© 2013 ForeScout Technologies, Page 1
Wallace Sann | CISSP-ISSEP, CIPP/G
Director of Systems Engineering
Complete Visibili...
© 2013 ForeScout Technologies, Page 2
About ForeScout
ForeScout
is the leading global
provider of real-time
network securi...
© 2013 ForeScout Technologies, Page 3
Over 1400 Enterprise Deployments
Austrian Post AG
© 2013 ForeScout Technologies, Page 4
ForeScout Offerings
.
ForeScout Automated SecurityForeScout Automated Security
Contr...
© 2013 ForeScout Technologies, Page 5
Access is more dynamic…
Threat are broader, faster and more
complex…
??
???
?
?
?
?
...
© 2013 ForeScout Technologies, Page 6
Endpoints
Network
Devices
Applications
Government Resources
Host config. issue…
Unwa...
© 2013 ForeScout Technologies, Page 7
CounterACT: Continuous Monitoring & Remediation
Proven Platform for Real-time Visibi...
© 2013 ForeScout Technologies, Page 8
PATCH
MGMT
VA ESM
MDM/BYO
D
ePO
Linux/Unix/MAC/
Windows/iOS/
Android/all
application...
© 2013 ForeScout Technologies, Page 9
a. Port-control DISA-STIG adherence
– Visibility and control without disrupting user...
© 2013 ForeScout Technologies, Page 10
ForeScout CounterACT Certified Integration
with McAfee EPO & EPP
EPO
McAfee ePO Int...
© 2013 ForeScout Technologies, Page 11
Enterprise Tool Sets - HBSS
HBSS
Framework
Implementation
status
© 2013 ForeScout Technologies, Page 12
McAfee ESM Integration
DLP
Other
Sources
Routers
AV logs, system events Network eve...
© 2013 ForeScout Technologies, Page 13
ForeScout + McAfee = Wirespeed Incident Response
McAfee ESM Correlated Event, Trigg...
© 2013 ForeScout Technologies, Page 14
Centralized Deployment
© 2013 ForeScout Technologies, Page 15
Decentralized Deployment
© 2013 ForeScout Technologies, Page 16
Enterprise Deployment
© 2013 ForeScout Technologies, Page 17
Visibility then Control
RUNRUNWALKWALKCRAWLCRAWL
• Deployment
• Discovery
• RBAC & ...
© 2013 ForeScout Technologies, Page 18
Continuous Compliance Case Study:
Financial Institution
Business Problem
•No real-t...
© 2013 ForeScout Technologies, Page 19
Continuous Compliance, Remediation
NAC Accelerates IT-GRC Automation
Visibility
• G...
© 2013 ForeScout Technologies, Page 20
• Easy to use and deploy with Low TCO
Hybrid 802.1X/Agentless approach; works withi...
© 2013 ForeScout Technologies, Page 21
Resources / Q&A
• Learn more about ForeScout CounterAct
and McAfee-ForeScout Joint ...
© 2013 ForeScout Technologies, Page 22
Questions?
© 2013 ForeScout Technologies, Page 23
CounterACT Product Family
CTR CT- 100 CT- 1000 CT- 2000 CT- 4000 CT-10000
Concurren...
Upcoming SlideShare
Loading in...5
×

Wallace Sann

815

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
815
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner, Inc. "Magic Quadrant for Network Access Control," Report G002129752, December 3, 2012, Lawrence Orans, John Pescatore
    ** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
    ***Frost & Sullivan chart from 2012 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Base year 2011, n-20
  • Brant Starts Here.
  • What’s it like in the real world? Can you describe a day in the life of the security manager and how they’ve applied this to their environment?
  • You’ve shared a lot of details today. Can you pull it all together and summarize the benefits of our joint solution for the audience?
