DSS ITSEC Conference 2012 - Forescout NAC #1


Published on

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

DSS ITSEC Conference 2012 - Forescout NAC #1

  1. 1. Automated Security ControlJohn Hagerty – EMEA Sales Director
  2. 2. ForeScout OverviewForeScout is a leading provider of automated securitycontrol solutions for Fortune 1000 enterprises andgovernment organizations.• Founded in 2000• HQ Cupertino California, R&D Tel Aviv Israel• 44% year-over-year growth – Leading independent vendor of Network Access Control – #2 market share behind Cisco• Global deployments – Multiple vertical industries – Very large deployments (>200,000 endpoints)• Global Support – ‗Follow the sun‘
  3. 3. Gartner Leader - December 2011• A consistent record of growing faster than the ―Magic Quadrant for Network Access Control‖, December 8, 2011; Lawrence Orans and NAC market, and proven ability to win large deals John Pescatore; Gartner, Inc.• The highest visibility among pure-play NAC vendors, particularly in the government and financial sectors• Strong marks for scalability, with some of the largest active deployments of all vendors• Clientless approach that eases the support for a wide variety of endpoints, particularly in BYOD environments• Users continue to cite ease of deployment and flexible enforcement methods as a primary selection criteria
  4. 4. Customers and Their Requirements
  5. 5. The Challenge: Balance Access Agility With Security• Employees, Guests, • Data loss Contractors Security • Zero-day attacks• Smartphones and and malware personal devices • Endpoint integrity• Wireless, wired, • Regulations and VPN Access compliance AgilityRequires real-time, Requires real-time, comprehensive automated controls visibility
  6. 6. Large Customers in Each Product Segment • Total purchases: $4.6M - Endpoint Compliance Customer • Primary use: Manage endpoint compliance • Secondary use: Block unauthorized users • Total purchases: $9.8M - Network Access Control (NAC) Customer • Primary use: Block unauthorized users (per DISA requirement) • Secondary use: Enforce policies (no USB memory sticks, etc.) • Total purchases: $2.4M - Endpoint Compliance Mobile Security Customer • Primary use: Visibility, compliance reporting and automated endpoint remediation • Secondary use: Mobile security, enabling‖ Bring Your Own Computer to Work‖ • Total purchases: $3.8M - Threat Protection, Endpoint Compliance, and NAC Customer • Primary use: Segment network (federated organization) • Secondary use: Block attacks, remediate endpoints, register guests • Total purchases: $1.2M - Mobile Security Customer • Primary use: Protecting and managing mobile consumer device
  7. 7. CounterACT – How It Works
  8. 8. Limited Visibility Means Security Gaps Corporate Resources Non-Corporate EndpointsNetwork Devices Antivirus out of date Applications Firewall installed but turned off Encryption agent not installed Users ForeScout Comprehensive Visibility Protection Possible Visible No Protection Possible Not Visible
  9. 9. ForeScout Provides Visibility and Control Network Endpoint Mobile Access Control Compliance Threat Control • Register guests • Find and fix Control • Limit access security gaps • Detect and report • Block unauthorized • Enforce policies • Block intrusions on mobile devices users and rogue • Track violations and worms • Restrict access devices • Detect infected machines Agentless Scalable ForeScout Automated Security Control Platform Knowledgebase . Interoperable
  10. 10. How It Works• Out of band Deploy at the Core ForeScout• Clientless CounterACT• One appliance
  11. 11. See Grant Fix Protect ForeScout • What type of device? CounterACT • Who owns it? • Who is logged in? • What applications?(((((((
  12. 12. See Grant Fix Protect ForeScout • Grant access CounterACT • Register guests • Block access • Restrict access(((((((
  13. 13. See Grant Fix Protect Web Email CRM Sales Employee Guest
  14. 14. See Grant Fix Protect ForeScout• Remediate OS CounterACT• Fix security agents• Fix configuration• Start/stop applications• Disable peripheral
