Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

1. Automated Security Control
John Hagerty – EMEA Sales Director

2. ForeScout Overview
ForeScout is a leading provider of automated security
control solutions for Fortune 1000 enterprises and
government organizations.
• Founded in 2000
• HQ Cupertino California, R&D Tel Aviv Israel
• 44% year-over-year growth
– Leading independent vendor of Network Access Control
– #2 market share behind Cisco
• Global deployments
– Multiple vertical industries
– Very large deployments (>200,000 endpoints)
• Global Support – ‗Follow the sun‘

3. Gartner Leader - December 2011
• A consistent record of growing faster than the ―Magic Quadrant for Network Access Control‖,
December 8, 2011; Lawrence Orans and
NAC market, and proven ability to win large deals John Pescatore; Gartner, Inc.
• The highest visibility among pure-play NAC
vendors, particularly in the government and
financial sectors
• Strong marks for scalability, with some of the
largest active deployments of all vendors
• Clientless approach that eases the support for a
wide variety of endpoints, particularly in BYOD
environments
• Users continue to cite ease of deployment and
flexible enforcement methods as a primary
selection criteria

4. Customers and Their Requirements

5. The Challenge:
Balance Access Agility With Security
• Employees, Guests, • Data loss
Contractors Security • Zero-day attacks
• Smartphones and and malware
personal devices
• Endpoint integrity
• Wireless, wired,
• Regulations and
VPN
Access compliance
Agility
Requires real-time, Requires real-time,
comprehensive automated controls
visibility

6. Large Customers in Each Product Segment
• Total purchases: $4.6M - Endpoint Compliance Customer
• Primary use: Manage endpoint compliance
• Secondary use: Block unauthorized users
• Total purchases: $9.8M - Network Access Control (NAC) Customer
• Primary use: Block unauthorized users (per DISA requirement)
• Secondary use: Enforce policies (no USB memory sticks, etc.)
• Total purchases: $2.4M - Endpoint Compliance Mobile Security Customer
• Primary use: Visibility, compliance reporting and automated endpoint remediation
• Secondary use: Mobile security, enabling‖ Bring Your Own Computer to Work‖
• Total purchases: $3.8M - Threat Protection, Endpoint Compliance, and NAC Customer
• Primary use: Segment network (federated organization)
• Secondary use: Block attacks, remediate endpoints, register guests
• Total purchases: $1.2M - Mobile Security Customer
• Primary use: Protecting and managing mobile consumer device

7. CounterACT – How It Works

8. Limited Visibility Means Security Gaps
Corporate Resources Non-Corporate
Endpoints
Network Devices
Antivirus out of date
Applications Firewall installed but turned off
Encryption agent not installed
Users
ForeScout Comprehensive Visibility
Protection Possible
Visible No Protection Possible
Not Visible

9. ForeScout Provides Visibility and Control
Network Endpoint
Mobile Access Control Compliance Threat
Control • Register guests • Find and fix Control
• Limit access security gaps
• Detect and report • Block unauthorized • Enforce policies • Block intrusions
on mobile devices users and rogue • Track violations and worms
• Restrict access devices • Detect infected
machines
Agentless Scalable
ForeScout Automated Security
Control Platform
Knowledgebase . Interoperable

10. How It Works
• Out of band Deploy at the Core
ForeScout
• Clientless CounterACT
• One appliance

11. See Grant Fix Protect
ForeScout
• What type of device? CounterACT
• Who owns it?
• Who is logged in?
• What applications?
(((((((

12. See Grant Fix Protect
ForeScout
• Grant access CounterACT
• Register guests
• Block access
• Restrict access
(((((((

13. See Grant Fix Protect
Web Email CRM
Sales
Employee
Guest

14. See Grant Fix Protect
ForeScout
• Remediate OS CounterACT
• Fix security agents
• Fix configuration
• Start/stop applications
• Disable peripheral

15. Blocked Admission and Advised What is
Out of Compliance

16. See Grant Fix Protect
ForeScout
• Detect unexpected behavior CounterACT
• Block insider attack
• Block worms
• Block intrusions

