Your SlideShare is downloading. ×
0
© 2013 ForeScout Technologies, Page 1Wallace Sann | CISSP-ISSEP, CIPP/GDirector of Systems EngineeringComplete Visibility ...
© 2013 ForeScout Technologies, Page 2About ForeScoutForeScoutis the leading globalprovider of real-timenetwork securitysol...
© 2013 ForeScout Technologies, Page 3Over 1400 Enterprise DeploymentsAustrian Post AG
© 2013 ForeScout Technologies, Page 4ForeScout Offerings.ForeScout Automated SecurityForeScout Automated SecurityControl P...
© 2013 ForeScout Technologies, Page 5Access is more dynamic…Threat are broader, faster and morecomplex…?????????? ?????xxx...
© 2013 ForeScout Technologies, Page 6EndpointsNetworkDevicesApplicationsGovernment ResourcesHost config. issue…Unwanted ap...
© 2013 ForeScout Technologies, Page 7CounterACT: Continuous Monitoring & RemediationProven Platform for Real-time Visibili...
© 2013 ForeScout Technologies, Page 8PATCHMGMTVA ESMMDM/BYODePOLinux/Unix/MAC/Windows/iOS/Android/allapplicationsUsersComp...
© 2013 ForeScout Technologies, Page 9a. Port-control DISA-STIG adherence– Visibility and control without disrupting user e...
© 2013 ForeScout Technologies, Page 10ForeScout CounterACT Certified Integrationwith McAfee EPO & EPPEPOMcAfee ePO Integra...
© 2013 ForeScout Technologies, Page 11Enterprise Tool Sets - HBSSHBSSFrameworkImplementationstatus
© 2013 ForeScout Technologies, Page 12McAfee ESM IntegrationDLPOtherSourcesRoutersAV logs, system events Network eventsSec...
© 2013 ForeScout Technologies, Page 13ForeScout + McAfee = Wirespeed Incident ResponseMcAfee ESM Correlated Event, Trigger...
© 2013 ForeScout Technologies, Page 14Centralized Deployment
© 2013 ForeScout Technologies, Page 15Decentralized Deployment
© 2013 ForeScout Technologies, Page 16Enterprise Deployment
© 2013 ForeScout Technologies, Page 17Visibility then ControlRUNRUNWALKWALKCRAWLCRAWL• Deployment• Discovery• RBAC & admin...
© 2013 ForeScout Technologies, Page 18Continuous Compliance Case Study:Financial InstitutionBusiness Problem•No real-time ...
© 2013 ForeScout Technologies, Page 19Continuous Compliance, RemediationNAC Accelerates IT-GRC AutomationVisibility• Great...
© 2013 ForeScout Technologies, Page 20• Easy to use and deploy with Low TCOHybrid 802.1X/Agentless approach; works within ...
© 2013 ForeScout Technologies, Page 21Resources / Q&A• Learn more about ForeScout CounterActand McAfee-ForeScout Joint sol...
© 2013 ForeScout Technologies, Page 22Questions?
© 2013 ForeScout Technologies, Page 23CounterACT Product FamilyCTR CT- 100 CT- 1000 CT- 2000 CT- 4000 CT-10000ConcurrentDe...
Upcoming SlideShare
Loading in...5
×

Complete Visibility for Endpoint Compliance and SIEM Incident Response

969

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
969
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner, Inc. "Magic Quadrant for Network Access Control," Report G002129752, December 3, 2012, Lawrence Orans, John Pescatore ** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. ***Frost & Sullivan chart from 2012 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth ” Base year 2011, n-20
  • Brant Starts Here.
  • What’s it like in the real world? Can you describe a day in the life of the security manager and how they’ve applied this to their environment?
  • You’ve shared a lot of details today. Can you pull it all together and summarize the benefits of our joint solution for the audience?