  15. 15. Blocked Admission and Advised What isOut of Compliance
  16. 16. See Grant Fix Protect ForeScout• Detect unexpected behavior CounterACT• Block insider attack• Block worms• Block intrusions
  17. 17. See Grant Fix Protect ALERT & REMEDIATE RESTRICT ACCESS MOVE & DISABLEOpen trouble ticket Deploy a Virtual Firewall around an infected Reassign device from production VLAN to or non-compliant device quarantine VLANSend email notification Block access with 802.1XSNMP Traps Reassign the device into a VLAN with Alter login credentials to block access restricted accessSyslog Block access with device authenticationHTTP browser hijack Update access lists (ACLs) on switches, Turn off switch port (802.1X or SNMP)Auditable end-user acknowledgement firewalls and routers to restrict access Terminate unauthorized applicationsSelf-remediation Automatically move device to a pre-Integrate with SMS, WSUS, SCCM, configured guest network Disable peripheral deviceLumension, BigFix
  18. 18. ForeScout & the IT-GRC FrameworkSwitches & Routers Endpoint Protection Endpoints Firewall & VPNWireless IT Network ServicesNetwork Devices Smart Phones & Tablets
  19. 19. Mobile / BYOD / MDM
  20. 20. What does the market want today ?• Lot‘s of players in MDM market – See Gartner• Customers want to the cost savings• Users want the flexibility• Customers requirements today are predominantly straight forward : – Protect the network in an ‗open‘ environment – Posture checking – Password requirements – Malware concerns – Remote wipe / control
  21. 21. Gartner Recommendations―Enterprises must be prepared to manage and secure a wide range of devices, some of which they dont own. Multiplatform MDM tools are one way to achieve this.‖ Gartner, ―Top 10 Mobile Technologies for 2012 and 2013‖, 14 February 2012, Nick Jones ―No matter what [BYOD] strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required — and that requires NAC.‖ Gartner, ―NAC Strategies for Supporting BYOD Environments‖, 22 December 2011, Lawrence Orans and John Pescatore
  22. 22. ForeScout Solution Options ForeScout ForeScout ForeScout CounterACT CounterACT CounterACT + + ForeScout Mobile ForeScout Mobile + MDM (3rd party) MDM (3rd party)Operational Management• Provisioning• Cost management• InventoryNetwork Security• Access control• Block threats• StabilityDevice Security• Password• Remote wipe• Configuration enforcement• Detect rooted / jailbroken• ContainerizationUnified security managementUser impact Transparent Lightweight Varies VariesPrice $ $$ $$$* $$$$ *Assumes that a portion of the mobile devices are enrolled in a 3rd party MDM system and the rest are managed by ForeScout Mobile Security Module.
  23. 23. ForeScout MDMAgility of the cloud for the pace of change in mobility• Fast deployment – Simple provisioning processes – Intuitive user interface• Effortless scalability – Instantly turn up devices, users, apps – Start small and easily expand up• Automatic upgrades – Continuous updates available instantly – No ongoing maintenance• Unmatched affordability – Zero infrastructure needed – All inclusive subscription price model
  24. 24. Unified Visibility
  25. 25. Why ForeScout
  26. 26. We Win Awards !Secure Computing November 2012
  27. 27. The Holy GrailSlide 27
  28. 28. Why Customers Choose ForeScout• Easy to deploy – Clientless – No infrastructure changes – Everything in a single appliance• Rapid time to value – Complete visibility in hours or days• 100% coverage (no blind spots) – Users, devices, systems, VMs, apps• Extensive range of automated controls – Transparent, gentle, or aggressive• Works with every network without costly upgrades
  29. 29. ContactsPrimary Contacts• John Hagerty – EMEA Sales Director jhagerty@forescout.com +44 7739 732805• Richard Cassidy – Senior EMEA SE rcassidy@forescout.com +44 7834 336426• Nikki Gagie – EMEA Inside Sales and Marketing ngagie@forescout.com +44 1256 843633
  30. 30. Thank You