eyeExtend

Our CMT eyeExtend products provide visibility and control across your network-connected devices—including corporate devices—while they’re off the enterprise network. They let you verify device compliance with security and regulatory mandates and take remediation actions.

How they work:

1. Forescout eyeSight discovers and classifies various types of network-connected devices.
2. eyeSight verifies the presence of a fully operational agent or performs device remediation preceding connection if an agent is missing or broken.
3. Your CMT platform verifies device compliance with corporate and industry standards.
4. Your CMT platform performs automatic re-configuration or triggers network actions via eyeControl processes and alert users.

Our EMM eyeExtend products facilitate policy-based orchestration between the Forescout platform and leading EMM systems to provide you with unified security policy

How they work:

1. eyeSight instantly profiles managed and agentless mobile devices connected to your enterprise network.
2. eyeSight provides comprehensive information about devices to EMM systems.
3. When eyeSight discovers a device without a functional EMM agent, eyeSight redirects it to the EMM app store for installation according to policy.
4. eyeControl enforces your network security policies, monitors and reports on policy compliance and sees network information such as where and how devices connect to your network.

Our EPP/EDR eyeExtend products provide bi-directional integration between the Forescout platform and leading endpoint security platforms to let you verify device compliance for functional antivirus, up-to-date signatures, encryption and other endpoint policies and facilitate remediation actions.

How they work:

1. eyeSight detects and profiles devices as they connect to your network and shares this information with your EPP/EDR platforms
2. The endpoint management platform shares device properties and compliance status with eyeSight
3. eyeControl allows network access to compliant devices and authorized users, then monitors devices continuously for compliance and erroneous behavior.
4. If the device has a missing/broken agent, eyeControl informs the EPP/EDR platform to install/repair the agent. eyeControl can also capture the endpoint’s browser and send the user to a self-remediation page.
5. When IOCs or IOAs are received from your EPP/EDR platform, eyeControl can perform a wide range of control actions based upon your security policies, including device isolation, killing a malicious process or initiating other remediation actions and alerting the user.

Our ITSM Extended Modules share up-to-date device properties, classification, configuration and network context to help true-up assets in your CMDB, improve asset compliance and maintain a trusted single-source-of-truth repository for better decision-making.

How they work:

1. eyeSight discovers and classifies various types of devices as they connect to your network, including industrial and critical infrastructure systems and passive-only discovery and profiling options.
2. eyeExtend shares device properties, configuration information and network context with your ITSM system.
3. The ITSM system adds or updates this information in the CMDB to true-up existing asset repository.
4. eyeExtend lets you import CMDB properties from your ITSM system to be used in its inventory and policies.

Our NGFW eyeExtend products enable you to implement dynamic network segmentation, automate controls for secure access to critical resources and create context-aware security policies within your next-generation firewalls based on device context from eyeSight.

How they work:

1. eyeSight discovers, classifies and assesses devices as they connect to the network.
2. Based on your policies, eyeExtend sends user identity, device information and security context/tag to the next-generation firewall.
3. Your next-generation firewall leverages contextual information from eyeSight to enforce security policies, network access and granular segmentation.

Our PAM eyeExtend products provide you with real-time agentless visibility into undiscovered local privileged accounts and let you automate responses to threats based on holistic visibility into user activity, device security posture, incident severity and overall threat exposure.

How they work:

1. eyeSight discovers devices and undetected local privileged accounts.
2. eyeExtend shares this information and device context with your PAM.
3. The PAM system identifies threats and alerts eyeControl.
4. eyeControl isolates devices on the network and limits network access.

Our SIEM eyeExtend products facilitate information sharing and policy management between the Forescout platform and leading SIEM systems to improve situational awareness and mitigate risks using advanced analytics. The solution shares comprehensive device information with your SIEM, including IoT classification and assessment context for correlation and incident prioritization.

How they work:

1. eyeSight discovers infected devices then sends the information to your SIEM system
2. eyeControl receives instructions from the SIEM and automatically takes policy-based mitigation actions to contain and respond to the event.
3. You can perform various actions depending on the severity or priority of the event, such as:
   • Quarantine devices
   • Initiate direct remediation
   • Share real-time context with other incident response systems
   • Initiate a scan by another third-party product
   • Notify the end user via email or SMS

Our VA eyeExtend products share comprehensive vulnerability assessment data between the Forescout platform and leading VA systems to initiate VA scanning of devices and automate policy-based enforcement actions as necessary.

How they work:

1. eyeExtend triggers your VA system to perform a real-time scan of the connecting device when it joins the network.
2. eyeControl isolates the connecting device in an inspection VLAN while the VA system performs a scan.
3. eyeControl triggers VA scans on devices that meet certain policy conditions, such as devices with specific applications, or when device configuration changes are detected.
4. After the VA system scans a device, eyeControl can obtain the scan results and initiate risk mitigation actions if vulnerabilities are detected.

Our Open Integration Module allows customers, systems integrators and technology vendors to integrate custom applications, security tools and management systems with the Forescout platform.

1. Web Services API for sending and receiving XML
2. SQL, allowing reading from and writing to databases, such as Oracle^®, MySQL, and SQL
3. LDAP, enabling reading from standard directories

The Advanced Compliance Module automates on-connect and continuous device configuration assessment to comply with security benchmarks. It enables you to leverage standards-based security benchmarks and content published in the SCAP format. This allows you to:

1. Improve device hygiene for greater device security.
2. Verify system configuration settings and increase compliance against regulatory or other baselines.
3. Reduce usage of outdated application versions.
4. Gather and aggregate assessment results for audit preparation.
5. Streamline existing processes and automate compliance and remediation workflows.