DSS ITSEC Conference 2012 - Forescout NAC #1
Upcoming SlideShare
Loading in...5

DSS ITSEC Conference 2012 - Forescout NAC #1



Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

DSS ITSEC Conference 2012 - Forescout NAC #1 DSS ITSEC Conference 2012 - Forescout NAC #1 Presentation Transcript

  • Automated Security ControlJohn Hagerty – EMEA Sales Director
  • ForeScout OverviewForeScout is a leading provider of automated securitycontrol solutions for Fortune 1000 enterprises andgovernment organizations.• Founded in 2000• HQ Cupertino California, R&D Tel Aviv Israel• 44% year-over-year growth – Leading independent vendor of Network Access Control – #2 market share behind Cisco• Global deployments – Multiple vertical industries – Very large deployments (>200,000 endpoints)• Global Support – ‗Follow the sun‘
  • Gartner Leader - December 2011• A consistent record of growing faster than the ―Magic Quadrant for Network Access Control‖, December 8, 2011; Lawrence Orans and NAC market, and proven ability to win large deals John Pescatore; Gartner, Inc.• The highest visibility among pure-play NAC vendors, particularly in the government and financial sectors• Strong marks for scalability, with some of the largest active deployments of all vendors• Clientless approach that eases the support for a wide variety of endpoints, particularly in BYOD environments• Users continue to cite ease of deployment and flexible enforcement methods as a primary selection criteria
  • Customers and Their Requirements
  • The Challenge: Balance Access Agility With Security• Employees, Guests, • Data loss Contractors Security • Zero-day attacks• Smartphones and and malware personal devices • Endpoint integrity• Wireless, wired, • Regulations and VPN Access compliance AgilityRequires real-time, Requires real-time, comprehensive automated controls visibility
  • Large Customers in Each Product Segment • Total purchases: $4.6M - Endpoint Compliance Customer • Primary use: Manage endpoint compliance • Secondary use: Block unauthorized users • Total purchases: $9.8M - Network Access Control (NAC) Customer • Primary use: Block unauthorized users (per DISA requirement) • Secondary use: Enforce policies (no USB memory sticks, etc.) • Total purchases: $2.4M - Endpoint Compliance Mobile Security Customer • Primary use: Visibility, compliance reporting and automated endpoint remediation • Secondary use: Mobile security, enabling‖ Bring Your Own Computer to Work‖ • Total purchases: $3.8M - Threat Protection, Endpoint Compliance, and NAC Customer • Primary use: Segment network (federated organization) • Secondary use: Block attacks, remediate endpoints, register guests • Total purchases: $1.2M - Mobile Security Customer • Primary use: Protecting and managing mobile consumer device
  • CounterACT – How It Works
  • Limited Visibility Means Security Gaps Corporate Resources Non-Corporate EndpointsNetwork Devices Antivirus out of date Applications Firewall installed but turned off Encryption agent not installed Users ForeScout Comprehensive Visibility Protection Possible Visible No Protection Possible Not Visible
  • ForeScout Provides Visibility and Control Network Endpoint Mobile Access Control Compliance Threat Control • Register guests • Find and fix Control • Limit access security gaps • Detect and report • Block unauthorized • Enforce policies • Block intrusions on mobile devices users and rogue • Track violations and worms • Restrict access devices • Detect infected machines Agentless Scalable ForeScout Automated Security Control Platform Knowledgebase . Interoperable
  • How It Works• Out of band Deploy at the Core ForeScout• Clientless CounterACT• One appliance
  • See Grant Fix Protect ForeScout • What type of device? CounterACT • Who owns it? • Who is logged in? • What applications?(((((((
  • See Grant Fix Protect ForeScout • Grant access CounterACT • Register guests • Block access • Restrict access(((((((
  • See Grant Fix Protect Web Email CRM Sales Employee Guest
