Regulatory Compliance
ForeScout's real-time controls and automated reporting help you easily demonstrate compliance with security regulations
Regulatory Compliance
White Paper
Webinar
Overview
Regulatory Compliance
ForeScout’s real-time controls and automated reporting help you easily demonstrate compliance with security regulations
ForeScout CounterACT addresses a wide range of security regulations in industries such as healthcare, financial security, education, and US government/military institutions.
The Problem
Regulatory compliance is a critical concern for many organizations. However, implementing the proper security controls and demonstrating compliance can be very costly.
One thing that increases the cost of compliance is the fact that most security control systems are point-products which apply to just a portion of the IT infrastructure, for example, just Windows computers owned by the organization. When controls are not comprehensive, multiple tools need to be used to cover the entire IT spectrum.
A second driver of high compliance costs is the manual labor and effort required to produce reports. Some of this can be mitigated by specialized GRC reporting tools. However, these tools are only as good as the information that goes into them. If information going into these tools is neither comprehensive nor automated, extra effort must be applied to produce a full compliance report.
What organizations need to minimize the costs associated with regulatory compliance is an automated, comprehensive, real-time security control and reporting system.
ForeScout’s Solution
ForeScout CounterACT is an automated security control platform that lets you see and control everything on your network–all devices, all operating systems, all applications, all users. The comprehensive set of information gathered by ForeScout CounterACT, and the comprehensive controls that CounterACT can apply across your IT environment, help reduce your regulatory compliance costs.
ForeScout CounterACT gives you real-time visibility to everything on your network. Reports help you monitor your level of regulatory compliance and support regulatory audits. Compliance audits that used to take days or weeks can now be produced in hours with real-time accuracy.
Features
Features
ForeScout CounterACT automatically enforces security policies and produces automated, real-time reports that demonstrate compliance. Features include:
100% coverage
Unlike traditional agent-based security systems, ForeScout CounterACT allows you to enforce security policies on every device on your network–known and unknown, managed and unmanaged, corporate and personal.
Policy Manager
ForeScout CounterACT lets you monitor and enforce security policies for your network and endpoint computers in accordance with government regulations. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.
Visibility
ForeScout CounterACT can identify non-compliant computers–who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:
- Anti-malware agent status (installed/running)
- Anti-malware signature version
- Patch management agent status (installed/running)
- Operating system vulnerabilities
- Firewall status (installed/running)
- Processes and services installed or running
- Registry and configuration
- Applications installed/running
- P2P/IM clients Installed/running
- Peripheral devices (type, make, model)
- Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
- Rogue NAT/DHCP behavior
Compliance Engine
ForeScout CounterACT will detect when devices or users are out of compliance with your security policy. Non-compliant computers and/or users will be displayed in the main console, including reason for non-compliance and complete details such as location of the device. CounterACT’s built-in compliance dashboard and canned reports let you monitor overall compliance trends.
Policy Enforcement
When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike first-generation products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy.
Network Access Control
ForeScout CounterACT controls network access based on the user’s identity, the roles that you have defined in your directory, and the security posture of the device.. Guests, contractors, and employees can automatically be given different levels of network access, balancing their needs with the security requirements of the organization.
Automated Reporting
Integrated reports help you monitor your level of policy compliance and fulfill regulatory audit requirements. Compliance audits that used to take days or weeks can now be produced in hours with real-time accuracy.
ForeScout CounterACT helps you meet a wide range of industry regulations, including the following:
| Industry | Industry Regulation Addressed |
| Financial | PCI DSS, SOX, GLBA, FINRA (NASD, NYSE rules; SEC oversight) |
| Education | FERPA, Higher Education Opportunity Act of 2008 |
| Healthcare | HIPAA (access control, data confidentiality, integrity, availability and more), HITECH Act (breach notification) |
| U.S. Government | DISA STIG (Department of Defense requirements for port-based network access control), FISMA, NERC, others |
| Corporate governance | Standards for data security (e.g. protect intellectual property), acceptable use (e.g. block use of smart phones and other unmanaged devices), endpoint and network security, and more |
Benefits
Benefits
Real-time
Real-time information and reporting produces more accurate and timely information than periodic compliance audits.
Comprehensive
Comprehensive coverage (100% of the devices on your network) ensures that you get all the information you need in one report.
Automated
Automated compliance reports save time and effort. Automated remediation ensure that non-compliant systems are brought into compliance without manual intervention..
Non-disruptive
Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.
Save money
ForeScout’s advanced automation allow large organizations to save as much as $1 million per year.
Save time
Realtime data and reports show you problems on your network right now, letting you take action while the problem still exists. And by improving your security posture, you will suffer fewer infections and be able to avoid time-consuming exercises such as repairing infected workstations..
Product Tours
Product Screenshots
Click image to enlarge.
Dashboard
ForeScout CounterACT dashboard shows you compliance trends over time.
Windows PC inventory with missing updates
ForeScout CounterACT shows you in realtime which PCs on your network contain vulnerabilities.
Virtual Client-unauthorized changes
ForeScout CounterACT can identify unauthorized changes to PC configurations or software.
Resources
- Brochure: ForeScout CounterACT Solution Brochure
- Solution Brief: ForeScout-ArcSight Integration
- Success Story: Culpeper County
- Success Story: Patelco Credit Union
- Success Story: London South Bank University
- Video: John Shields, Senior Vice President and Chief Technology Officer, Patelco Credit Union
- Webcast: Getting Through the Compliance Maze with NAC
- Webcast: Automating GRC and Endpoint Compliance with SIEM and NAC
- Webinar: Endpoint Visibility, Control and Remediation Leveraging NAC
- White Paper: Continuous Endpoint Compliance: Integrating Process, Policy and Technology to Preempt Threats and Reduce Costs