  • Transcript of "Complete Visibility for Endpoint Compliance and SIEM Incident Response"

    1. 1. © 2013 ForeScout Technologies, Page 1Wallace Sann | CISSP-ISSEP, CIPP/GDirector of Systems EngineeringComplete Visibility for Endpoint Compliance and SIEM Incident ResponseApril 23, 2013
    2. 2. © 2013 ForeScout Technologies, Page 2About ForeScoutForeScoutis the leading globalprovider of real-timenetwork securitysolutions for Global2000 enterprises andgovernment agencies.Large Deployments• Financial institutions, government…• Scalability - 1M+ endpointsFederal Validation• NIAP CC EAL 4+• DISA UC APL• FIPS 140-2At a Glance• Founded in 2000, 160+ employees,HQ in Cupertino, CA• Global company, customers, support• Dominant independent vendor ofNetwork Access Control (NAC)• BYOD, endpoint compliance andcloud fueling growth*Magic Quadrant for Network AccessControl, December 2012, Gartner Inc.**Forrester Wave Network AccessControl, Q2-2011, Forrester Research***Analysis of the NAC Market,February 2012, Frost & Sullivan
    3. 3. © 2013 ForeScout Technologies, Page 3Over 1400 Enterprise DeploymentsAustrian Post AG
    4. 4. © 2013 ForeScout Technologies, Page 4ForeScout Offerings.ForeScout Automated SecurityForeScout Automated SecurityControl PlatformControl PlatformInteroperableInteroperableScalableScalableAgentlessAgentlessKnowledgebaseKnowledgebaseNetworkAccess ControlEndpointCompliance• Enable BYOD• Unified Visibility &Control• Dual Protection• Integrate MDMMobileSecurity• Find and fixsecurity gaps• Enterprise toolsetintegrations• Incident Response• Infrastructureagnostic• 802.1X, VLAN,ACL• Block unauthorizedusers and devices• Register guestVisibility• Clientless• Built-in profiling• HW/SW Inventory• Who, what, when,where
    5. 5. © 2013 ForeScout Technologies, Page 5Access is more dynamic…Threat are broader, faster and morecomplex…?????????? ?????xxxx?( ( ((XXX???Common Organizational Assumptionsa.Visibility on all network endpointsb.Managed all access to network resourcesc.Wireless security is uniformd.All host based protection is activee.Configurations are locked / trackedf.Logging is always maintainedg.Contractor access is limitedh.Preempt unwanted appsi.All data leakage monitoredj.BYOD is ok… guest network or MDMExtended Network & Dynamic Threats
    6. 6. © 2013 ForeScout Technologies, Page 6EndpointsNetworkDevicesApplicationsGovernment ResourcesHost config. issue…Unwanted application…Patch/ host securityagent not installed…Little Protection PossibleLittle Protection PossibleVisibleUsersNon-GFE?Protection PossibleProtection PossibleVisibility and Control Gaps
    7. 7. © 2013 ForeScout Technologies, Page 7CounterACT: Continuous Monitoring & RemediationProven Platform for Real-time Visibility and Automated ControlPort-based Enforcement[With or without 802.1x]Natively or with3rdparty IntegrationIncident ResponseCompliance DashboardCompleteVisibilityEnforcementRemediationMcAfee ESMHostInspection &McAfee ePODevice Discovery, Profiling[HW/SW USER LOC ...]Fully functional clientlessInterrogation ofendpointsContinuousMonitoringChallenge• Asset visibility• Access and threat dynamics• Endpoint and infrastructure diversity• Port authentication and control• STIG, IAVA and CCRI difficultySolution• Pre-admission user/deviceauthentication and authorization• Continuous endpoint diagnostics,posture assessment and mitigation• Port-based control and broad devicepolicy enforcement• Infrastructure agnostic, interoperable,scalable, works with enterprise tool sets
    8. 8. © 2013 ForeScout Technologies, Page 8PATCHMGMTVA ESMMDM/BYODePOLinux/Unix/MAC/Windows/iOS/Android/allapplicationsUsersComputersServersSwitchesPrintersVoIP DevicesUSB DevicesMobile DevicesAll Other DevicesPort Based Security andAuthentication with orwithout 802.1XASSETMGMTVPNDirectAccessBridge’s the Gap with Enterprise Tool Sets
