Description
Security policy templates use existing Forescout CounterACT® functionality to detect, evaluate, and respond to vulnerabilities and threats – speeding and simplifying your network response. When this plugin is installed, security policy templates are available in the Policy view of the Console under the Vulnerability and Response sub-folder in the Templates tree.
To work with these templates, it is recommended to:
- Read the release notes and review the policy logic in the Console’s Policy view.
- Enable/add mitigation actions to generated policies.
For details of working with CounterACT policies, see the Console User Manual.
Policy Templates in This Release
This section describes the templates provided in this release. In the Policy creation wizard, these templates are available under the Vulnerability and Response sub-folder in the Templates tree.
VR MDS
Microarchitectural Data Sampling (MDS) exploits, such as the RIDL and Fallout exploits, take advantage of MDS side-channel vulnerabilities in Intel CPUs to access arbitrary pieces of private information. It is similar to the Meltdown and Spectre vulnerabilities which are covered by the VR Meltdown and VR Spectre Forescout Security Policy Templates. These vulnerabilities are described in https://mdsattacks.com/.
Policies you create with this template detect managed Windows, Linux/Unix, and macOS™/OS X® endpoints that are vulnerable to MDS exploits.
Requirements
- Advanced Tools Plugin 2.2.0.1 or above installed and running.
- Linux Plugin 1.4.1 installed and running.
- Make sure the Linux Plugin uses root credentials to access endpoints.
- OS X Plugin 2.2.1 installed and running.
- OS X Plugin SecureConnector deployed as a Service. See Forescout Deploying SecoureConnector as Part of a Machine Image How-to Guide.
- Make sure the OS X Plugin Remote Inspection uses root credentials to access endpoints.
- Policies created with this template provide customized third party detection tools. Make sure the fs_test_SpeculationControl.bat and fs_test_MDS_Linux.sh executables used in the Expected Script Results conditions are whitelisted (Do this manually if needed), so that tools such as Anti-Virus applications do not prevent the policy from working properly.
- Policies created with this template use Windows PowerShell scripts. Make sure that these scripts are allowed on Windows managed endpoints running Windows 7, Windows 2008 Server or above.
VR RingCentral Meetings
Some versions of the RingCentral conferencing application are vulnerable to attack. A user can be unknowingly connected to a video call, letting an attacker access the user’s device and its video camera. This vulnerability is similar to the Zoom vulnerability, also covered in the current Security Policy Templates release. See VR Zoom.
Policies you create with these templates detect macOS™/OS X® endpoints that run vulnerable or outdated versions of RingCentral Meeting. Managed endpoints are evaluated. Endpoints are sorted into Forescout groups according to their level of vulnerability and detected software version. Apply further tests or appropriate remediation actions to each group. This vulnerability is described in CVE-2019-13450 and CVE-2019-13567.
Forescout Environments
This template can be deployed in the following Forescout environments:
- CounterACT 7.0.0 with service Pack 3.0.0 and above
- CounterACT 8.0
- Forescout 8.1
Requirements
These Forescout Components are required:
- Advanced Tools Plugin 2.2.0.1 or above
- OS X Plugin 2.2.1
VR Zoom
Some versions of the Zoom conferencing application are vulnerable to Remote Code Execution (RCE) attacks. Also, a user can be unknowingly connected to a video call, letting an attacker access the user’s device and its video camera.
Policies you create with these templates detect Windows and macOS™/OS X® endpoints that run vulnerable or outdated versions of Zoom. Managed endpoints are evaluated. Endpoints are sorted into Forescout groups according to their level of vulnerability and detected software version. Apply further tests or appropriate remediation actions to each group. This vulnerability is described in CVE-2019-13450 and CVE-2019-13567.
Forescout Environments
This template can be deployed in the following Forescout environments:
- CounterACT 7.0.0 with service Pack 3.0.0 and above
- CounterACT 8.0
- Forescout 8.1
Requirements
These Forescout Components are required:
- Advanced Tools Plugin 2.2.0.1 or above
- OS X Plugin 2.2.1
Tracking Vulnerable and Infected Endpoints
To let you track infected and vulnerable endpoints for further handling, policies assign endpoints to Forescout groups based on policy evaluation. The plugin creates the Malware-Vulnerable and Malware-Infected groups and parallel Inventory views. In addition, specific policies may create other groups.
Supported CounterACT Versions
Customers who are working with the following CounterACT version can install the plugin:
- CounterACT 8.0 (and above)
- CounterACT 7.0.0 (it is recommended to install the latest service pack) or Forescout 8.1
Software updates are available through the “Check for Updates” feature in the Enterprise Manager console, and via download from updates.forescout.com for customers on Per Appliance Licensing Model (PALM) or from the Forescout Customer Support Portal for customers using the FLEXX Licensing Model. A current ActiveCare contract is required to obtain software updates.
Updates now available
MODULE |
UPDATE AVAILABLE |
APPLICABLE COUNTERACT VERSION |
UPDATE AVAILABLE VIA: “CHECK FOR UPDATES” (RECOMMENDED), OR DIRECT DOWNLOAD VIA THE LINKS BELOW
|
||
APPLIANCE LICENSING |
FLEXX BASED LICENSING |
||||
Security Policy Templates |
19.0.7 |
7.0, 8.0 and above |
|
|
|
For More Information:
For additional information, please refer to Knowledge Base Article #9898: “The Security Policy Templates version 19.0.7 is now available” which can be accessed via support.forescout.com using your login credentials. You can also contact Forescout Customer Care via the Forescout Customer Support Portal.
Legal Disclaimer
THIS NOTIFICATION IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION IN THIS ALERT OR MATERIALS LINKED FROM THIS ALERT IS AT YOUR OWN RISK. FORESCOUT RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ALERT AT ANY TIME.
Forescout Confidential and Proprietary
This Alert may contain Forescout proprietary and confidential information and must be protected by the recipient accordingly. The information in this Alert is not meant for general dissemination and may only be used by the recipient in connection with the services reflected in this Alert. Any unauthorized use or dissemination of this Alert in whole or in part is strictly forbidden.
© 2019. Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.Forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their respective owners.