Forescout Addresses Modern SecOps Challenges with Launch of Forescout XDR

Demo
Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Press

Bromium and Forescout Team to Automate Threat Response

pdf Download PDF

Integrated approach facilitates accurate, real-time threat intelligence and automates enterprise-wide mitigation against advanced malware

Cupertino and Campbell, Calif.  – December 10, 2013 – Bromium®, Inc., a pioneer in trustworthy computing, and Forescout Technologies, Inc., a leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced integration efforts between Bromium Live Attack Visualization and Analysis (LAVA™) and Forescout CounterACT. The joint solution will help automatically defeat and remediate advanced malware, gather precise threat intelligence in real time, and protect the enterprise using advanced network-wide defenses.

“In today’s threat environment, responding to an attack immediately to achieve defense in depth is critical,” said Ken Pfeil, CISO at Pioneer Investments. “The integrated solution from Bromium and Forescout will enable us to cut through the noise of false alerts and automate our response to actual attacks in real time, enterprise wide. Additionally, the approach leverages our existing investments in endpoint and network security, providing unambiguous and actionable threat intelligence that we can use to quickly and systematically enhance our overall security posture.”

Providing an unrivaled comprehensive and accurate view of malware behavior in real-time, LAVA is a centralized security application that works in conjunction with Bromium vSentry®. Bromium vSentry is built on the revolutionary Bromium Microvisor that protects end points by design, using CPU features for virtualization to hardware-isolate each browser tab, attachment or document in a micro-VM that cannot access enterprise data, the Intranet or valuable SaaS sites.  Malware is automatically remediated when the user closes the task.  LAVA gathers and provides real-time analysis of each hardware-isolated malware attack cycle occurring within an enterprise, providing detailed insight into an attack’s origin, techniques and targets while delivering immediate, actionable security intelligence and enabling enterprise security teams to safely analyze threats.

“In conjunction with vSentry, LAVA provides unparalleled intelligence into malware attacks at the most critical point and time, as it happens,” said Simon Crosby, CTO and co-founder at Bromium. “Our work with Forescout, leveraging ControlFabric technology, allows joint customers to respond immediately, network wide, using the rich integration and powerful orchestration capabilities of LAVA and CounterACT.”

Based on CounterACT’s real-time visibility and policy-based mitigation capabilities, CounterACT can dynamically provision and activate the Bromium endpoint agent, vSentry®. CounterACT can also receive malware details from Bromium LAVA™, Bromium’s management system, in real time and allow organizations to enable CounterACT to quarantine infected endpoints, block the infection source and inspect all other endpoints on the network for presence of a similar infection.

The joint solution benefits include:

  • Automated malware response – When Bromium LAVA detects advanced malware, it sends information about the attack to CounterACT in real time. CounterACT can then take automated actions such as alerting the administrator, emailing the end-user and preventing further malware propagation to unprotected endpoints by blocking traffic to and from the infection source.
  • Agent provisioning and monitoring – CounterACT has the ability to discover, classify and monitor all endpoints on the network, including unmanaged and personal devices. This allows CounterACT to detect endpoints without a Bromium vSentry® agent and verify if they meet the minimum hardware and BIOS requirements. CounterACT then deploys the Bromium agent on these endpoints, automatically or via manual action.
  • Enterprise-wide attack mitigation – Bromium can determine the signature representative of an advanced malware attack and send this information, including the malware payload fingerprint, to CounterACT. CounterACT can use this information to assess all other endpoints (including unprotected endpoints) to identify and quarantine additional zero-day infection points across the enterprise network.

“We are thrilled to partner with Bromium to provide joint customers with enhanced protection against advanced malware,” said Gil Friedrich, vice president of technology at Forescout. “This integration illustrates how Forescout’s customers and partners leverage the ControlFabric technology to build a central security hub that can bi-directionally share real-time threat intelligence, automate remediation and improve operational efficiency. “

Forescout CounterACT, Bromium vSentry® and LAVA™ interoperability is delivered through the Forescout ControlFabric Interface using open, standards-based formats. Forescout delivers pervasive network security by allowing organizations to continuously monitor and mitigate advanced malware attacks. Forescout CounterACT dynamically identifies and assesses all network users, endpoints and applications to provide comprehensive visibility, intelligence and policy-based mitigation of security issues. Forescout’s open ControlFabric technology enables vendors, system integrators and customers to integrate CounterACT with a broad range of IT security products and management systems to automate enterprise-wide defenses.

About Bromium, Inc.
Bromium is re-inventing enterprise security with its powerful new technology, micro-virtualization, which was designed to protect businesses from advanced malware, while simultaneously empowering users and delivering unmatched threat intelligence to IT. Unlike traditional security methods, which rely on complex and ineffective detection techniques, Bromium protects against malware from the Web, email or USB devices, by automatically isolating each user-task at the endpoint in a hardware-isolated micro-VM, preventing theft or damage to any enterprise resource. Bromium’s technological innovations have earned the company numerous industry awards including being named as a CNBC Disruptor and a Gartner Cool Vendor for 2013. Bromium counts a rapidly growing set of Fortune 500 companies and government agencies as customers, including NYSE and BlackRock.

About Forescout Technologies, Inc.
Forescout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyberattacks. The company’s CounterACT platform dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based mitigation of security issues. Forescout’s open ControlFabric technology allows a broad range of IT security products and management systems to share information and automate remediation actions. Because Forescout’s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, Forescout offers its solutions through its network of authorized partners worldwide. Learn more at: www.forescout.com.