This alliance combines the dynamic endpoint visibility, profiling, access control and remediation capabilities of ForeScout CounterACT® with several FireEYE® products to provide security against zero-day threats and produce indicators of compromise (IOCs) to help ensure that threats are remediated before the endpoint is allowed on the network. Joint capabilities are made possible through the following Extended Modules that enable threat intelligence sharing:
ForeScout Extended Module for FireEye HX: FireEye HX detects malicious endpoints with advanced threats and IOCs. ForeScout CounterACT isolates the malicious endpoints to stop lateral propagation of threats. CounterACT also stores and leverages IOC information from FireEye to scan endpoints that are attempting to connect or are already connected to the network for the presence of infections.
ForeScout Extended Module for FireEye EX: FireEye EX scans for phishing emails as well as malicious software attachments. If a threat is detected, FireEye EX prevents it from entering the network. After analysis, FireEye produces IOCs and shares the threat intelligence with CounterACT and the FireEye Threat Prevention Platform. Shared threat intelligence allows FireEye EX to scan for known vulnerabilities within arriving email. It also allows CounterACT to identify existing threats on endpoints as they connect to the network and take the appropriate actions based on corporate policies.
ForeScout Extended Module for FireEye NX: FireEye NX uses sandboxing techniques to identify zero-day threats and informs CounterACT® about infected devices and IOC threat severity. CounterACT uses this information to enforce policy-based actions, including isolating devices, initiating remediation actions and scanning other devices to minimize threat propagation. CounterACT stores the latest IOC information in its database, scans devices attempting to connect to the network and performs remediation actions before the endpoint attempts an outbound call.