Assist for Forescout XDR
Maximize your SecOps Team with Forescout XDR
Assist for Forescout XDR is an optional add-on service available to qualified Forescout XDR customers. Our team of experts operates as a remote, seamless extension to your SecOps team, to provide around-the-clock monitoring of your threat environment using Forescout XDR.
Service Description
Our team of experts has deep proficiency in fully leveraging Forescout XDR and performs each of the following services on your organization’s behalf.
Security monitoring and triage
Forescout experts directly and actively monitor all detections (things that have been flagged as potential threats) around the clock (24x7x365) and triage suspicious entities generated by Forescout XDR, following the Forescout SOC incident handling workflow. A security incident case will be created for a suspicious entity that cannot be confirmed as either benign true positive or false positive during triage, to continue the threat investigation process.
Threat investigation
The team investigates security incident cases to validate whether a suspicious entity is a confirmed threat and to identify its impact in accordance with Severity 1 to 5 impact definitions. As part of the incident case analysis, they document observations including attacker attributes, attack vector, attack campaign, infected entities, malware capabilities, behavior and indicators of compromise (IOCs).
Incident management
Once a security incident is confirmed, the team assigns an impact level and, if appropriate, escalated it in accordance with the service level agreement, notifying you via your preferred escalation procedure. Based on the nature of the security incident, Forescout provides containment and remediation guidance to stop and/or recover from an attack.
Threat hunting
Forescout experts provide continuous monitoring and proactive investigation support for high-risk activities and IOCs that are not easily detected or prevented by existing security controls. They identify monitoring gaps and exposed vulnerabilities, recommending appropriate remediation options. To support incident-response efforts, they trace all attack-related activities for containment and validate mitigation during recovery. Forescout prioritizes threat hunts based on your company profile; critical assets; prevalent threat actors; current threat intelligence; high-risk tactics, techniques and procedures; and other input you provide. Malicious findings are escalated to you.
Log source monitoring
The team ensures all configured log sources are continuously sending logs to Forescout XDR.
Add 24/7 Remote Monitoring to your Environment
Speak with your account executive about this service, which is available to qualified Forescout XDR customers. It will also be available via Forescout certified MSSP partners.
Contact Your Representative
Webinar: Improving SOC Efficiency by 450x with Forescout XDR
Threat detection and response has become increasingly important, and increasingly difficult, even for seasoned and large SOC teams. Current approaches, including traditional extended detection and response (XDR) solutions, don’t adequately convert the mountain of daily alerts into high-fidelity detections of true threats, nor do they enable SOC teams to automate response processes across the extended enterprise (IT, OT, IoT, IoMT). Forescout XDR, combined with other Forescout solutions, uniquely addresses these challenges. Learn more in this exclusive 30-minute webinar with speakers Justin Foster, Chief Technology Officer; Virendra Bisht, Director of Data Science, and George McTaggart, Chief Marketing Officer
See a Demo
Watch CTO Justin Foster run through key features in Forescout XDR.
Related Resources
Product Brochure 
Schedule an XDR Demo
Get a personalized tour of our XDR solution and see how we can help you automate cybersecurity.
Request a Demo