ForeScout | Access Ability

Overview

Government agencies choose ForeScout for Visibility, Control and Automation

ForeScout CounterACT is a powerful, plug-and-play and agentless network visibility and control automation solution that is ideally suited to help Federal agencies control network access, protect sensitive data, and comply with Defense standards, guidelines and best practices.

ForeScout CounterACT address the advanced network security requirements that many U.S. government agencies require, including:

1. Port Authentication. The requirement for port authentication is contained in the Security Technical Implementation Guide (STIG) that is published by the United States Defense Information Systems Agency (DISA). This document states that all DoD networks must control access at the switch port leveraging protocols such as 802.1X.
2. IAVA Compliance. The United States DoD must comply with Information Assurance Vulnerability Alerts (IAVA) that are identified by the DoD-CERT, a division of the US Cyber Command.
3. Rogue Devices and Applications. Many defense organizations have restrictions against the use of USB memory sticks and peer-to-peer (P2P) applications.
4. Continuous Monitoring. The Federal Information Security Management Act (FISMA) of 2002, OMB policy, and the implementing standards and guidelines developed by NIST require a continuous monitoring approach. Continuous monitoring is a systematic approach to determine if the deployed security controls within an organization are effective over time in light of the inevitable changes that occur.

 

 

 

Wallace Sann, ForeScout Federal CTO, speaking at Cybersecurity Symposium in Washington, DC in February 2013.

 

 

ForeScout CounterACT’s military-grade security protects many of the network infrastructures of the DoD, its military contractors and suppliers. In 2011, ForeScout achieved the industry’s highest level of security certification for a Network Access Control (NAC) solution involving assurances from the EAL 4+ level. ForeScout CounterACT is also included in the DISA UC APL demonstrating that CounterACT met the government’s high standards for security, ease of use and deployment, low end-user impact, and interoperability with existing remediation solutions and infrastructure agnostic requirements.

Much of ForeScout’s success is based on CounterACT’s ability to see every IP device connected to the network, control all connections down to the point of entry, and provide policies to enable and enforce security processes and standards. Enforcement actions can range from VLAN assignments with or without 802.1X firs being deployed, port-based ACL and/or a virtual firewall.

Recently named as a Leader in Gartner’s Magic Quadrant, ForeScout CounterACT‘s policy-based security platform for endpoint compliance automation can help Government IT organizations to create, monitor and enforce endpoint security policies in accordance with DISA STIGs and CJCSI directives. ForeScout CounterACT helps streamline and automate processes at every phase of the endpoint compliance lifecycle enabling IT organizations to satisfy CCRI audit requirements, or other audits, and achieve a level of continuous compliance with minimal effort. CounterACT also helps organizations comply with internal government regulations such as FISMA and NERC.

ForeScout effectively addresses the unique network security challenges that government agencies face, including:

• Size. Large numbers of devices, spread over wide geographies.
• Dynamic. Government agencies often need to connect their networks to other public and private networks that are not completely trusted.
• Heterogeneity. Because of government bidding requirements, government networks are typically comprised of equipment from multiple vendors.
• Shared resources. Government agencies will often share their office space with other agencies and non-governmental entities. Physical control of the environment might not be possible.
• Heightened need for security. State secrets and other highly confidential information must be protected.

All government agencies must look for opportunities to drive down costs and improve security wherever possible. Many government agencies in Federal and supporting contractors use ForeScout CounterACT to accelerate “connect to comply” strategies, strengthen security enforcement, and prove regulatory compliance. ForeScout CounterACT delivers real-time visibility and control of all devices on the network. CounterACT, a Common Criteria EAL 4+ solution, provides network access control, endpoint compliance, and threat control, all in one automated system.

ForeScout Wins Homeland Security Award from Government Security News

“ForeScout helps government agencies at the federal, state and municipal level meet the numerous access control and continuous endpoint compliance requirements with an agentless, easy to deploy and scalable solution. To be recognized as a security leader among the government community is truly an honor. As the federal government embarks on its continuous mitigation and diagnostics efforts, we welcome agencies’ commitments to ForeScout for help in meeting advance port control requisites, real-time asset management, and endpoint compliance objectives, ” said Niels Jensen, vice president of federal sales at ForeScout.“
Click here for more information.

Benefits

Strong Security

• Comply with requirements and mandates, such as DISA STIG, FISMA, etc.
• Ensure that unauthorized users are not on your network. Complete visibility across the enterprise.
• Reduce risk of data loss by ensuring that encryption, whitelisting and DLP agents are running, users are not running unauthorized applications or peripheral devices (e.g. USB memory sticks).
• Reduce risk of infection by ensuring that antivirus is properly updated and vulnerabilities are patched.
• Block rogue and unauthorized personal devices such as smartphones, tablets, or embrace mobile security with an effective tiered approach to BYOD.
• Identify rogue network infrastructure devices such as wiring hubs, wireless access points, and DHCP servers. Often these unauthorized devices are the source of network instability and outages.

Reduce Costs

• Large organizations have reported savings of up to $1 million per year with ForeScout CounterACT.
• Avoid penalties of lost data. A secure network, with secure endpoints, is less likely to lose data. Avoid fines and the devastating costs of data loss.

Save Time

• Real-time information improves situational awareness and lets you take action while the problem still exists.
• Integration with other security systems, including SIEM (Arcsight, Q1, McAfee ESM etc), anti-virus, and MDM vendors such as McAfee, MobileIron, MaaS360, etc.
• Avoid time-consuming drills to repair infected workstations.

Avoid Disruption

• Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.

Improve Network Stability

• Clientless approach identifies rogue network infrastructure such as wiring hubs, wireless access points, DHCP servers and mobile devices. Often these unauthorized devices are the source of network instability and outages.

Painless Deployment

• ForeScout CounterACT is the fastest, easiest way to gain strong access control, regardless of whether you are planning to utilize 802.1x for authentication and port control.
• ForeScout CounterACT is a simple appliance that installs out-of-band on your network. It requires no software installation. Installation can be completed in one afternoon, full operation including policy enforcement in a matter of days.

Security Assurance

• With EAL4+, government agencies can be assured that the specification, implementation and effectiveness of CounterACT for Network Access Control have been evaluated in a rigorous and standardized manner to meet their security and compliance needs.