In Part 1 and Part 2 of this blog series on Comply 2 Connect (C2C), we walked through how ForeScout’s C2C solution performed in comparison to other network security solutions in demos at several military agencies. In this blog post, we will focus on the results the Marine Corps experienced using the C2C-based solution, ForeScout CounterACT®, at Camp Lejeune to gain network visibility. This ultimately helped the Marines identify and secure the endpoints on their network.
CounterACT is based on the premise that if you can’t see it, you can’t fully determine the risk posed by undetected devices. The ability to “see” devices, including non-traditional endpoints, the instant they connect to the network cannot be overemphasized. This first step helps agencies perform the important task of categorizing these devices. Using CounterACT, the Marine Corps found more than 6,000 devices (compared to the approximately 4,000 managed devices it originally thought it had), over 3,000 apps, 9,762 computer assets, 2,396 network infrastructure assets, and 1,978 printers – a significant number of which the Marines did not realize were plugged into the network and which could potentially compromise its overall security.
These were devices other network access control solutions wouldn’t have been able to find because they represent a cross-section of devices, including IP-based camera systems, industrial control systems, supervisory control and data acquisition (SCADA) systems, terabyte servers, radio frequency identification and wireless devices – and anything that drew an IP address. Even unmanaged devices that didn’t have Microsoft Operating Systems were captured, and CounterACT automatically identified, classified, and conducted threat analysis on them.
In a Bring Your Own Device (BYOD) and Internet of Things (IoT) era, CounterACT can do this without requiring an agent on networked devices. This agentless approach addresses the challenge agencies have of being able to “control” – the second step – access to data by specific devices or user profiles. As the foundation to ForeScout’s C2C, CounterACT’s automatic and continuous monitoring of agency-owned and unknown endpoints is a reality. The automated process helps determine risk of devices as they appear on the network, and allows or denies access based on the agency’s policy. It can also “orchestrate” – the third step – a series of actions (across various security management tools, if needed) kicking off mitigation. Additionally, CounterACT patched third-party security agents or prompted endpoints to launch system patches where needed.
The installation process couldn’t have been easier. All of the above – from pilot to production – took place within a two-week period. The primary objective was optimal network access control that would allow the Marines to determine and mitigate IT risk based on their specific network security needs and policies. Along with increased network visibility and protection, CounterACT permitted the Marines to accomplish this with minimal human resources, capital or overall capacity – on par with private industry best practices.
The Marine Corps use of C2C has led to a 25 percent reduction in touch labor previously spent on manually patching systems and helped free those resources to facilitate proactive cybersecurity tasks, providing up to 99.9 percent security compliance. In an increasingly attack-prone cyber environment, it’s great news that both defense and civilian agencies have access to federally compliant, leading-edge cybersecurity solutions such as CounterACT to help defend their technology assets.