1 2 3 4 5 6 7 8 9 10
Third-Party-Whitepapers_Icon datasheet smart-tv white-papers videos tech-notes solution-briefs infographics case-studies brochures awards reviews podcasts guides

Forescout

Government

You are a prime target for cyberattacks that disrupt operations.

We enforce your policies to enable full compliance & cyber readiness.

Learn More

Latest Research

research-icon

Locate and Remove Prohibited Devices

Quickly identify prohibited devices such as Kaspersky, Huawei and ZTE that pose security risks.

Tools

Press Release Icon

Comply-to-Connect: The Basis for Cybersecurity

The cybersecurity challenges facing government agencies are more complex than ever and demand comprehensive solutions capable of securing networks, devices and data.

There’s one thing universal among all government agencies.

It’s the necessity to continuously improve security and prove compliance. Forescout helps government agencies at the federal, state and municipal levels meet the numerous access control and continuous endpoint compliance requirements with an agentless, easy-to-deploy and scalable solution.

How Forescout Helps

Local, state and federal government agencies are prime targets for hackers, whether politically motivated, seeking information they can sell, or simply engaged in mischief. By providing secure network access for a wide range of devices and user populations, the Forescout platform helps government agencies protect their confidential data and support their compliance efforts with mandated policies and regulations such as FISMA, NERC, ISO/IEC 27001 and the GDPR. Forescout can:

  • Identify endpoints on a network, including unmanaged and rogue devices
  • Automate security and compliance policies, reducing the time to detect and resolve incidents–or prevent them altogether
  • Provide a comprehensive platform to empower potentially underperforming legacy IT investments

Government Solution Brief

As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks.

READ

“Forescout improved the visibility into what was connected to the network and helped enforce security policies on devices.”

—Chief Information Officer, Federal Government

SMART CITIES

Modern and smart cities face constant threats as new types of devices expand the attack surface of their networks. Forescout offers unique capabilities, including agentless visibility, to address these formidable challenges. Our solutions deploy quickly, without disrupting users, work with new and existing infrastructure and enhance the effectiveness of tools public sector IT teams already use. Equally important, they scale to meet the incredible growth needs of smart cities, with proven deployments in customer networks exceeding 1,000,000 endpoints.

  • Provide secure wired and wireless access control in public schools, libraries and city administration networks
  • Monitor vendor-provided/managed machines, BYOD and IoT for security and compliance
  • Help with compliance to North American, European and international regulatory mandates and directives designed to protect sensitive information, such as FISMA, NERC, ISO/IEC 27001 and the GDPR5

Smart Cities Solution Brief

Smart Cities Require Smarter Cybersecurity.

READ

Smart Transportation Solution Brief

It’s time for a transportation transformation.

READ

NIST RMF (Risk Management Framework)

Enforce a unified network security policy to address NIST RMF requirements

Forescout CounterACT® helps you proactively enforce a unified network security policy to address National Institute for Standards and Technology (NIST) RMF requirements in three key ways:

  • See – Detect IP-addressed endpoints on the network, including unmanaged, IoT and rogue devices, without requiring software agents or previous device knowledge.
  • Control – Allow, deny or limit network access based on device posture and security policies. Automate security and compliance policy enforcement and reduce the time to identify and resolve incidents while allowing security operations to be more efficient, effective and proactive.
  • Orchestrate – Share real-time security intelligence across more than 70 network, security, mobility and IT management products* to automate and accelerate system-wide threat response while reducing the risk and costs associated with manual analysis and correlation.

*As of December 31, 2016

NIST RMF Solution Brief

READ

NIST Datasheet

READ

CONTINUOUS DIAGNOSTICS AND MITIGATION (CDM)

Gain real-time asset discovery, vulnerability management and intelligent response to address compliance management

CounterACT can serve as the centerpiece of your CDM solution. CounterACT helps you:

  • Continuously discover and classify unauthorized or unmanaged hardware and software on your network
  • Provide real-time endpoint visibility for vulnerability assessment, asset and configuration management solutions
  • Assess the security posture of endpoints on your LAN/WAN environment
  • Improve authentication and access control by blocking/restricting access to unauthorized or non-compliant devices
  • Automate mitigation and remediation through third-party system orchestration
  • Provide comprehensive situational awareness by identifying endpoints and integrating with SIEM and VA systems

CDM Solution Brief

Read the Brief

CDM Ongoing Assessment Solution Brief

Read the Brief

COMPLY-TO-CONNECT

The Department of Defense has thousands of networks, each with many more thousands of connected devices like PCs and servers as well as connected systems such as HVAC controls, security sensors, and cameras. Knowing all of the devices on the DoD’s Information Network, or DODIN, has always been a challenge, especially since they are transient. In other words, they connect, drop off, then re-connect on a routine basis. Staying on top of all that activity, while optimizing both security and availability, is a challenge. And if they don’t know that a device is connected, they can’t defend it or the information on it. Comply to Connect, or ‘C2C,’ is going changing all of that.