  • Wallace Sann

    1. 1. © 2013 ForeScout Technologies, Page 1 Wallace Sann | CISSP-ISSEP, CIPP/G Director of Systems Engineering Complete Visibility for Endpoint Compliance and SIEM Incident Response April 23, 2013
    2. 2. © 2013 ForeScout Technologies, Page 2 About ForeScout ForeScout is the leading global provider of real-time network security solutions for Global 2000 enterprises and government agencies. Large Deployments • Financial institutions, government… • Scalability - 1M+ endpoints Federal Validation • NIAP CC EAL 4+ • DISA UC APL • FIPS 140-2 At a Glance • Founded in 2000, 160+ employees, HQ in Cupertino, CA • Global company, customers, support • Dominant independent vendor of Network Access Control (NAC) • BYOD, endpoint compliance and cloud fueling growth *Magic Quadrant for Network Access Control, December 2012, Gartner Inc. **Forrester Wave Network Access Control, Q2-2011, Forrester Research ***Analysis of the NAC Market, February 2012, Frost & Sullivan
    3. 3. © 2013 ForeScout Technologies, Page 3 Over 1400 Enterprise Deployments Austrian Post AG
    4. 4. © 2013 ForeScout Technologies, Page 4 ForeScout Offerings . ForeScout Automated SecurityForeScout Automated Security Control PlatformControl Platform InteroperableInteroperable ScalableScalableAgentlessAgentless KnowledgebaseKnowledgebase Network Access Control Endpoint Compliance • Enable BYOD • Unified Visibility & Control • Dual Protection • Integrate MDM Mobile Security • Find and fix security gaps • Enterprise toolset integrations • Incident Response • Infrastructure agnostic • 802.1X, VLAN, ACL • Block unauthorized users and devices • Register guest Visibility • Clientless • Built-in profiling • HW/SW Inventory • Who, what, when, where
    5. 5. © 2013 ForeScout Technologies, Page 5 Access is more dynamic… Threat are broader, faster and more complex… ?? ??? ? ? ? ? ? ? ? ? ? ? x x x x ? ( ( ( ( X X X ? ? ? Common Organizational Assumptions a.Visibility on all network endpoints b.Managed all access to network resources c.Wireless security is uniform d.All host based protection is active e.Configurations are locked / tracked f.Logging is always maintained g.Contractor access is limited h.Preempt unwanted apps i.All data leakage monitored j.BYOD is ok… guest network or MDM Extended Network & Dynamic Threats
    6. 6. © 2013 ForeScout Technologies, Page 6 Endpoints Network Devices Applications Government Resources Host config. issue… Unwanted application… Patch/ host security agent not installed… Little Protection PossibleLittle Protection PossibleVisible Users Non-GFE ? Protection PossibleProtection Possible Visibility and Control Gaps
    7. 7. © 2013 ForeScout Technologies, Page 7 CounterACT: Continuous Monitoring & Remediation Proven Platform for Real-time Visibility and Automated Control Port-based Enforcement [With or without 802.1x] Natively or with 3rd party Integration Incident Response Compliance Dashboard Complete Visibility EnforcementRemediation McAfee ESM Host Inspection & McAfee ePO Device Discovery, Profiling [HW/SW USER LOC ...] Fully functional clientless Interrogation of endpoints Continuous Monitoring Challenge • Asset visibility • Access and threat dynamics • Endpoint and infrastructure diversity • Port authentication and control • STIG, IAVA and CCRI difficulty Solution • Pre-admission user/device authentication and authorization • Continuous endpoint diagnostics, posture assessment and mitigation • Port-based control and broad device policy enforcement • Infrastructure agnostic, interoperable, scalable, works with enterprise tool sets
    8. 8. © 2013 ForeScout Technologies, Page 8 PATCH MGMT VA ESM MDM/BYO D ePO Linux/Unix/MAC/ Windows/iOS/ Android/all applications Users Computers Servers Switches Printers VoIP Devices USB Devices Mobile Devices All Other Devices Port Based Security and Authentication with or without 802.1X ASSET MGMT VPN Direct Access Bridge’s the Gap with Enterprise Tool Sets
    9. 9. © 2013 ForeScout Technologies, Page 9 a. Port-control DISA-STIG adherence – Visibility and control without disrupting user experience – 802.1X & Non-802.1X control with assured rollout a. Independent verification and validation – Automate: detect, classify, report on all non-compliant devices – Reduce manual expense: ticketing, investigation and audit a. Asset intelligence, HBSS Deployment, CCRI, IAVA – Dynamically see and resolve host agent, config. and security gaps – Rich integration: McAfee ePO, SIEM, data source … – Real time Situational Awareness of all endpoints connected to or attempting to connect to a DOD enclave  Medical device detection, classification and isolation a. Personal and rogue device mitigation – Classify, block, limit mobile devices: Smartphone, tablet, WAP… – No CERT ticket issued, no manual response, full port control ForeScout CounterACT in Action Rapid implementation, accelerated time-to-value, automation
    10. 10. © 2013 ForeScout Technologies, Page 10 ForeScout CounterACT Certified Integration with McAfee EPO & EPP EPO McAfee ePO Integration • Certified integration with ePO • Rogue System Detection (RSD) sensor – network admission events • CounterACT real-time inspection informs ePO • Endpoint protection policy assurance • Fortifies HBSS compliance
    11. 11. © 2013 ForeScout Technologies, Page 11 Enterprise Tool Sets - HBSS HBSS Framework Implementation status
