The ability to see 100% of IP-connected devices connected to the campus, including IoT, data center, cloud and OT environments, then the capability to secure those devices with appropriate levels of controls.
Why do I need Device Visibility and Control?
Security begins by understanding with confidence what is on the network. This means having visibility into every single user credential that is logged in, knowing what applications each of those users is entitled to, and also identifying every single device the moment it connects to the network and constantly thereafter. Once connected, devices must be controlled for optimal security.
Agentless discovery and classification in real time, along with continuous posture assessment, provide accurate situational awareness. This accurate situational awareness is used to automate policy-based controls and orchestrate actions.
Why does a CIO need Device Visibility and Control?
According to a Gartner September 2018 report on IoT trends, by 2023 the average CIO will be responsible for more than three times the endpoints they managed in 2018. The vast majority of this growth is not coming from traditional managed devices like laptops and smartphones, but from IoT and OT devices which can’t support agents and thus can easily go undetected and unmanaged.
Historically, a variety of tools were used to discover network-enabled devices across an extended enterprise. This might lead one to assume that organizations get an appropriate level of business and technical visibility today. However, traditional tools tend to discover, classify, and inspect devices in isolation—if they can even find them. They often use network packets or device-based agents to get a cursory understanding of each discovered device but rarely furnish the level of detail required to determine true situational awareness.
CISOs often base their cybersecurity efforts on point-in-time assessments that do not reflect their current state of security. They don’t know what devices are or are not connected to their network, the function of those devices, the role they play within interconnected systems, or how changes to those devices may impact the organization’s overall security profile. These conclusions are validated by ESG risk management research that looked at both the timeliness of the device data and the completeness of the asset inventory from which the data is captured.
Cyber risk management is based on periodic reviews rather than continuous monitoring. Nearly two-thirds of organizations do baseline assessments, but this data is only valid at a particular point in time. Thus, risk management decisions are often based on historical (and potentially inaccurate) information rather than current data. This is at odds with the need for organizations to monitor devices on a continuous basis.
The ability to:
- Discover every IP-connected physical and virtual device across campus, data center, cloud and industrial environments.
- Classify diverse IT, IoT and OT/ICS devices in real time.
- Assess and continuously monitor compliance of all devices without requiring agents.
The ability to:
- Conform with policies, industry mandates and best practices such as network segmentation.
- Restrict, block or quarantine noncompliant or compromised devices.
- Automate endpoint, network and third-party control actions.
A civilian agency that expanded its has device visibility and control from Forescout for approximately 1.5 devices. Forescout integrates and orchestrates with Splunk to enhance and enforce control of these devices. This is part of Phase 3 of the U.S. Government’s Continuous Diagnostics and Mitigation, or CDM, program. Phase 3 is focused on mitigation of threats and moving from device visibility to control mode.
The U.S. Department of Defense uses Device Visibility and Control from Forescout in support of the DoD’s Comply to Connect framework, in which the Forescout platform will be initially managing visibility for 250,000 devices. Forescout is a foundational component of the Comply to Connect framework to achieve better cyber hygiene and see 100 percent of the devices and systems connected to the network.
A top-ten U.S. bank uses the Forescout platform’s Device Visibility and Control capabilities to secure and inventory more than 250,000 devices across their network. In addition, the Forescout platform’s deep device visibility and integration with ServiceNow’s CMDB enable a single source of truth for all devices on the network.
A Fortune 100 healthcare organization uses Device Visibility and Control from Forescout for nearly 250,000 devices. The platform was implemented to solve the visibility and control challenges the company was experiencing as a result of multiple acquisitions and divestitures over the years.
One of the world’s largest manufacturing companies uses device visibility and control from the Forescout platform for over one million devices across their campus wired and wireless networks. In addition, Forescout enables real-time vulnerability management by identifying a device the second it joins the network and triggers a real-time scan from the manufacturer’s VA solution. If the device has known vulnerabilities, Forescout takes action by blocking it until it is patched.
A major telecommunications company uses Device Visibility and Control from Forescout for more than 200,000 devices within their campus wired and wireless network. In addition, Forescout interoperates with their existing networking and security solutions such as EDR.