Intelligent Intrusion Prevention™

ForeScout delivers an entirely unique approach to preventing network attacks from "zero-day" threats such as self-propagating malware and hackers/espionage without using signatures, anomaly detection or any form of pattern matching technology. ForeScout's solution has proven its accuracy by detecting in real-time every self-propagating threat to date and has gained the trust of 100% of our customers who use the appliances in automatic blocking mode.

Signature-less IPS - How It Works

Network reconnaissance is the primary means by which human or network worms obtain the knowledge they need to attempt entry. When an individual accesses private, non-public resources without permission, their pre-attack activity is showing their intent. Thus, any unsanctioned reconnaissance presents a high potential for malicious activity and can be used to identify attackers with 100% accuracy.

ForeScout's patented Active Response™ methodology uses a 3-phase approach to accurately identify attacking sources and block them in real time:

Step 1: Monitors for all reconnaissance activity on the network. Malicious source has no network knowledge, must do reconnaissance to find entry points and look for open vulnerabilities.

Step 2: Interacts with reconnaissance activity. Appliances provide marked information to the inquiring source.

Step 3: Proves the intention of the attacker to attack. Monitors traffic for use of marked information proving malicious intent, and blocks connection at the source before a connection is made once the marked information is used to launch an attack.

Why Choose ForeScout's Intrusion Prevention?

ForeScout's patented methodology delivers the protection others can only promise:

ForeScout's ActiveResponse™   Patented Deterministic Methodology		Signature/Anomaly Detection Requires prior knowledge/Heuristics
Zero-Day Prevention		Delayed Prevention
Unprecedented Accuracy		False positives by definition
Automatic Blocking		Limited Blocking
Set and Forget - Low TCO		Significant Management

ForeScout's IPS solution provides accurate, actionable and automated protection against "zero-day" attacks:

• Accurate Detection
  Unlike signature-based systems which are limited by the quality and availability of pattern files, ForeScout's signatureless IPS is 100% accurate. That is why 100% of our customers set their appliance into automatic blocking mode instead of manual blocking required to avoid false positives and disruptions of legitimate traffic caused by signature-based systems.
  
  
• Actionable Data
  ForeScout security platform dynamically integrates with network devices including routers, switches, firewalls, VPN concentrators and trouble ticketing systems to enable immediate containment and recovery from threats. With 100% accurate detection, ForeScout's IPS solution provides actionable data to allow for real-time automatic threat mitigation, based on a range of flexible blocking options defined by the network administrator.
  
  
• Automatic Response
  ForeScout's "detect and protect" mechanism is 100 percent automatic, as it requires no prior knowledge of an attack to protect against "zero-day" threats. ForeScout's IPS solution requires virtually no human management and does not require signature updates, tuning or reading through logs, which significantly reduces TCO. Based on the unprecedented accuracy and seamless integration into all network environments, 100% of our customers set their appliances into automatic block mode, allowing their IT staff to focus on other network management issues.
  
  

To learn more about ForeScout's signature-less Intrusion Prevention solution, download the datasheet or contact us for more information.