Internet Of Things
Discover, classify and control IoT devices to secure your network
The Internet of Things phenomenon is quickly expanding your attack surface as new types of devices join your network. Projectors, sensors, security cameras and IP-connected innovations of every type provide valuable services, but these unmanaged devices can serve as launching and reconnaissance points for cyberattacks. ForeScout CounterACT® can:
- Automatically discover and classify IP-connected IoT devices on your network
- Continuously monitor IoT device activity
- Control or quarantine compromised devices
Learn how CounterACT’s agentless visibility helps you see and control IoT devices.
See your networked devices, infrastructure, operating systems, users and applications
ForeScout CounterACT lets you see and control devices on your network—regardless of whether or not they have security agents installed. To achieve this, CounterACT can:
- Discover unknown devices on the network that are not company-owned (and not outfitted with agent software)
- Perform deep endpoint inspection without an agent
- Measure effectiveness of security controls and support your efforts to demonstrate compliance with regulations
Devices don’t need an agent to get noticed with CounterACT. Learn why.
ForeScout improved the visibility into what was connected to the network and helped enforce security policies on devices.
Chief Information Officer, Federal Government
Network Access Control
Gain real-time visibility and control of devices the instant they access your network
ForeScout CounterACT automatically initiates one or more of your policy-based enforcement and remediation actions ranging from an email notification of noncompliance to mandatory remediation to outright quarantine or access prevention. To achieve this, CounterACT can:
- Control access to confidential data based on device and user profiles
- Prevent infected or noncompliant devices from spreading malware
- Automatically enforce actions for identified situations without human involvement
Learn how easily you can gain control of network access with CounterACT.
Dynamic Network Segmentation
Secure your network from the inside out with policy-based network segmentation
Perimeter-based network security is no longer effective. Today’s rapidly evolving networks and threat landscape require automated network segmentation. Creating and managing network segments used to be time-consuming, expensive and arduous. ForeScout dramatically simplifies this process, allowing you to:
- Use agentless visibility and granular device classification to define profiles, roles and zones
- Leverage existing infrastructure investments in next-generation firewalls, switches and wireless routers
- Automate and maintain segmentation hygiene from campus to cloud
Quickly implement dynamic segmentation with our NGFW Extended Modules.
Secure Cloud Computing
Extend visibility, control and orchestration across campus and cloud environments
Cloud computing makes it easy to scale compute capacity with incredible efficiency. Our public cloud solution combines CounterACT with Amazon EC2 to:
- Discover and classify virtual instances and assess their security posture
- Provide unified policy management for security ops from a single dashboard
- Allow, deny or segment virtual instances based upon policy compliance
CounterACT lets you leverage your existing security operations team, skills and process—heterogeneous security at its best. Learn how.
Automate guest access enrollment and control
CounterACT offers several options to securely accommodate guests and visitors. Setting up guest access is a matter of deciding how a guest device should comply with your security policies. CounterACT onboarding options let you:
- Pre-register guest users with a password that they can enter at the captive network portal
- Allow users to connect after asking for their names and email addresses
- Notify security personnel via the console, email or text message when a guest enters the network
Learn how you can provide safe, controlled access to your visitors, guests and contractors.
Find and address gaps in endpoint security to maintain compliance
ForeScout CounterACT helps you obtain real-time endpoint compliance capabilities without security personnel interventions. CounterACT can:
- Detect and take action against suspicious or rogue endpoints the instant they access the network
- Achieve endpoint compliance without the administrative burden or end user inconvenience of software agents
- Control endpoint configurations according to organizational best-practice policies and regulatory mandates
Learn more about CounterACT’s compliance capabilities.
Mobile and BYOD Security
Provide secure mobility of employee-owned devices
Few things can bring business productivity and agility to a screeching halt faster than blocking mobile access. Unless, of course, you allow a compromised mobile device onto your network. ForeScout CounterACT lets you safely embrace mobility and BYOD, allowing you to:
- Provide agentless network visibility of laptops, smartphones and tablets the instant they connect to your network
- Enforce network access control, endpoint compliance and mobile device security policies
- Eliminate manual labor associated with opening or closing network ports
Learn how CounterACT helps you keep mobile employees productive and your network safe.
By 2021, regulatory compliance for critical infrastructure will drive IoT security spend to $1 billion globally, up from less than $100 million today.
Gartner Predicts 2017: Charting a Path to IoT Business Value
CounterACT includes real-time controls and automated reporting to support your efforts in demonstrating regulatory and policy compliance for PCI DSS, HIPAA, HITRUST, SOX, FINRA, FISMA, GLBA and other mandates. To achieve this CounterACT can automatically:
- Identify endpoints and determine their compliance levels
- Grant full access if the device is compliant and the person’s role justifies their access attempt
- Allow or deny access based on device compliance and user authorization
Extend agentless visibility and control to your software-defined data center
Private cloud security is a logical extension of securing managed, unmanaged and IoT devices in the physical world. Our Data Center Security Solution combines CounterACT with VMware vSphere and NSX to:
- Allow, deny and remediate virtual machines before granting network access
- Help ensure VMs are compliant, accurately segmented and adhere to hardening guidelines
- True-up asset inventory and CMDB with up-to-date VM information
IT Service Management (ITSM)
Gain a trusted data set through real-time asset discovery and monitoring
IT Asset/Configuration Management Database solutions are often saddled with legacy discovery methods that can’t detect IP-addressed endpoints, resulting in asset visibility gaps. CounterACT detects connected devices in real time—without requiring agents—to help you true-up assets in your CMDB by providing:
- An accurate picture of connected endpoints, infrastructure components and BYOD/IoT devices
- Rich contextual data for consumption by operations staff or third-party tools
- Orchestration of common, closed-loop processes with ITAM and other complementary IT services
Learn about our Extended Module for ServiceNow® and read our ITAM white paper.
By 2020, less than 10% of new devices connected to your network will be manageable by traditional methods.
Gartner BI Intelligence