Advanced Threat Response
Contain APTs with automated response
IDG Connect: 2014 Cyber Defense Maturity Report for U.S., U.K. & DACH. Download »
Frost & Sullivan Report: "Continuous Compliance and Next Generation NAC"
ESG Report: Optimizing
ForeScout CounterACT Platform Brochure.
ForeScout White Paper: Blueprint for Continuous Monitoring & Mitigation Download »
ControlFabric Technologies Brochure.
ForeScout Company Overview
Gartner Report: "Magic Quadrant for Network Access Control"
CSO Mag Continuous Monitoring Video
Watch Now »
Advanced Persistent Threat (APT) identification isn’t good enough. ForeScout CounterACT™ lets you implement automatic network and endpoint protective actions to contain advanced threats.
Today’s cyber attacks can easily evade traditional security defenses, which are reactive and based on signatures. To effectively detect and block sophisticated threats, new detection systems are needed that do not rely on signatures.
Most advanced threat protection systems simply identify the presence of an advanced threat, issuing an alert that can easily be ignored by a busy IT security manager. A mistake such as this reportedly cost Target millions of dollars of damage.¹ Worse yet, an infection may have already occurred where a breached system lays dormant or moves laterally within your network. Without a system to automatically and quickly react to a security breach, you are leaving the window open for cyber thieves to exfiltrate data or to propagate within your network.
ForeScout products include patented ActiveResponse™ technology that can detect and prevent the propagation of malware or hackers inside your network. ForeScout’s ActiveResponse technology lets you:
In addition, ForeScout CounterACT offers advanced interoperability with advanced threat detection (ATD) systems from vendors such as FireEye and Palo Alto Networks to deliver rapid, automated response to APTs and zero-day threats. When an ATD system suspects that a device has been compromised, it can inform CounterACT which can then take automated actions, such as:
Our Advanced Threat Detection Integration Module provides integration between ForeScout CounterACT and third-party ATD systems.
For even more information about how ForeScout CounterACT fits into Gartner’s Adaptive Security Architecture, read our whitepaper “A Blueprint for Continuous Monitoring and Mitigation”.
¹ SC Magazine, March 13, 2014. “Target did not respond to FireEye security alerts prior to breach, according to report”.
ForeScout’s patented ActiveResponse™ technology blocks both known and unknown attacks without signatures. This unique technology does not require any form of maintenance, so the total cost of ownership is very low.
Here is how ActiveResponse works:
The first step for most network attacks is reconnaissance. In this step, an attacker (either human or automated) gathers information about the network’s configuration and vulnerabilities. ForeScout’s Active Response technology detects this reconnaissance and responds with counterfeit or “marked” information. Any subsequent attempt to use this marked information is proof of malicious intent. This allows ForeScout products that contain ActiveResponse technology to block the attack without the need for signatures, deep-packet inspection or manual intervention.
The following diagrams illustrate how ForeScout CounterACT Edge uses ActiveResponse to identify and stop an attack coming from outside the network. The same principles apply to attacks that originate within the network, which can be detected and blocked by ForeScout CounterACT.
SIRVA, Inc. provides relocation and moving services to organizations and individual consumers around the world. Some of SIRVA’s well-known brands include Allied, Allied International, Global, and northAmerican.
SIRVA’s original IPS system produced many false positives and required a lot of management attention, causing SIRVA’s director of information security, Waqas Akkawi, to look for a new IPS system with that met the following goals:
After a complete evaluation of various ISP products, Akkawi’s team selected ForeScout CounterACT Edge.
“We had very explicit requirements for IPS, and ForeScout CounterACT Edge was able to meet them all. What pretty much sealed the deal is the fact that ForeScout CounterACT enables us to continually monitor devices once they are on our network—something most NAC systems are incapable of,“ Akkawi explains.
CounterACT Edge has allowed Akkawi to retire legacy intrusion detection systems (IDS) from multiple vendors. It has also reduced the load on his Cisco firewalls. “Rather than the firewall being at 50% CPU consumption inspecting all these packets and connections, the firewall is now down to 5% CPU consumption,” Akkawi says. Offloading work from his firewalls has improved network performance.
Click here to read more about how CounterACT Edge helped SIRVA.
Webinars and Webcasts
Blogs and Articles