Blog

Forescout “excels in ICS asset visibility” according to the Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, 2021

Daniel Trivellato , VP Product & Engineering | November 4, 2021

“Forescout’s eyeInspect product has the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers.”

Forescout is proud to be recognised by Forrester in its inaugural Industrial Control Systems (ICS) Security Solutions Wave, 2021. The ability to cover the most ICS protocols allows us to provide the best visibility compared to any other vendor, making the Forescout platform the solution of choice for any organization struggling with ICS asset visibility. We also provide unique insights and operational value to OT engineers, and we pride ourselves in having preserved this OT-specific value and DNA throughout these years.

We believe that OT assets and networks should not be viewed in isolation. In recent malware and ransomware campaigns, attackers exploited weak device security posture, such as default credentials, vulnerable services and lack of segmentation, and the use of IT systems as the entry point.

To prevent attacks to IT systems from affecting and damaging OT systems, organizations had to resort to shutting down OT networks entirely. This has serious consequences from both financial and societal perspectives.

To secure OT networks, organizations need to gain visibility beyond their OT environments and tighten security across the entire enterprise. Without an enterprise-wide cyber defense, industrial enterprises are increasingly becoming targets of extortion. The Forescout platform’s ability to identify all device types – IoT, OT, IIoT, IoMT and IT – and act to contain threats is unique in the market and is fundamental for a successful cyber security strategy.

The Power of a Comprehensive, Automated Security Platform
Visibility is the foundation of all cyber security programs, and for 20+ years Forescout has been focused on this fundamental principle; but visibility without the ability to respond does not prevent attacks and breaches. Recent ICS incidents have validated that today’s threats require ICS asset owners to mature beyond visibility and detection into semi-automated (man in the loop) or fully automated response. That’s why we have built a platform that combines complete visibility with:

  • Real-time and continuous assessment of risk and compliance, including rich, configurable dashboards and exportable reports, and risk scoring with clear, realistic recommendations to reduce inherent risk
  • A dedicated solution to design and enforce segmentation policies, reducing the attack surface and blast radius
  • The ability to automate workflows and execute agentless actions for all managed, unmanaged, and third-party endpoints such as network access control, compliance enforcement, and incident response

Traditionally, organizations make use of several technology vendors to provide specific cybersecurity capabilities. Forescout understands the importance of those investments and works in collaboration with asset management, endpoint security solutions, vulnerability assessment tools, SIEM and ticketing systems via powerful bi-directional information exchange. This maximizes the value of every individual solution and automates many operations that customers need to perform manually today.

Forescout’s ability to discover all device types, assess risk, ensure compliance, and provide governance collectively with existing tools is what makes the Forescout platform the only option to provide active defense in today’s Enterprise of Things.

Future development coming in 2022
Forrester also provided feedback on things we need to develop further in our solution to ensure our platform remains world class. The good news is that these are all areas in which Forescout was actively investing already and will be delivering shortly.

One area of investment is threat intelligence and incident response, where Forescout starts with a big advantage. Forescout has access to millions of device fingerprints from over 3,800 customers worldwide, many of which are part of our Device Cloud. This intelligence was key for us to perform vulnerability and threat research such as Project Memoria, which helped Forescout raise awareness about vulnerabilities in common TCP/IP stacks.

We used the insights from Project Memoria to distribute new intelligence and detection capabilities to our customers and began engineering efforts to turn our Device Cloud into the Forescout Threat Intelligence platform. This will be used by both Forescout and the security community to share intelligence, predict threats and proactively provide customers with detection and incident response playbooks to keep them secure. While we were not ready to disclose this effort at the time of the Forrester evaluation, the first outcomes are just a few months away.

For further details and to download a copy of the report.