Forescout eyeSegment Recent Product Enhancements
Simplify and Accelerate Enterprise-Wide Network Segmentation
Enterprise-wide segmentation requires a context-driven, multilayered architecture to address today’s broad diversity of device types—regardless of where they connect to the network. Forescout launched its eyeSegment product in November 2019. This cloud-based addition to the Forescout platform simplifies and accelerates the design, planning and deployment of dynamic network segmentation across the extended enterprise.
Recent eyeSegment Enhancements:
Flexible visualization options
New eyeSegment visualization options allow you to quickly narrow your view by drilling down on the specific source group traffic to one or more destinations. They let you zoom in to the eyeSegment Matrix and focus on what is important to you so that you can analyze and investigate a particular traffic pattern in your environment. No matter where you are in the matrix hierarchy, you can instantly create desired eyeSegment policies to segment a specific traffic pattern to protect your business while ensuring business continuity.
Accelerate collaboration using the Sub-Group Matrix
Enable Forescout product admins to share focused traffic maps (mini matrix) with relevant stakeholders in other groups to seek their approval of suggested segmentation policies (for example, medical device owner, app owner).
The Sub-Group Matrix provides a zoom-in view of specific rows/columns/cells, providing a matrix of the selected group and its sub-groups. There is no limitation to continue drilling down into sub-groups after going to Mini Matrix view.
- Sub-Grouping can occur several times until the last group on the tree, the navigation flow, is followed by breadcrumbs on the top of the matrix. Breadcrumbs are clickable, and it is possible to navigate using them.
- A Sub-Group link can be shared with others. Opening the link redirects to the same matrix location with its breadcrumb navigation flow.
There are two ways to get to Sub-Groups:
- Pressing on Source/Destination Group located on the left or top of the matrix representing Group names.
- From the cell Fish-eye menu.
Fish-eye sub menu
eyeSegment’s Matrix is a powerful representation tool. eyeSegment v2.2 release allows you to control configurations directly from the matrix. Each blue dot in the eyeSegment Matrix cell represents a flow between the source and destination groups. Hover over a blue dot to open the Fish-eye cell sub-menu. There are three possible options for Fish-eye:
- Traffic Details provides the same traffic information, can also be accessed by click on the cell
- Sub-Group Matrix zooms into the cell (Mini Matrix View)
- Policy Rules provides a tooltip with the policy rule lists that affects this cell
Ignore Traffic by IP
You can choose to ignore the traffic flows (as shown in the figure) coming to eyeSegment to avoid them from being permanently recorded and stored. This helps you:
- Reduce traffic noise. Eliminate irrelevant traffic from the eyeSegment Matrix (such as traffic from Scanner machines that don’t require monitoring and segmentation) to better visualize, analyze and investigate traffic that matters to your business.
- Exclude traffic to segment. Government entities often have organizational policies, and Healthcare and Financial organizations face regulations that prohibit scanning traffic flows for specific domains or parts of their networks.
When you do not want to ignore traffic permanently, an alternative to filtering traffic in the eyeSegment Matrix is to use the Traffic Filter feature. This lets you filter based on traffic from a specific ‘Source Group’ to a specific ‘Destination Group’ or ‘Service’ type (port, protocol, etc.). You can choose to exclude this traffic or only see filtered traffic in the eyeSegment Matrix. Turning off this temporary filter restores the eyeSegment Matrix to full traffic mode.
For example, you can:
- Filter for VPN Zone to understand VPN communication patterns in your environment to other business groups, as shown in the figure.
- Filter by source group called ‘High-Risk Asset’ to any or a particular destination
- Filter by healthcare protocols, for example ‘DICOM’ to any or a particular destination
Matrix Settings, Delete Traffic and Ignored Traffic features are not available at the top menu of the eyeSegment Matrix for view-only roles.
When creating segmentation policies, eyeSegment helps you avoid creating conflicting policies by intuitively visualizing the configured policy.
Quickly identify conflicting policies in the eyeSegment Matrix and drill down to the policy set to modify and eliminate conflicts.
Export Traffic Data to CSV file from eyeSegment
From cell traffic details, there is a new ability to export traffic flows to a CSV file.
In addition to filtering options in the eyeSegment web interface, you now have the option to use the Export to CSV feature to download the complete set of data to sort, further analyze and investigate group-to-group traffic patterns in your environment. This feature can help your team collaborate with various stakeholders in the organization by sharing detailed information for further analysis.
Role-based Access Control
You can now enable role-based access control to the eyeSegment console to assign a different access level to users logging in to the console:
- Administrator. This access level provides full control of configuration and view to the administrator role.
- View Only. Limited or restrict access to eyeSegment features so users with a ‘View’ role can only login and understand existing configurations and policies. They can also filter and drill down into the eyeSegment Matrix to investigate issues, but cannot edit or create Policy Rules.
Option to Share Traffic Context with Forescout
You now have the option to share the traffic context with Forescout (Enabled by default) or disable this checkbox to avoid sending traffic context to Forescout.
These enhancements help our customers in different verticals to address variety of different use cases so customers can:
- Understand traffic context and resource requirements to build segmentation policies
- Use a single business policy layer that spans the extended enterprise environment
- Reduce the risk of business disruption by continuous monitoring and validating enforced controls
- Reduce operational costs by simplifying policy management and automating control enforcements across different technologies
- Maintain compliance and regulatory posture by rapidly adapting and monitoring required changes
Implement Enterprise-Wide Network Segmentation with Forescout eyeSegment
Register for our upcoming webinar to learn more about Forescout platform, tools and best practices to help you efficiently plan and implement your network segmentation projects so you can move forward with confidence.