17. See Grant Fix Protect
ALERT & REMEDIATE RESTRICT ACCESS MOVE & DISABLE
Open trouble ticket Deploy a Virtual Firewall around an infected Reassign device from production VLAN to
or non-compliant device quarantine VLAN
Send email notification
Block access with 802.1X
SNMP Traps
Reassign the device into a VLAN with Alter login credentials to block access
restricted access
Syslog
Block access with device authentication
HTTP browser hijack
Update access lists (ACLs) on switches, Turn off switch port (802.1X or SNMP)
Auditable end-user acknowledgement firewalls and routers to restrict access
Terminate unauthorized applications
Self-remediation
Automatically move device to a pre-
Integrate with SMS, WSUS, SCCM, configured guest network Disable peripheral device
Lumension, BigFix

18. ForeScout & the IT-GRC Framework
Switches & Routers Endpoint Protection Endpoints
Firewall & VPN
Wireless IT Network Services
Network Devices Smart Phones & Tablets

19. Mobile / BYOD / MDM

20. What does the market want today ?
• Lot‘s of players in MDM market – See Gartner
• Customers want to the cost savings
• Users want the flexibility
• Customers requirements today are predominantly straight
forward :
– Protect the network in an ‗open‘ environment
– Posture checking
– Password requirements
– Malware concerns
– Remote wipe / control

21. Gartner Recommendations
―Enterprises must be prepared to manage and secure a
wide range of devices, some of which they don't own.
Multiplatform MDM tools are one way to achieve this.‖
Gartner, ―Top 10 Mobile Technologies for 2012 and 2013‖, 14
February 2012, Nick Jones
―No matter what [BYOD] strategy is selected, the ability to
detect when unmanaged devices are in use for business
purposes will be required — and that requires NAC.‖
Gartner, ―NAC Strategies for Supporting BYOD Environments‖,
22 December 2011, Lawrence Orans and John Pescatore

22. ForeScout Solution Options
ForeScout ForeScout ForeScout
CounterACT CounterACT CounterACT
+ +
ForeScout Mobile ForeScout Mobile
+
MDM (3rd party) MDM (3rd party)
Operational Management
• Provisioning
• Cost management
• Inventory
Network Security
• Access control
• Block threats
• Stability
Device Security
• Password
• Remote wipe
• Configuration enforcement
• Detect rooted / jailbroken
• Containerization
Unified security management
User impact Transparent Lightweight Varies Varies
Price $ $$ $$$* $$$$
*Assumes that a portion of the mobile devices are enrolled in a 3rd party MDM
system and the rest are managed by ForeScout Mobile Security Module.

23. ForeScout MDM
Agility of the cloud for the pace of change in mobility
• Fast deployment
– Simple provisioning processes
– Intuitive user interface
• Effortless scalability
– Instantly turn up devices, users, apps
– Start small and easily expand up
• Automatic upgrades
– Continuous updates available instantly
– No ongoing maintenance
• Unmatched affordability
– Zero infrastructure needed
– All inclusive subscription price model

24. Unified Visibility

25. Why ForeScout

26. We Win Awards !
Secure Computing November 2012

27. The Holy Grail
Slide 27

28. Why Customers Choose ForeScout
• Easy to deploy
– Clientless
– No infrastructure changes
– Everything in a single appliance
• Rapid time to value
– Complete visibility in hours or days
• 100% coverage (no blind spots)
– Users, devices, systems, VMs, apps
• Extensive range of automated controls
– Transparent, gentle, or aggressive
• Works with every network without costly upgrades

29. Contacts
Primary Contacts
• John Hagerty – EMEA Sales Director
jhagerty@forescout.com +44 7739 732805
• Richard Cassidy – Senior EMEA SE
rcassidy@forescout.com +44 7834 336426
• Nikki Gagie – EMEA Inside Sales and Marketing
ngagie@forescout.com +44 1256 843633

30. Thank You