Chapter 3: The Counter(8) Attack
Previously on Internet of Stranger Things we discovered the beautifully innocent Eleven. A girl who could mentally see and control objects without having to touch them, but we quickly learn that there is more to destroying the Shadow Monster than just visibility and control. We need the help of others to close the gate of threats that infiltrate our environment. Eleven is instrumental, not only because of her abilities, but to orchestrate the right attack resulting in eventual closing of the gate and destruction of the shadow monster. The shadow monster that exists in our technology Upside Down world will not be destroyed with a silver bullet. We can detect and block known attacks at the perimeter, secure and encrypt our endpoints, monitor every log in our environment, continually scan our network for vulnerabilities, and encrypt things most precious to us, but the bottom line is…those solutions don’t work unilaterally. Each offers its own value, but none is the silver bullet, just like Joyce needed Hopper, who was helped by some teenagers, who was assisted by Bob the Brain, who was helped by Dr. Owens, etc. It wasn’t a single solution that resulted in the peril of the monster, it was a calculated, orchestrated attack leveraging every resource available. What makes Forescout Technologies such a powerful solution? Well, it’s not just the Fabergé Organics and four puffs of Farrah Fawcett spray, no… it’s our ability to see, control, and orchestrate a defense leveraging your existing security portfolio working in unison to create a calculated attack against the monster that exists in our IT and OT environments. Here’s a snapshot of how we kill the beast.
Integrate with Endpoint and Vulnerability Solutions
Think about your endpoints. Sure, we have an endpoint security solution in place, but when our corporate device plugs into the network do we know they’re compliant? Do we know they’re up to speed on OS patches and vulnerability scans? With CounterACT 8 Forescout can initiate a scan, a patch, or take other actions with your endpoint solutions to ensure corporate devices meet your network compliance requirements (e.g. GDPR, SANS, PCI, NIST, etc.).
Integrate with your NGFW
What about Indicators of Compromise discovered by your NGFW? In Stranger Things, when someone attempted to do something they weren’t supposed to do Eleven would simply look at them and say, “no.” With CounterACT 8 Forescout can create a calculated plan to shut down ports on switches using knowledge gathered by our vendor partners.
Integrate with your SIEM and CMDB
With CounterACT 8 Forescout can send endpoint compliance information to your SIEM or CMDB for correlation with other network security events. Just like Bob the Brain was able to take a bunch of crayon scribbled paper to create a map, Forescout can help make your Security Information and Event Management and Configuration Management Database smarter.
The bottom line is, when looking for the Shadow Monsters on our network, there is a lot of ground to cover. The good news is, there is more help available to find and fight the monster than just guns, fire, a wrist rocket, and baseball bat. Today’s security tools are more robust, more complete, and more effective than anything we have ever seen, but each tool has its niche. Coordinating a planned attack by integrating solutions throughout your environment is key to completing a sound security posture. With CounterACT 8 our customers recognize the benefit of leveraging the best of breed solutions to coordinate an orchestrated attack to close the gate and destroy the monster invading their environment. But don’t take my word for it…check out what our customers are saying.