How Long Is a Piece of String?

Asking the Right Questions Makes All the Difference when It Comes to Classification

It is only natural for us to want to compartmentalize the vast amount of information we process daily into neat, separate bucket—to categorize things in the world into classes. To define by question and answer. However, every now and then we ask a question which doesn’t necessarily make sense in the context of what we are asking about, “how long is a piece of string?”

In a business, CISOs must continually evaluate and categorize security products and with vendors like Forescout, they are able to see how long that piece of string really is.

But, of course, when it comes to visibility people have questions. How many devices does your product see? How does your product see devices? And our perennial favorite: how many devices does your product classify? It is easier to evaluate a product when you have these answers, easier to put into a ‘bucket,’ compare apples to apples, and easier to make an informed decision as to which product to purchase. As the product manager responsible for the device classification capabilities at Forescout, this my “how long is a piece of string?” question.

Any security product which claims to offer device visibility needs to be able to classify devices on the network. Anyone looking at such security products must know what the product does in this respect. So why won’t the question “how many devices does your product classify?” help you compare apples with apples?

Because it doesn’t ask the right question. Is the question being asked in absolute terms, “out of the 20 billion connected devices on the planet, how many of them can your product assign a classification value to?” Or is it being asked in practical terms, “how many different types of devices does your product classify?” The real question that needs to be asked is “how many unique classification values are possible with your product?”

When purchasing a security solution, ask yourself these four questions:

1. What level of ‘bucketing’ do I need from my visibility product? Determine the end goal. Is the end goal is to ensure that no tablets connect to the Wi-Fi, to verify all IP phones are put on a separate VLAN from printers and computers, or to differentiate between the iPad 2 and iPad 3?
2. Which devices are expected to be on my network? For example, a security solution for a retail bank will not care about differentiating between 200 different types of industrial controllers used in the mining industry.
3. What are the capabilities to classify devices myself? Let’s assume that no product is perfect, since they’re not. How easy is it to create classifications and how do these classifications ‘rank’ against those done out of the box?
4. Does the product have the capacity to improve over time and classify new devices in the future?

When comparing products, make sure to ask the following:

1. How many unique classification values can your product deliver out of the box?
2. What is the efficacy of the out-of-the-box classification? I know your product can classify device X, but how do I know it will classify my device X?
3. How many additional unique classification values can your product deliver based on user input?
4. How does your product’s classification capabilities keep up with new devices entering the market?

While it is important to use generic numbers for comparison, dig deeper to make sure the product solves the problems you face.

At Forescout, we push our teams to focus on what matters, and not just what looks good on paper. We classify devices into combinations of:

1. 95 different Function categories
2. Over 180 Operating Systems (including versions thereof)
3. More than 740 different vendors and over 200 different manufacturer families and models

Based on data uploaded to the Forescout Device Cloud, as of July 2018, out of the box, Forescout has successfully classified more than 4 million devices into over 10,000 different device types. We are continuously improving every month, making sure our technology is not limited to classifying known devices, but also those that are yet to be created.

So go on, put Forescout in a bucket—categorize us. We know it’s necessary when making a serious investment in security. Just make sure that you consider the right factors when doing that categorization.