SolutionsPhoto

SOLUTIONS

Case Studies

Network Access Control

Intrusion Prevention

Vulnerability Assessment

Network Info Database

Regulatory Compliance

Product Tests & Reviews

Information Security Magazine: CounterACT Network Access Control/IDP Product Test

Enterprise Security Solutions

Network Access Control (NAC) and Intrusion Prevention (IPS)


Traditionally, enterprises have had to balance a user's need to access network resources with the need to protect the network from security threats. If security increases, by default access would be limited and productivity would be impacted. But if the network were left open, users could gain access but created a vulnerable opening for threats to enter the network and wreak havoc... which would severely impact productivity and network operations.

ForeScout alleviates the balancing act between productivity and security.


ForeScout's enterprise-class security platform combines clientless network access control solution with a built-in intrusion prevention engine. By coupling these crucial functions into one integrated appliance, ForeScout provides network administrators with the tool needed to ensure the network is protected while managing access of known users and network guests.
ForeScout provides maximum productivity and maximum security in a single appliance by focusing on two separate but equally critical network security challenges: controlling access and preventing intrusions including zero day threats. ForeScout's solution protects networks with:

  • Clientless Network Access Control

    ForeScout's solution delivers clientless network access control and policy enforcement without the need to install a client on any endpoint (i.e., laptops, desktops, VoIP phones, PDAs, printers, etc.). Because there is no need for a software agent of any kind, the system is completely transparent to the end user unless a policy violation is detected. ForeScout's CounterACT appliance provides a full range of enforcement options which focuses on keeping users productive while surgically addressing the policy violations. This also allows for the automatic handling of visitors/guest to the network.

    CounterACT controls network access based upon predefined policies of acceptable state (i.e., OS patch level, current anti-virus, etc.), ensuring all devices connected to the network meet corporate security criteria. This is done both at the point of connection and through continuous monitoring while connected to the network, and is a key component of securing data from breach and an important aspect for regulatory compliance.

    Learn more about ForeScout's Network Access Control »

  • Intrusion Prevention without Signatures

    Controlling access is only a partial solution. In order to allow users to gain access and remain productive, the system needs to be able to ensure that devices are not going to damage the network with known or zero day self-propagating malware contracted while the user was away from the network or connected remotely. ForeScout's CounterACT appliance is the only solution to provide the flexibility and ease-of-use of clientless network access control with a signatureless intrusion prevention engine.

    Self-propagating malware is fast moving, destructive, and an ever changing threat to networks worldwide. Because propagation does not require human involvement, zero-day threats are able to quickly bypass first layer defenses and can spread much faster than conventional attacks. Self-propagating code armed with malicious payloads has the potential to disrupt network operations, corrupt data and steal or destroy intellectual property.

    ForeScout's intrusion prevention uses Active Response™, a patented methodology that detects and protects networks from the ever growing threat of "zero-day" self-propagating malware, hackers and internal espionage. This is accomplished without human interaction or any form of signature/pattern file update.

    Learn more about ForeScout's signature-less Intrusion Prevention »

  • Vulnerability Assessment

    Vulnerabilities are intrinsic even to the most secure enterprise networks. Whether it is a discovered vulnerability in the operating system or a service opened by an employee download, passive threats create weaknesses in network defenses. These vulnerabilities include backdoor services like the MyDoom virus, a Sasser-spread rootkit or unwarranted services like a rogue FTP or DHCP servers.

    ForeScout's Vulnerability Assessment module continually scans the network and probes devices for potential threats. When a potential risk is identified, ForeScout's security platform deploys a virtual firewall around the device to prevent its vulnerability from being exploited.

    Learn more about ForeScout's Vulnerability Assessment »

    Learn More


    Click below to learn more about ForeScout's network security solutions:

Print Page

Free White Papers

"CounterACT: Network Access. Controlled."

More White Papers

View Webinars

"Client vs. Clientless NAC: Which One is Right for You?" featuring Jeff Wilson, Infonetics Research

More Webinars

Product Datasheets

Download Datasheet Download: ForeScout's Network Access Control Solution Brochure

More Datasheets

Acclaim

"It's well known that complexity is the enemy of security, so any product that can add a layer of security in a very simple way, with virtually no administrative overhead, is worth a look."

J.P. Vossen, Technical Editor, Information Security

© 2008 ForeScout Technologies. All rights reserved.