoint security deficiencies.

The Problem

Many organizations spend millions on endpoint security tools – such as antivirus, encryption, data loss prevention (DLP), and so on – only to have end users turn off or disable those tools. Even in well-managed enterprises, host-based security tools typically do not work properly on at least 20% of systems.

Obtaining an accurate picture of what is happening on your network is extraordinarily difficult. Security teams are often unaware that the information provided to them by existing agent-based security systems (Symantec, McAfee, Trend, Sophos, etc.) or patch management systems (BigFix, Lumension, Microsoft, etc.) is incorrect. Despite the availability of sophisticated security tools, Microsoft reported in 2007 that fewer than 50% of their endpoint computers were fully compliant with their security policies.

Another problem is the fact that auditing policy compliance consumes time and resources that can be doing other things. Security teams do the best they can with limited resources, but they need automated tools to audit endpoint compliance, and provide remediation services when required.

The Solution

ForeScout CounterACT solves these problems. ForeScout CounterACT can ensure that every endpoint on your network is compliant with your security policies. For example, CounterACT can ensure that antivirus is up-to-date, the operating system is properly patched, and the computer is free of illegitimate software such as P2P. Because ForeScout CounterACT is agentless, it works with all type of endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover weaknesses in your existing agent-based security systems that would otherwise go undetected.

When CounterACT discovers a security problem, it can automatically fix the problem, or it can leverage your existing remediation or helpdesk systems. A range of integrations are available through ForeScout’s ControlFabric architecture to allow you to leverage the information produced by CounterACT with other IT management systems.

Features

ForeScout CounterACT automatically enforces security policies for everyone and everything on your network, which helps minimize your security risks. Features include:

Policy Manager

ForeScout CounterACT lets you create security policies that are right for your enterprise. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.

Visibility

ForeScout CounterACT can identify non-compliant computers – who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:

  • Anti-malware agent status (installed/running)
  • Anti-malware signature version
  • Patch management agent status (installed/running)
  • Operating system vulnerabilities
  • Firewall status (installed/running)
  • Processes and services installed or running
  • Registry and configuration
  • Applications installed/running
  • P2P/IM clients Installed/running
  • Peripheral devices (type, make, model)
  • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
  • Rogue NAT/DHCP behavior
Compliance Engine

ForeScout CounterACT will detect when devices or users are out of compliance with your security policy. Track down users who are engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including reason for non-compliance and complete details such as location of the device. CounterACT’s built-in compliance dashboard and canned reports let you monitor overall compliance trends.

Policy Enforcement

When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy.

Endpoint Remediation

ForeScout CounterACT includes a wide range of endpoint remediation actions. CounterACT can direct the anti-virus server to auto-update the non-compliant host, or it can prompt the patch management system to update the device’s operating system, or it can disable unauthorized software. The complete range of actions is shown below.

ControlFabric Integration

All of the information generated by ForeScout CounterACT can be exported to your existing GRC or reporting systems. Integrations are available for most leading SIEM systems, and end-users can build custom integrations with the Open Integration Module.

Off-site Endpoint Compliance¹

ForeScout CounterACT’s RemoteControl feature extends endpoint visibility and control beyond the enterprise network. This allows you to monitor and enforce security policies on corporate and enrolled-BYOD endpoints operating outside the corporate network and in the cloud.


¹ CounterACT RemoteControl feature planned availability – mid-2014

Benefits

ForeScout CounterACT’s automated security control system helps organizations improve security while saving money.

Improve security
  • Reduce risk of infection by ensuring that endpoints are properly configured, antivirus is properly running and updated, vulnerabilities are patched, and the latest versions of software is installed.
  • Reduce risk of data loss by ensuring that encryption and DLP agents are running properly. Ensure that users are not able to run unauthorized applications or peripheral devices (e.g. USB memory sticks).
  • Reduce risk of the unknown. Detect and monitor use of unmanaged devices such as smartphones, tablets, USB interfaces, and printers. Network-based ForeScout CounterACT instantly detects unmanaged devices and monitors their activity for suspicious behavior.
Save Money
  • Reduce IT support costs. By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. Large organizations have reported savings of approximately $1 million per year with ForeScout CounterACT.
  • Avoid penalties of lost data. A secure network, with secure endpoints, is less likely to lose data. Avoid the regulatory fines and devastating impact to your corporate reputation.
Save Time
  • Realtime data and reports show you problems on your network right now, letting you take action while the problem still exists.
  • By improving your endpoint security posture, you will suffer fewer infections and avoid time-consuming drills to repair infected workstations.
Avoid disruption
  • Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.

Product Tours

Product Demonstrations

Compliance

Watch how ForeScout CounterACT lets IT managers manage security.

Remediation

Watch how ForeScout CounterACT lets IT managers remediate security.

ForeScout-ArcSight Integration

Watch how ForeScout CounterACT integrates with the ArcSight SEIM platform to provide better security risk awareness and more automated security threat response.

Product Screenshots

Click image to enlarge.

Dashboard

ForeScout CounterACT dashboard shows you compliance trends over time.

Compliance Detail

ForeScout CounterACT identifies security gaps on your network, such as security agents that are not working or not up-to-date.

Windows PC inventory with missing updates

ForeScout CounterACT shows you in realtime which PCs on your network contain vulnerabilities.

Unauthorized processes

ForeScout CounterACT shows you which PCs are running unauthorized processes.

ForeScout Compliance Center

ForeScout Compliance Center shows endusers whether their computers are compliant with your security policies.

Kill peer-to-peer selections

ForeScout CounterACT makes it easy to kill unauthorized software, such as peer-to-peer.