ForeScout | Access Ability

Overview

ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of all devices on your network. ForeScout CounterACT automatically measures compliance with your security policies and remediates endpoint security deficiencies.

The Problem

Many organizations spend millions on endpoint security tools – such as antivirus, encryption, data loss prevention (DLP), and so on – only to have end users turn off or disable those tools. Even in well-managed enterprises, host-based security tools typically do not work properly on at least 20% of systems.

Obtaining an accurate picture of what is happening on your network is extraordinarily difficult. Security teams are often unaware that the information provided to them by existing agent-based security systems (Symantec, McAfee, Trend, Sophos, etc.) or patch management systems (BigFix, Lumension, Microsoft, etc.) is incorrect. Despite the availability of sophisticated security tools, Microsoft reported in 2007 that fewer than 50% of their endpoint computers were fully compliant with their security policies.

Another problem is the fact that auditing policy compliance consumes time and resources that can be doing other things. Security teams do the best they can with limited resources, but they need automated tools to audit endpoint compliance, and provide remediation services when required.

The Solution

ForeScout CounterACT solves these problems. ForeScout CounterACT can ensure that every endpoint on your network is compliant with your security policies. For example, CounterACT can ensure that antivirus is up-to-date, the operating system is properly patched, and the computer is free of illegitimate software such as P2P. Because ForeScout CounterACT is agentless, it works with all type of endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover weaknesses in your existing agent-based security systems that would otherwise go undetected.

When CounterACT discovers a security problem, it can automatically fix the problem, or it can leverage your existing remediation or helpdesk systems.

Features

ForeScout CounterACT automatically enforces security policies for everyone and everything on your network, which helps minimize your security risks. Features include:

Policy Manager

ForeScout CounterACT lets you create security policies that are right for your enterprise. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.

Visibility

ForeScout CounterACT can identify non-compliant computers – who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:

• Anti-malware agent status (installed/running)
• Anti-malware signature version
• Patch management agent status (installed/running)
• Operating system vulnerabilities
• Firewall status (installed/running)
• Processes and services installed or running
• Registry and configuration
• Applications installed/running
• P2P/IM clients Installed/running
• Peripheral devices (type, make, model)
• Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
• Rogue NAT/DHCP behavior

Compliance Engine

ForeScout CounterACT will detect when devices or users are out of compliance with your security policy. Track down users who are engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including reason for non-compliance and complete details such as location of the device. CounterACT’s built-in compliance dashboard and canned reports let you monitor overall compliance trends.

Policy Enforcement

When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy.

Endpoint Remediation

ForeScout CounterACT includes a wide range of endpoint remediation actions. CounterACT can direct the anti-virus server to auto-update the non-compliant host, or it can prompt the patch management system to update the device’s operating system, or it can disable unauthorized software. The complete range of actions is shown below.

Benefits

ForeScout CounterACT’s automated security control system helps organizations improve security while saving money.

Improve security

• Reduce risk of infection by ensuring that endpoints are properly configured, antivirus is properly running and updated, vulnerabilities are patched, and the latest versions of software is installed.
• Reduce risk of data loss by ensuring that encryption and DLP agents are running properly. Ensure that users are not able to run unauthorized applications or peripheral devices (e.g. USB memory sticks).
• Reduce risk of the unknown. Detect and monitor use of unmanaged devices such as smartphones, tablets, USB interfaces, and printers. Network-based ForeScout CounterACT instantly detects unmanaged devices and monitors their activity for suspicious behavior.

Save Money

• Reduce IT support costs. By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. Large organizations have reported savings of approximately $1 million per year with ForeScout CounterACT.
• Avoid penalties of lost data. A secure network, with secure endpoints, is less likely to lose data. Avoid the regulatory fines and devastating impact to your corporate reputation.

Save Time

• Realtime data and reports show you problems on your network right now, letting you take action while the problem still exists.
• By improving your endpoint security posture, you will suffer fewer infections and avoid time-consuming drills to repair infected workstations.

Avoid disruption

• Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.