Network segmentation has become a valuable tool to protect data and manage the attack surface during any cybersecurity incidents. It’s also a critical component of Zero Trust programs and organizations’ ability to maintain compliance amid numerous regulations being introduced by governments and industry bodies. Yet, enterprises should not hesitate when it comes to implementing network segmentation. The incidents we saw months ago – such as Colonial Pipeline and others – will repeat themselves. That’s why it’s time to accelerate adoption and deployment of network segmentation technologies.
Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) opened a public comment period for its Zero Trust Maturity Model that recommends government agencies adopt zero trust cybersecurity principles and adjust their network architectures accordingly. Although this is directed at agencies, it’s equally as important to the private sector to take proactive steps, which can start with network segmentation.
When organizations gain visibility into everything connected to the network, including IoT and OT devices, they can start understanding how to apply decisions on who and what has access to company information or applications. Knowing what and who is on the network will enable enterprises to segment with confidence.
To support organizations with their zero trust initiatives, Forescout is announcing today an expanded set of network segmentation capabilities on the Forescout platform that will provide end-to-end visibility and real-time analysis to automate risk mitigation and policy management.
The other byproduct of these new capabilities is a clear path from managed network access to full Zero Trust. Organizations will now be able to take a more proactive stance in combatting threats posed by all devices. A clear path to execute network segmentation is imperative, and embracing these three principles will lead to the most successful network segmentation outcomes:
- Understand their business requirements
- Know what is on the network and how it communicates
- Visualize traffic flows
Forescout’s platform with the newly expanded set of network segmentation capabilities enables organizations to experience these successful outcomes and more. Here’s how:
- We’ve worked in lockstep with our customers to operationalize the Forescout platform todynamically model a company’s device policy and simulate requirements before it is used on the customer’s actual network
- We’ve developed the most flexible policy language that allows Zero Trust and threat-focused rules to reflect the business intent without the constraint of individual technologies
- Our device behavior rules provide the option to create automated policies and segmentation rules to enable real time assessment and limit the impact of an attack
- Our visualization tool provides context-aware mapping and visualization of traffic flows to allow security teams to easily build, test and monitor policies
- The inclusion of a new traffic matrix helps companies identify policies and device compliance, increasing an organization’s reaction time
Many of our customers, including leading utility company South Central Power, are already leveraging and benefiting from the new capabilities on the platform.
“The ability to logically define segments, as opposed to physically defining them, accelerates visibility into behavior. As soon as we saw and understood the power of the Forescout platform to bridge visibility and control security gaps and to noninvasively rectify segmentation shortfalls – we knew that it was the platform we were looking for,” said Jeff Haidet, manager of application and security, South Central Power
Forescout’s 20+ years of device intelligence has allowed us to get ahead of and solve incredibly complex security challenges like these and enable our customers to be the beneficiaries by providing them easier pathways to execute. And we’re not slowing down.
To learn more about how enterprises can accelerate their network segmentation execution, click here.