Visibility is foundational to cybersecurity. After all, you can’t secure what you can’t see. Therefore, it’s understandable that, these days, many cybersecurity companies claim to provide “visibility.” A problem for those shopping for cyber tools is that many “cyber solutions” can sound the same. How are you supposed to truly distinguish what’s what with all the amazing marketing gurus out there polishing everything up? All the sales folks can even sound alike now!
Let me take a minute and explain how ForeScout’s approach to visibility separates ForeScout CounterACT® from the rest of the herd. I’ll break it down in actual technical details, no marketing speak.
First and foremost, there is no better and more comprehensive way to know what is on your network than by talking directly with your network. You need to see every MAC address and IP address on your switches, routers, wireless access points, virtual private network (VPN) concentrators, and firewalls. If you are just using modified ping sweeps to scan segments of your networks, running point-in-time scans or only tapping your networks (via a Switched Port Analyzer (SPAN) for instance), then you will not capture everything. Many devices won’t respond to pings and scans. Many are segmented off virtual local-area networks (VLANs) where you can’t SPAN or gain access by putting an agent on that subnet. Based on my experience, agents also tend to break on 10-15 percent of managed devices. That may not sound like much, but in a large enterprise, that’s equal to thousands of blind spots & holes in your security. ForeScout CounterACT can help ensure that information you get from the other tools utilized on your network is more complete and/or accurate.
ForeScout employs many methods to discover endpoints connecting to your network to illuminate blind spots. Methods include:
- Poll switches, VPNs, wireless access points, controllers and firewalls
- Receiving an SNMP traps from switches and wireless controllers when devices connect
- Ingesting and monitoring Netflow
- Monitoring (and optionally terminating) 802.1X requests
- Monitoring DHCP requests
- Ingesting and monitoring SPAN/TAP
- Querying public & private cloud APIs
- Importing data from external databases
- Using an optional agent
Seeing what’s on your network is just the first step toward in-depth visibility. True visibility goes far and beyond just a MAC address, IP address and hostname. When you look at the ForeScout console to see the devices connected to your network, you’re getting rich, contextual data to build your security framework upon.
You’ll be able to see the connected devices classified by function—by operating system, vendor and model. In addition, you’ll see granular details: where on your network they are connected (switch/port/VLAN, Wireless Access Point/service set identifier (WAP/SSID), vSwitch/port group, etc.), who is logged into the machine, the applications installed/services and processes running, vulnerabilities they may have, missing patches waiting to be installed, external devices connected (via USB)—including what those devices specifically are—open ports on the device, missing agents from other IT and security products and much, much more. The more security tools you integrate ForeScout with, the more rich contextual data you have in a single console. You’ll have one big, comprehensive inventory as the foundation to build upon for policy-based network security enforcement.
When you have ALL that data available in a single security tool, you are finally getting REAL visibility to base your security framework on. With this data, you can automatically segment the proper devices where they’re supposed to be (especially non-traditional Internet of Things devices!), block the rogue systems and see the health of managed endpoints to improve compliance with software, patches and vulnerabilities. This allows you to automate access control, remediation and fill in gaps with other IT/security tools to get an integrated (vs siloed) security architecture!
Accurate visibility. That’s ForeScout’s way of keeping security real.
Contact your local ForeScout rep, or myself at Tamer.Baker@ForeScout.com, to hear more and see it for yourself!