    9. 9. © 2013 ForeScout Technologies, Page 9a. Port-control DISA-STIG adherence– Visibility and control without disrupting user experience– 802.1X & Non-802.1X control with assured rollouta. Independent verification and validation– Automate: detect, classify, report on all non-compliant devices– Reduce manual expense: ticketing, investigation and audita. Asset intelligence, HBSS Deployment, CCRI, IAVA– Dynamically see and resolve host agent, config. and security gaps– Rich integration: McAfee ePO, SIEM, data source …– Real time Situational Awareness of all endpoints connected to orattempting to connect to a DOD enclave Medical device detection, classification and isolationa. Personal and rogue device mitigation– Classify, block, limit mobile devices: Smartphone, tablet, WAP…– No CERT ticket issued, no manual response, full port controlForeScout CounterACT in ActionRapid implementation, accelerated time-to-value, automation
    10. 10. © 2013 ForeScout Technologies, Page 10ForeScout CounterACT Certified Integrationwith McAfee EPO & EPPEPOMcAfee ePO Integration• Certified integration with ePO• Rogue System Detection (RSD) sensor – network admission events• CounterACT real-time inspection informs ePO• Endpoint protection policy assurance• Fortifies HBSS compliance
    11. 11. © 2013 ForeScout Technologies, Page 11Enterprise Tool Sets - HBSSHBSSFrameworkImplementationstatus
    12. 12. © 2013 ForeScout Technologies, Page 12McAfee ESM IntegrationDLPOtherSourcesRoutersAV logs, system events Network eventsSecurityDevicesFW, IPS/IDS, VPN events Privacy violationsSIEMcorrelatesForeScoutinformation withinformation fromothersourcesandescalatesthreatlevel ofincidentswhen theend-pointis non-22d remediation action using ForeScout44ForeScouttakesremediationaction onendpoin551(who, what, where) and high-level (complianceoints to the SIEM11Database, App. events3ed compliance dashboards/reports3Endpoints + BYOD
    13. 13. © 2013 ForeScout Technologies, Page 13ForeScout + McAfee = Wirespeed Incident ResponseMcAfee ESM Correlated Event, Triggers CounterACT Response
    14. 14. © 2013 ForeScout Technologies, Page 14Centralized Deployment
    15. 15. © 2013 ForeScout Technologies, Page 15Decentralized Deployment
    16. 16. © 2013 ForeScout Technologies, Page 16Enterprise Deployment
    17. 17. © 2013 ForeScout Technologies, Page 17Visibility then ControlRUNRUNWALKWALKCRAWLCRAWL• Deployment• Discovery• RBAC & administration• HBSS client issues• 802.1X issues• A/V issues• IAVA scanning• Reporting/Notifications• Monitoring• Authentication• Remediation• Access Control• Integrate with ePO• Integrate with SEIM• Asset Management• Mobile policies• Block rogue device• Custom Scripts• Full enforcement• Actions from ePO• Actions from SEIM• Asset managementusing authentication• Adv custom scripts• Integrate with MDM• Integrate with otherGOTS & COTS productsImmediate ROIFlexible to meet Mission and Security RequirementsCoordination - Training - Documentation
    18. 18. © 2013 ForeScout Technologies, Page 18Continuous Compliance Case Study:Financial InstitutionBusiness Problem•No real-time network intelligence: who/where/what endpoints,users, AP•Material gap on endpoints and network devices compliance•No control over corrupted, inactive or non-existent endpointagents•Slow response: can’t quickly and easily identify, isolate andremediateMcAfee ESM/ePO•Dashboards; assets, violations, incidents, threats•Enterprise-wide policy, event correlation & log management•On-demand incident and compliance reporting per LOB•ESM corrected events trigger NAC to isolate or resolve issueForeScout CounterACT Network Access Control•Real-time visibility: all users / devices / apps / rogue devices•Asset profiles, access, violations and actions send to SIEM•Automated remediation of endpoint security and configuration agents•Works with existing McAfee ePO, ESM and endpoint protection productsBenefits• Enterprise threat visibility• Reduced business risk• More responsive security• Operational efficiency• Automated remediation• Endpoint compliance• Demonstrable GRC gainBenefits• Enterprise threat visibility• Reduced business risk• More responsive security• Operational efficiency• Automated remediation• Endpoint compliance• Demonstrable GRC gain
