Optimize SIEM and Logging Investment

Lowering SIEM TCO and Increasing SIEM Value

“Although many SIEM deployments have been funded to address regulatory compliance reporting requirements, the rise in successful targeted attacks has caused a growing number of organizations to use SIEM for threat management to improve security monitoring and early breach detection,” according to a recent Gartner report.  “There is a danger of SIEM products (which are already complex) becoming too complex as vendors extend capabilities. Vendors that are able to provide deployment simplicity as they add function will be the most successful in the market.” 1

Security information event management (SIEM) / log management solutions provide the means to aggregate, store, manage, analyze diverse event logs source which helps organizations fortify compliance programs and optimize incident response through alerting, reporting, auditing and forensics functionality.   While a security best practice, these tools:

  1. Can be complex and costly to deploy and maintain
  2. Lack real-time endpoint visibility
  3. Lack automated remediation

Learn why ForeScout CounterACT is the most SIEM-integrated network access and endpoint compliance solution in the industry and how CounterACT can address common SIEM / log management challenges.

Simplify SIEM Implementation and Management

Using ForeScout CounterACT, organizations can simplify deployment and on-going use of log / security information event management (SIEM) systems by facilitating logging activation and enabling vigilant monitoring of all logging sources – a crucial part of any successful SIEM program.  CounterACT can identify thousands of known and new endpoint devices, such as business critical servers and virtual machines, as they connect to the network, and can dynamically:

  • Check for the presence and activity of a logging application or service
  • Install or reactivate logging application or service with settings as per device type, configuration and location
  • Enforce or change a logging application or service according to pre-defined configuration policies
  • Manage SNARE (System iNtrusion Analysis and Reporting Environment) open-source agents for Windows, UNIX, Solaris and other operating systems
Gain Real-time Access and Endpoint Intelligence

CounterACT’s support for syslog, SNMP, LEEF, and common event format (CEF) allows any SIEM / logger to capture, retain and analyze events generated from ForeScout CounterACT including real-time network access violations, endpoint compliance problems and mobile security issues. ForeScout’s SIEM Integration Integration Module supplies these integrations via one or more easily-installed plugins.

With ForeScout, organizations can take advantage of CounterACT’s multi-factor device and application fingerprinting that can identify hardware, installed software, running services and processes, open ports and other criteria.   Depending on the SIEM or logging platform, ForeScout can:

  • Send all access and configuration violations to SIEMs / log systems
  • Allow SIEMs / logging platforms to readily incorporate dynamic network location, MAC, IP address, configuration, identity and security posture details of all devices and respective users connecting to and on the network
Take Actionable Response to the Next Level

CounterACT’s threat mitigation capabilities can enforce user/device access policy and endpoint configuration compliance, as well as identify endpoint exhibiting malicious behavior (e.g. propagating worms).  CounterACT can warn the user and provide the means to self-remediation (e.g. install anti-virus).  Additional enforcement methods include device segregation and auto-remediation.   Depending on the trigger and scripting ability of the SIEM / Logger platform, CounterACT can extend reaction options by:

  • Quarantining the offending endpoint to a specified VLAN
  • Attempting to background remediate the issue
  • Removing the offending endpoint off the network

CounterACT network access control (NAC), endpoint compliance and log integration enables security professionals to pre-empt threats while advancing incident response, breach forensics and compliance tasks.

 

See how ForeScout CounterACT can simplify your SIEM deployment and implementation, lower ongoing administrative costs, enhance endpoint intelligence and extend SIEM response capabilities.

(1) Gartner, Inc., “Magic Quadrant for Security Information and Event Management,” May 12, 2012, by Mark Nicolett and Kelly M. Kavanagh.