    12. 12. © 2013 ForeScout Technologies, Page 12 McAfee ESM Integration DLP Other Sources Routers AV logs, system events Network events Security Devices FW, IPS/IDS, VPN events Privacy violations SIEM correlates ForeScout informati on with informati on from other sources and escalates threat level of incidents when the end-point is non- 2 2 d remediation action using ForeScout 4 4 Fore Scou t take s rem ediat ion actio n on end poin 5 5 1(who, what, where) and high-level (compliance oints to the SIEM 1 1 Database, App. events 3ed compliance dashboards/reports 3 Endpoints + BYOD
    13. 13. © 2013 ForeScout Technologies, Page 13 ForeScout + McAfee = Wirespeed Incident Response McAfee ESM Correlated Event, Triggers CounterACT Response
    14. 14. © 2013 ForeScout Technologies, Page 14 Centralized Deployment
    15. 15. © 2013 ForeScout Technologies, Page 15 Decentralized Deployment
    16. 16. © 2013 ForeScout Technologies, Page 16 Enterprise Deployment
    17. 17. © 2013 ForeScout Technologies, Page 17 Visibility then Control RUNRUNWALKWALKCRAWLCRAWL • Deployment • Discovery • RBAC & administration • HBSS client issues • 802.1X issues • A/V issues • IAVA scanning • Reporting/Notifications • Monitoring • Authentication • Remediation • Access Control • Integrate with ePO • Integrate with SEIM • Asset Management • Mobile policies • Block rogue device • Custom Scripts • Full enforcement • Actions from ePO • Actions from SEIM • Asset management using authentication • Adv custom scripts • Integrate with MDM • Integrate with other GOTS & COTS products Immediate ROI Flexible to meet Mission and Security Requirements Coordination - Training - Documentation
    18. 18. © 2013 ForeScout Technologies, Page 18 Continuous Compliance Case Study: Financial Institution Business Problem •No real-time network intelligence: who/where/what endpoints, users, AP •Material gap on endpoints and network devices compliance •No control over corrupted, inactive or non-existent endpoint agents •Slow response: can’t quickly and easily identify, isolate and remediate McAfee ESM/ePO •Dashboards; assets, violations, incidents, threats •Enterprise-wide policy, event correlation & log management •On-demand incident and compliance reporting per LOB •ESM corrected events trigger NAC to isolate or resolve issue ForeScout CounterACT Network Access Control •Real-time visibility: all users / devices / apps / rogue devices •Asset profiles, access, violations and actions send to SIEM •Automated remediation of endpoint security and configuration agents •Works with existing McAfee ePO, ESM and endpoint protection products Benefits • Enterprise threat visibility • Reduced business risk • More responsive security • Operational efficiency • Automated remediation • Endpoint compliance • Demonstrable GRC gain Benefits • Enterprise threat visibility • Reduced business risk • More responsive security • Operational efficiency • Automated remediation • Endpoint compliance • Demonstrable GRC gain
    19. 19. © 2013 ForeScout Technologies, Page 19 Continuous Compliance, Remediation NAC Accelerates IT-GRC Automation Visibility • Greater Threat Dynamics and Response Impact • Requires full visibility in real-time. • Network asset intelligence: Who, What, Where. Automation • Next-Gen NAC Closes Operational Gaps • Automate authentication • Automate compliance verification and remediation • Automate access control. Interoperability • Demonstrable IT-GRC Value • Increases situational awareness • Increases IT / security responsiveness • Effectuates GRC policy
    20. 20. © 2013 ForeScout Technologies, Page 20 • Easy to use and deploy with Low TCO Hybrid 802.1X/Agentless approach; works within existing/legacy environment Easy, centralized administration; high availability, scalable, non-disruptive • Real-time situational awareness All users, devices, applications - infrastructure agnostic Wired & wireless - managed & rogue - VMs, PC, mobile & embedded • Rapid results and time-to-value Broad application: Comply to Connect, STIG, Command Cyber Readiness I(CCRI), IAVA, HBSS assurance • Flexible control with bi-direction intelligence Extensible templates and controls with robust SIEM, HBSS, CMDB and directory integration ForeScout CounterACT Advantages
    21. 21. © 2013 ForeScout Technologies, Page 21 Resources / Q&A • Learn more about ForeScout CounterAct and McAfee-ForeScout Joint solutions http://www.forescout.com/support2/resources/  ForeScout, McAfee ESM solution brief  ForeScout, McAfee ePO solution brief ** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. ***Frost & Sullivan chart from 2012 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Base year 2011, n-20 *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service ]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
    22. 22. © 2013 ForeScout Technologies, Page 22 Questions?
    23. 23. © 2013 ForeScout Technologies, Page 23 CounterACT Product Family CTR CT- 100 CT- 1000 CT- 2000 CT- 4000 CT-10000 Concurrent Devices 100 500 1000 2500 4000 10000 Bandwidth 100 Mbps 500 Mbps 1 Gbps 2 Gbps 4 Gbps or 10 Gbps 4 Gbps or 10 Gbps VLAN Support Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited VCTR VCT- 100 VCT- 1000 VCT- 2000 VCT- 4000 VCT- 10000 Concurrent Devices 100 500 1000 2500 4000 10000 CPU 1 2 2 2 4 10 RAM/HD Space 1GB / 80GB 1.5GB / 80GB 2GB / 80GB 4GB / 80GB 6GB / 80GB 16GB/80GB
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×