    19. 19. © 2013 ForeScout Technologies, Page 19Continuous Compliance, RemediationNAC Accelerates IT-GRC AutomationVisibility• Greater Threat Dynamicsand Response Impact• Requires full visibility inreal-time.• Network asset intelligence:Who, What, Where.Automation• Next-Gen NAC ClosesOperational Gaps• Automate authentication• Automate complianceverification andremediation• Automate access control.Interoperability• Demonstrable IT-GRCValue• Increases situationalawareness• Increases IT / securityresponsiveness• Effectuates GRC policy
    20. 20. © 2013 ForeScout Technologies, Page 20• Easy to use and deploy with Low TCOHybrid 802.1X/Agentless approach; works within existing/legacy environmentEasy, centralized administration; high availability, scalable, non-disruptive• Real-time situational awarenessAll users, devices, applications - infrastructure agnosticWired & wireless - managed & rogue - VMs, PC, mobile & embedded• Rapid results and time-to-valueBroad application: Comply to Connect, STIG,Command Cyber Readiness I(CCRI), IAVA, HBSS assurance• Flexible control with bi-direction intelligenceExtensible templates and controls with robustSIEM, HBSS, CMDB and directory integrationForeScout CounterACT Advantages
    21. 21. © 2013 ForeScout Technologies, Page 21Resources / Q&A• Learn more about ForeScout CounterActand McAfee-ForeScout Joint solutionshttp://www.forescout.com/support2/resources/ ForeScout, McAfee ESM solution brief ForeScout, McAfee ePO solution brief** The Forrester Wave™ is copyrighted by Forrester Research,Inc. Forrester and Forrester Wave™ are trademarks ofForrester Research, Inc. The Forrester Wave™ is a graphicalrepresentation of Forresters call on a market and is plottedusing a detailed spreadsheet with exposed scores, weightings,and comments. Forrester does not endorse any vendor,product, or service depicted in the Forrester Wave. Informationis based on best available resources. Opinions reflect judgmentat the time and are subject to change.***Frost & Sullivan chart from 2012market study Analysis of the NetworkAccess Control Market: EvolvingBusiness Practices and TechnologiesRejuvenate Market Growth” Baseyear 2011, n-20*This Magic Quadrant graphic was published by Gartner, Inc. as part of a largerresearch note and should be evaluated in the context of the entire report. TheGartner report is available upon request from ForeScout. Gartner does notendorse any vendor, product or service ]depicted in our research publications,and does not advise technology users to select only those vendors with thehighest ratings. Gartner research publications consist of the opinions of Gartnersresearch organization and should not be construed as statements of fact. Gartnerdisclaims all warranties, expressed or implied, with respect to this research,including any warranties of merchantability or fitness for a particular purpose.
    22. 22. © 2013 ForeScout Technologies, Page 22Questions?
    23. 23. © 2013 ForeScout Technologies, Page 23CounterACT Product FamilyCTR CT- 100 CT- 1000 CT- 2000 CT- 4000 CT-10000ConcurrentDevices100 500 1000 2500 4000 10000Bandwidth 100 Mbps 500 Mbps 1 Gbps 2 Gbps4 Gbps or10 Gbps4 Gbps or10 GbpsVLAN Support Unlimited Unlimited Unlimited Unlimited Unlimited UnlimitedVCTR VCT- 100 VCT- 1000 VCT- 2000 VCT- 4000 VCT- 10000ConcurrentDevices100 500 1000 2500 4000 10000CPU 1 2 2 2 4 10RAM/HDSpace1GB /80GB1.5GB /80GB2GB / 80GB 4GB / 80GB 6GB / 80GB 16GB/80GB
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×