Assist for Forescout Threat Detection & Response is an optional add-on service available to qualified Forescout Threat Detection & Response customers. Our team of experts operates as a remote, seamless extension to your SecOps team, to provide around-the-clock monitoring of your threat environment using Forescout Threat Detection & Response.
Our team of experts has deep proficiency in fully leveraging Forescout Threat Detection & Response and performs each of the following services on your organization’s behalf.
Forescout experts directly and actively monitor all detections (things that have been flagged as potential threats) around the clock (24x7x365) and triage suspicious entities generated by Forescout Threat Detection & Response, following the Forescout SOC incident handling workflow. A security incident case will be created for a suspicious entity that cannot be confirmed as either benign true positive or false positive during triage, to continue the threat investigation process.
The team investigates security incident cases to validate whether a suspicious entity is a confirmed threat and to identify its impact in accordance with Severity 1 to 5 impact definitions. As part of the incident case analysis, they document observations including attacker attributes, attack vector, attack campaign, infected entities, malware capabilities, behavior and indicators of compromise (IOCs).
Once a security incident is confirmed, the team assigns an impact level and, if appropriate, escalate it in accordance with the service level agreement, notifying you via your preferred escalation procedure. Based on the nature of the security incident, Forescout provides containment and remediation guidance to stop and/or recover from an attack.
Forescout experts provide continuous monitoring and proactive investigation support for high-risk activities and IOCs that are not easily detected or prevented by existing security controls. They identify monitoring gaps and exposed vulnerabilities, recommending appropriate remediation options. To support incident-response efforts, they trace all attack-related activities for containment and validate mitigation during recovery. Forescout prioritizes threat hunts based on your company profile; critical assets; prevalent threat actors; current threat intelligence; high-risk tactics, techniques and procedures; and other input you provide. Malicious findings are escalated to you.
The team ensures all configured log sources are continuously sending logs to Forescout Threat Detection & Response.
Threat detection and response has become increasingly important, and increasingly difficult, even for seasoned and large SOC teams. Current approaches, including traditional extended detection and response (XDR) solutions, don’t adequately convert the mountain of daily alerts into high-fidelity detections of true threats, nor do they enable SOC teams to automate response processes across the extended enterprise (IT, OT, IoT, IoMT). Forescout Threat Detection & Response, combined with other Forescout solutions, uniquely addresses these challenges.
Learn more in this exclusive 30-minute webinar with speakers Justin Foster, Chief Technology Officer; Virendra Bisht, Director of Data Science, and George McTaggart, Chief Marketing Officer
