On a cool, spring morning at the Marine Corps Base Camp in Lejeune, North Carolina, the sound of Marines training pierced the air repeatedly. But in a nondescript conference room located in the communications complex a game-changing event was about to happen. In walked the G6, who greeted his directors and the 12 engineers seated by name and proceeded with spelling out a critical challenge he had for the team.
The challenge? The Marine Corps wanted a baseline security, asset management, application management and compliance reporting tool that would function in real-time and give it comprehensive visibility into all of the endpoints on its network and help secure them. After comprehensively testing multiple network access control solutions on the market, they discovered Forescout. Using Forescout solutions the Marine Corps began to roll out Comply to Connect (C2C).
C2C would function like this: When an end device of any kind plugs into the network, Forescout was able to “See It, Control It, and Orchestrate” a series of actions based on the Marine Corps’ pre-defined security policies. At the initial phase of C2C, the Marine Corps estimated it had no more than 4,000 endpoints on its network, but Forescout’s C2C revealed almost 6,000 endpoints representing a wide range of devices!
The best-in-class solution not only discovered the unmanaged endpoints on the Marines Corps’ network but classified them, analyzed their threat capability, ran up-to-date antiviral and antimalware scans, patched them to compliance, and routinely tested the host-based security system. If any aspect of these endpoints were out of compliance, the solution would automatically issue a ticket, and contact the user via pop-up notification.
The desired end state was a 99.9% secure network, with See-Control-Orchestrate as the baseline and Mitigate-Validate-Report as a result – in a real-time, automated process. C2C was helping to making this a reality.
For more information, here’s a webinar discussing C2C, as well as a Fireside chat with my colleague Dean Hullings. Also, be sure to check out part 2 and part 3 of our Comply to Connect series.
Tony