Comply to Connect White Paper

Read the Paper

Comply to Connect Solution Brief

Read the Brief

Host-Based Security System (HBSS)

Help ensure protection through automated detection and remediation of endpoints with missing or broken HBSS agents

CounterACT integrates directly with network infrastructure to provide a real-time view of devices on DoD networks. With CounterACT, you can:

  • Help ensure all endpoints are managed by the HBSS tool suite through Forescout’s visibility and orchestration capabilities
  • Grant, deny or limit network access based on compliance standards assessed by HBSS
  • Gain direct integration with McAfee® ePO™ and McAfee® TIE/DXL
  • Shorten detection and remediation interval latency by initiating compliance scans as hosts connect to the network, rather than waiting for host detection by time-based scans

Assured Compliance Assessment Solution (ACAS)

Gain mission-critical visibility, control and scalability to power ACAS capabilities

CounterACT integrates directly with the Tenable® Nessus® Vulnerability Scanner and SecurityCenter to provide a robust ACAS solution. CounterACT:

  • Identifies assets present on networks, regardless of whether or not they have generated traffic or are IP-enabled
  • Discovers un-scanned devices as soon as they connect to networks and triggers in-depth vulnerability scans
  • Can leverage ACAS vulnerability information to determine the appropriate level of network access or trigger remediation
  • Also integrates with more than 70 leading network, security and IT management solutions* via Forescout ControlFabric® Architecture

Command Cyber Readiness Inspections (CCRI)

Comply with CCRI Guidelines

Forescout offers a policy-based security platform for endpoint compliance automation that can help DoD IT organizations create, monitor and enforce endpoint security policies in accordance with DISA STIGs and CJCSI directives with minimal effort. CounterACT identifies devices that are noncompliant with HBSS or ACAS even when those devices are entirely unknown. CounterACT automates endpoint compliance controls through:

  • Visibility and asset management
  • Authentication and access control
  • Compliance monitoring and remediation
  • Compliance notification and reporting

CCRI Solution Brief

Read the Brief

802.1X

Discover and support smartphones, tablets and laptops to offer secure, compliant wireless access

CounterACT supports 802.1X and non-802.X authentication mechanisms, allowing workers and contractors in the public sector to securely access network resources using managed and personal mobile devices. CounterACT:

  • Discovers and classifies BYOD, guest and contractor devices
  • Does not rely on 802.1X for port security
  • Continually assesses the security posture of endpoints on your LAN and WAN environments
  • Provides continuous monitoring and mitigation capabilities across wireless, wired, VPN and virtual environments
  • Works with leading wireless/MDM solutions via Forescout Extended Modules

U.S. GOVERNMENT CERTIFICATIONS

Trust a solution with the highest levels of military-grade and government security certifications

Forescout has achieved the following U.S. Government certifications and compliances:

    • U.S. Department of Defense Information Network Approved Products List (DoDIN APL) for v8.1 – DODIN APL LINK (Search Forescout)
    • FIPS (Federal Information Processing Standards) 140-2
    • National Information Assurance Partnership (NIAP) Common Criteria Certification for Forescout v8.1 – NIAP LINK
    • USMC ATO (Authority to Operate)
    • US Navy ATO (Authority to Operate)
    • U.S. Army CoN (Certificate of Networthiness)
    • DoDIN APL Certification for v8.2 - IN PROGRESS

U.S. GOVERNMENT CONTRACT VEHICLES

Ease procurement of U.S. Government contracts

CounterACT is authorized by the U.S. Government on the following contracts and purchasing schedules:

  • GSA Schedules (aka Multiple Award Schedules and Federal Supply Schedules)
  • NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
  • ITES/2H (Managed and used by U.S. Army. Also used by DoD and other federal agencies)
  • Encore II (Managed by DISA, Defense Information Systems Agency)

COMMAND CYBER READINESS INSPECTION (CCRI)

Improve your CCRI Score with the Forescout platform

The Forescout Visibility Platform helps improve all three components of your CCRI score.

  • Technical CCRI Component: Discover, classify and locate connecting devices, control network access based on security policies, and continuously monitor each device and apply appropriate controls.
  • CND Directives Component: Automate on-connect and continuous endpoint configuration assessment to comply with security benchmarks using the Forescout Extended Module for Advanced Compliance.
  • Contributing Factors Component: Enable real-time data sharing at all levels of Command and Control for a positive impact on Command Leadership Engagement, Awareness and Implementation of Security Technical Implementation Guide Requirements, Plan of Action and Milestones, and Cybersecurity Service Provider Alignment.

Executive Summary Command Cyber Readiness Inspection

Read

Quantify the ROI of your Visibility and Control

Improve your CCRI Score with the Forescout platform

In just 10 minutes we’ll help benchmark and analyze your opportunities for device and network security improvements

Get Your Personal Assessment

Read

Contact Us

Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591

Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134

Also of Interest