  • See Grant Fix Protect ForeScout• Remediate OS CounterACT• Fix security agents• Fix configuration• Start/stop applications• Disable peripheral
  • Blocked Admission and Advised What isOut of Compliance
  • See Grant Fix Protect ForeScout• Detect unexpected behavior CounterACT• Block insider attack• Block worms• Block intrusions
  • See Grant Fix Protect ALERT & REMEDIATE RESTRICT ACCESS MOVE & DISABLEOpen trouble ticket Deploy a Virtual Firewall around an infected Reassign device from production VLAN to or non-compliant device quarantine VLANSend email notification Block access with 802.1XSNMP Traps Reassign the device into a VLAN with Alter login credentials to block access restricted accessSyslog Block access with device authenticationHTTP browser hijack Update access lists (ACLs) on switches, Turn off switch port (802.1X or SNMP)Auditable end-user acknowledgement firewalls and routers to restrict access Terminate unauthorized applicationsSelf-remediation Automatically move device to a pre-Integrate with SMS, WSUS, SCCM, configured guest network Disable peripheral deviceLumension, BigFix
  • ForeScout & the IT-GRC FrameworkSwitches & Routers Endpoint Protection Endpoints Firewall & VPNWireless IT Network ServicesNetwork Devices Smart Phones & Tablets
  • Mobile / BYOD / MDM
  • What does the market want today ?• Lot‘s of players in MDM market – See Gartner• Customers want to the cost savings• Users want the flexibility• Customers requirements today are predominantly straight forward : – Protect the network in an ‗open‘ environment – Posture checking – Password requirements – Malware concerns – Remote wipe / control
  • Gartner Recommendations―Enterprises must be prepared to manage and secure a wide range of devices, some of which they dont own. Multiplatform MDM tools are one way to achieve this.‖ Gartner, ―Top 10 Mobile Technologies for 2012 and 2013‖, 14 February 2012, Nick Jones ―No matter what [BYOD] strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required — and that requires NAC.‖ Gartner, ―NAC Strategies for Supporting BYOD Environments‖, 22 December 2011, Lawrence Orans and John Pescatore
  • ForeScout Solution Options ForeScout ForeScout ForeScout CounterACT CounterACT CounterACT + + ForeScout Mobile ForeScout Mobile + MDM (3rd party) MDM (3rd party)Operational Management• Provisioning• Cost management• InventoryNetwork Security• Access control• Block threats• StabilityDevice Security• Password• Remote wipe• Configuration enforcement• Detect rooted / jailbroken• ContainerizationUnified security managementUser impact Transparent Lightweight Varies VariesPrice $ $$ $$$* $$$$ *Assumes that a portion of the mobile devices are enrolled in a 3rd party MDM system and the rest are managed by ForeScout Mobile Security Module.
  • ForeScout MDMAgility of the cloud for the pace of change in mobility• Fast deployment – Simple provisioning processes – Intuitive user interface• Effortless scalability – Instantly turn up devices, users, apps – Start small and easily expand up• Automatic upgrades – Continuous updates available instantly – No ongoing maintenance• Unmatched affordability – Zero infrastructure needed – All inclusive subscription price model
  • Unified Visibility
  • Why ForeScout
  • We Win Awards !Secure Computing November 2012
  • The Holy GrailSlide 27
  • Why Customers Choose ForeScout• Easy to deploy – Clientless – No infrastructure changes – Everything in a single appliance• Rapid time to value – Complete visibility in hours or days• 100% coverage (no blind spots) – Users, devices, systems, VMs, apps• Extensive range of automated controls – Transparent, gentle, or aggressive• Works with every network without costly upgrades
  • ContactsPrimary Contacts• John Hagerty – EMEA Sales Director jhagerty@forescout.com +44 7739 732805• Richard Cassidy – Senior EMEA SE rcassidy@forescout.com +44 7834 336426• Nikki Gagie – EMEA Inside Sales and Marketing ngagie@forescout.com +44 1256 843633
  • Thank You