Security policy templates use existing Forescout CounterACT® functionality to detect, evaluate, and respond to vulnerabilities and threats – speeding and simplifying your network response. When this plugin is installed, security policy templates are available in the Policy view of the Console under the Vulnerability and Response sub-folder in the Templates tree.
To work with these templates, it is recommended to:
- Read the release notes and review the policy logic in the Console’s Policy view.
- Enable/add mitigation actions to generated policies.
For details of working with CounterACT policies, see the Console User Manual.
Policy Templates in This Release
The following template is new or has been significantly updated in this release:
Policies you create with this template use active inspection methods to evaluate if endpoints are vulnerable to malware that exploits the RDP (Remote Desktop Protocol) BlueKeep CVE-2019-0708 exploit.
Both managed and unmanaged endpoints are evaluated.
- No credentials are required to access endpoints.
- Because these policies use active inspection methods, make sure to whitelist all scans originating from the Forescout platform in your next generation firewall, antivirus, and any similar software.
- By default, the policy scope includes all endpoints classified by the Forescout platform as Windows devices, as well as any devices detected as having open RDP ports. To identify these endpoints, apply a Primary Classification or Asset Classification policy and make sure that the Add to Group action is enabled.
- Advanced Tools Plugin 188.8.131.52 or above must be installed and running.
Tracking Vulnerable and Infected Endpoints To let you track infected and vulnerable endpoints for further handling, policies assign endpoints to Forescout groups based on policy evaluation. The plugin creates the Malware-Vulnerable and Malware-Infected groups and parallel Inventory views. In addition, specific policies may create other groups.
Supported CounterACT Versions
Customers who are working with the following CounterACT version can install the plugin:
- CounterACT 8.0 (and above)
- CounterACT 7.0.0 (it is recommended to install the latest service pack) or Forescout 8.1
Software updates are available through the “Check for Updates” feature in the Enterprise Manager console, and via download from updates.forescout.com for customers on Per Appliance Licensing Model (PALM) or from the Forescout Customer Support Portal for customers using the FLEXX Licensing Model. A current ActiveCare contract is required to obtain software updates.
Updates now available
Applicable CounterACT Version
Update available via: “Check for Updates” (recommended), or direct download via the links below
Security Policy Templates
7.0, 8.0 and above
For More Information:
For additional information, please refer to Knowledge Base Article #9898: “The Security Policy Templates version 19.0.6 is now available” which can be accessed via https://www.forescout.com/support.forescout.com using your login credentials. You can also contact Forescout Customer Care via the Forescout Customer Support Portal.
THIS NOTIFICATION IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION IN THIS ALERT OR MATERIALS LINKED FROM THIS ALERT IS AT YOUR OWN RISK. FORESCOUT RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ALERT AT ANY TIME.
Forescout Confidential and Proprietary
This Alert may contain Forescout proprietary and confidential information and must be protected by the recipient accordingly. The information in this Alert is not meant for general dissemination and may only be used by the recipient in connection with the services reflected in this Alert. Any unauthorized use or dissemination of this Alert in whole or in part is strictly forbidden.
© 2019. Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks/. Other brands, products, or service names may be trademarks or service marks of their respective owners.