Device Visibility and Control: A SANS Perspective on Forescout 8.1
As digital transformation continues, organizations are rethinking their security strategies, with a renewed focus on complete visibility into every device connecting to extended enterprise networks. This first step toward understanding and mitigating risk, visibility is also the foundation for safety, availability and uptime in operational (OT) networks.
Add to that new Internet of Things (IoT) and information technology (IT) devices connecting to these interdependent networks in droves, digital transformation success demands a holistic approach. With the release of Forescout 8.1, security leaders gained unified device visibility and control across campus, data center, cloud and OT. Alongside extensive auto-classification for medical, industrial and building automation devices, rogue device detection and OT vulnerability assessment, updates included visibility into Microsoft Azure, Cisco ACI and Belden switching environments.
Putting Forescout Device Visibility & Control to the Test
To get an objective view of this latest release, we asked Don Murdoch, a SANS community instructor specializing in incident response and security operations, to take the Forescout device visibility and control platform through its paces and share his thoughts on where it brings the most value to security and operations teams. One of his key takeaways was:
“Forescout tackles the requirements of modern enterprises and IT leaders who need to empower their teams and want to get ahead of the proliferation of network-aware devices.”
In his review, titled “Device Visibility and Control: Streamlining IT and OT Security with Forescout,” Don shares several ways the Forescout platform would help security teams reduce risk and improve operations. Four problems he highlighted as especially relevant to his past experience, and that Forescout would have helped him solve, were:
- Inability to discover and classify assets network-wide
- Users with elevated access (local admin) disabling security tools
- Users connecting unauthorized devices to the LAN
- Scattered infrastructure staff and numerous systems
A Comprehensive Review: Areas of Focus
The report is organized into five major categories: classification and asset management, risk assessment and device compliance, automating controls, orchestration through integration, and finally, enterprise-scale and flexibility. Don uses plenty of real-world examples and visuals of the interface to demonstrate how he would use the product. He describes the interface itself as, “So well designed that one can get the impression that the system is “simple” – even though its capabilities and features are deep and rich.”
Dashboard’s Customized Views of Network-Connected Devices
Spotlight on Segmentation
Within the ‘automating controls’ section, Don investigates network segmentation. This topic is especially relevant today as organizations struggle to implement segmentation as the volume and diversity of devices connecting to enterprise networks continue to grow. Acknowledging that many of these devices cannot be secured with agents, Don suggests that “Forescout’s classification and control automation allows analysts to segment IoT devices into their own zone, thereby ensuring only credentialed users can access IP cameras and that the IP cameras talk to only DVR recorders. Because Forescout integrates with leading switch and NGFW vendors, it provides flexibility to enforce segmentation at multiple network layers based on the network design.”
Read the full report and discover, as Don concludes, that, “The Forescout platform is a strong addition to the infrastructure stack for the enterprise.”
