Network Information Database

One of the most important pieces of information network administrators can have is a complete picture of all network elements and their correlated information. ForeScout's CounterACT appliance not only provides this information, but gives network administrator's the ability to search this information using any piece of information for each element (e.g. IP address). The Network Information Database gives CounterACT the underlying foundation to store all the data it collects, in order to alert administrators and report on network security.

How it works.

ForeScout's CounterACT initiates a discovery process once installed. The appliance populates the Network Information Database with initial topology and inventory information as it observes the data interaction between devices. From that point on, the appliance remains in an automatic learning mode continually updating the database with the most current network information. This information is then correlated and made available via the Network Information Portal or through CounterACT's standard reporting capabilities.

The appliance gains comprehensive data of the network infrastructure and can detect nearly all values, including:

• Network Behavior: Network Policy Violations, Audited Responses, and Self-Remediation Success.
  
  
• User Information: Username, Authentication Status, Workgroup, Email Address, and Phone Number.
  
  
• Applications: Illegitimate Applications, Application Versions, Registry Values, File Size, and Modification Date.
  
  
• OS Integrity: OS Fingerprint, Antivirus Update Status, Missing Service Packs, Un-patched vulnerabilities, and Open Services.
  
  
• Device Information: MAC Address, IP Address Device Type (Printer, Wireless Device, Laptop, PC), and Hostname.
  
  
• Physical Layer: Physical Switch, VLAN, Switch Port, # of devices sharing the port, and 802.1x

Network Information Portal

Within the CounterACT database is a powerful search engine that has the ability to search and correlate all network information. In the case of a security event, like a network access policy violation or self propagating threat, the Network Information Portal provides a complete end-to-end snapshot of the event, what network elements were affected and how CounterACT responded (e.g. quarantine, link to remediation, etc.). The network administrator has the ability to set alerts based to notify when any change occurs. The notification can be in the form of an email/page, SNMP alert to security management system, or generating a report.

Alerting & Reporting

Administrators have the ability to harness the wealth of information contained within the Network Information Database through custom and standard reports. These reports can be generated in real-time or scheduled to be run on a regular basis. The reports can be presented in PDF, HTML, or SNMP, providing an additional layer of flexibility in the way this critical information can be accessed.

To learn more about ForeScout's Network Information Database, contact us for more information.