ForeScout | Access Ability

Overview

ForeScout CounterACT and ForeScout Mobile provide real-time visibility and control over smartphones, tablets and mobile PCs on your network. With our solution, you can let users enjoy the productivity benefits of mobile computing devices while you keep your network safe from data loss and malicious threats.

The Challenge

Gone are the days of standardized PC configurations, all managed and locked-down by the IT department. Now, you are dealing with a multitude of endpoint devices, some owned by the organization, some owned by employees. Increasingly, employees are bringing their own personal devices—PCs, Macs, smartphones and tablets—into the office and expecting to connect them to your network. Some people call this phenomenon the “Consumerization of IT”. Others call it “BYOD”. If you are responsible for security, you call it a nightmare.

Clearly, mobile computing devices introduce security risk. Surveys indicate that IT managers are most concerned about the risk of data loss and infection by mobile malware.

If a user has corporate data on his mobile device, and then he loses that device (or sells it), the enterprise has just suffered a data loss incident. Depending on your local data privacy laws, your enterprise could be assessed with penalties.

Data loss caused by malicious applications is also a risk. When a user installs an app, he grants it certain privileges which may include access to his physical location, contact information, and other data. You can’t control what the app maker will do with this information.

ForeScout’s Solutions

ForeScout offers a range of solutions for mobile security.

ForeScout CounterACT is an automated security control platform that gives IT security managers an easy way to reduce mobile security risks. ForeScout CounterACT provides real-time visibility of personal and mobile devices on your network, limits the network access of those devices, and prevents those devices from spreading malware onto your network.

ForeScout Mobile adds additional capability to ForeScout CounterACT.  ForeScout Mobile comes in two different forms: ForeScout Mobile Security Module provides native integration and control for iOS and Android devices. And ForeScout Mobile MDM Module provides rich integration between ForeScout CounterACT and your existing third-party MDM system.

ForeScout Mobile bridges the worlds of NAC and mobile device management (MDM) and provides security professionals a single pane of glass to manage everything on the network, thus saving time and increasing operational efficiency.

ForeScout MDM, powered by MaaS360, includes all of the essential functionality that you need for end-to-end management of iOS, Android, Blackberry, and Windows Phone devices. ForeScout MDM integrates with ForeScout CounterACT, our flagship network security and policy automation system, to give you unified visibility and control over everything on your network. ForeScout MDM is a cloud-based solution, so deployment is quick and easy.

Features

Easy to deploy.

• Works with your existing network infrastructure
• Has few moving parts. The fewer appliances, servers, and software that you need to install and configure the better.

Managed and unmanaged.

• Gives you visibility and control over both managed and unmanaged devices, without the need to deploy agents

Wide range of enforcement actions.

• Monitor-mode which lets you detect (and report on) policy violations without taking action.
• Notifications which let you send emails or HTTP hijacks to endusers who violate policies
• Restrict traffic to certain portions of the network
• Block network access using a wide range of technologies such as 802.1x, SNMP, ACL management, TCP reset
• Directly enforce policies on the device, such as password, encryption, applications, and remote data wipe

Automated guest registration. Identifies users trying to connect their wireless devices to your network and provides them an opportunity to request permission to use your network.

Post-connect monitoring. Monitor a handheld device after it has been admitted to the network, checking to ensure that it does not begin to behave in a threatening manner.

Benefits

• Increased employee productivity and retention. ForeScout CounterACT and ForeScout Mobile empower workers to use devices of their choice for maximum productivity and employee satisfaction.
• Improved visibility: ForeScout CounterACT lets you identify all devices on your network in real-time, including personal devices without any agents installed. ForeScout CounterACT categorizes devices by type—Windows, Mac, Linux, Apple iOS, Android, Blackberry, printers, etc. ForeScout CounterACT also categorizes devices by ownership, e.g. corporate devices vs. personal devices. ForeScout Mobile provides additional detailed information about managed devices such as configuration, installed applications, and security compliance.
• Better security: ForeScout CounterACT provides two important elements of security, even if you already have other mobile security solutions in place (such as MDM system):

1. ForeScout CounterACT provides advanced network access control (NAC). ForeScout CounterACT can determine the type of device, the ownership of the device, the security posture of the device, and the user identity. Based on those attributes, ForeScout CounterACT can allow, limit, or block access to the corporate network. By ensuring  that only trusted devices (e.g. with encryption, passwords, etc.) and authorized users are allowed access to sensitive data, ForeScout CounterACT reduces the risk that sensitive data will be compromised or lost.
2. ForeScout CounterACT continuously monitors mobile devices to ensure that they do not attack or infect your network. If a mobile device starts to exhibit malicious behavior, ForeScout CounterACT can quarantine the device until remediation can occur.

Additionally, ForeScout Mobile can directly remediate security issues in supported mobile devices, for example: remote wipe; enforce password policy; require apps such as anti-virus, MDM or virtualization; remove or disable native apps such as the camera; and enforce specific WiFi access methods.