Let’s say it’s August and you’re in Rio for the Summer Olympics. Watching the badminton finals was the thrill of a lifetime, but now you’re walking down the street looking for a place to eat when, despite the fact you’re covered in bug spray, something lands on your forearm. Of course it could be something harmless like a ladybug, but it could also be an infected Aedes aegypti mosquito preparing to pass the Zika virus on to you. So, no time to lose, what do you do?
You flatten the thing, and you don’t think twice about it. In fact, you don’t think about it at all, because your nervous system kicked in and sent adrenalin coursing through your body the moment you felt something on your arm, triggering the appropriate, instantaneous, deadly response without consulting your brain.
And that, my friends, is the perfect analogy for what an enterprise security system should do, and what a next-generation network access control (NAC) system actually can do.
Visibility and Control
Nowadays, most IT staffs aren’t able to identify, analyze and remediate devices on corporate networks unless those devices are company owned (managed) and outfitted with agents. However, Forescout can see endpoints of all kinds (managed and unmanaged) as they attempt to access the network and instantly know just about all there is to know about them, answering questions such as:
Who are you? – Is the device user an employee, partner, contractor or guest?
Who owns the device? – Is it corporate-owned, personally owned (BYOD) or rogue?
What type of device is it? – Windows or Mac laptop? iOS or Android smartphone? Virtual machine? Non-user device (IoT)?
How is it connecting? – Switch? Port/PoE? Wireless/Controller? VPN? IP, MAC? VLAN?
What’s the level of device hygiene? – What’s its configuration? Are its software, services, patches and security agent(s) running and up to date?
What’s more, besides being intelligent, CounterACT can take action.
Security that Manages without You
There’s an unknown, possibly infected device accessing your network and you have no clue what it is, what its security posture is and what its motivations are. You need control of the situation in real time—now. That means no time for thinking or consulting with a brain—in this case, your IT security or operations staff. A cyber nervous system is what’s required.
Forescout fits the description. Depending on your policies, when it sees an unknown and potentially dangerous device, it can send a notification to the host or end user (via email or on-screen pop-up) that it is limiting or blocking network access until the device complies with policies, and place the system in a secure virtual local area network (VLAN) until the device is determined safe and compliant. Forescout can even audit hardware and software versions and initiate direct remediation to update applications, operating systems and firmware. Forescout can also integrate with SIEM, endpoint protection, advanced threat detection and other third-party incident response systems to share information and orchestrate policy-based mitigation actions. IT security personnel can be kept apprised of automated actions via the console, email or text message.
So, there you have it. A cybersecurity platform that sees what’s landing on your network and responds according to the seriousness of the threat—neutralizing it if necessary. It isn’t quite as gratifying as smashing a mosquito, but it’s close.
Download ControlFabric Brochure