Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Throughwave Day 2015 - ForeScout Automated Security Control

4,001 views

Published on

สไลด์จากงาน Throughwave Day 2015 สำหรับผู้ที่สนใจสามารถติดต่อได้ที่โทร 02-210-0969 หรืออีเมลล์ info@throughwave.co.th

Published in: Technology
  • Be the first to comment

Throughwave Day 2015 - ForeScout Automated Security Control

  1. 1. Phatchara Maichandi Presales Engineer Throughwave (Thailand) Co., Ltd.
  2. 2. © 2014 ForeScoutTechnologies, Page 2 • Enterprise Security Trend • ForeScout Capabilities • ForeScout Integration • BYOD Security • Case Studies • Conclusion
  3. 3. © 2014 ForeScoutTechnologies, Page 3
  4. 4. © 2014 ForeScoutTechnologies, Page 4 Corporate Resources Antivirusout ofdate Unauthorizedapplication Agents not installedor not running Endpoints VM VM VM VM VM VM VM VM VM VM VM Non-corporate VM Users Applications Network Devices
  5. 5. © 2014 ForeScoutTechnologies, Page 5
  6. 6. © 2014 ForeScoutTechnologies, Page 6
  7. 7. © 2014 ForeScoutTechnologies, Page 7
  8. 8. © 2014 ForeScoutTechnologies, Page 8 • Complex architecture • Requires reconfiguration and upgrade of existing switches • Requires installation of endpoint agents • Requires 802.1X • Long drawn-out implementations • Brittle, prone to disruption and breakage Outdated NAC
  9. 9. © 2014 ForeScoutTechnologies, Page 9 Fast and easy deployment – No infrastructure changes or network upgrades – No need for endpoint agents – 802.1X is optional – Integrated appliance (physical or virtual) Streamline and automate existing IT processes – Guest registration – MDM enrollment – BYOD onboarding – Asset intelligence Shift away from restrictive allow-or-deny policies – Flexible controls, based on user and device context – Preserve user experience Integrate with other IT systems – Break down information silos – Reduce window of vulnerability by automating controls & actions
  10. 10. © 2014 ForeScoutTechnologies, Page 10
  11. 11. © 2014 ForeScoutTechnologies, Page 11 Strong Foundation Market Leadership Enterprise Deployments #1 • In business 13 years • Campbell, CA headquarters • 200+ global channel partners • Independent Network Access Control (NAC) Market Leader • Focus: Pervasive Network Security • 1,800+ customers worldwide • Financial services, government, healthcare, manufacturing, retail, education • From 100 to >1M endpoints • From 62 countries around the world
  12. 12. © 2014 ForeScoutTechnologies, Page 12 *Magic Quadrant for Network Access Control, December 2014, Gartner Inc. *This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner "Magic Quadrant for Network Access Control,” Lawrence Orans and Claudio Neiva, December 10, 2014.
  13. 13. © 2014 ForeScoutTechnologies, Page 13 Device type, owner, login, location Applications, security profile Captures transient users and devices Real-time Intelligence
  14. 14. © 2014 ForeScoutTechnologies, Page 14 Device and user- specific policies Mitigate OS, configuration and security risks Start/stop applications and disable peripherals Real-time Intelligence Granular Controls
  15. 15. © 2014 ForeScoutTechnologies, Page 15 Real-time Intelligence Granular Controls Information Sharing and Automation Bi-directional information exchange Automated mitigation and control Enhanced collaboration
  16. 16. © 2014 ForeScoutTechnologies, Page 16 See Grant Fix Protect Who and what are on your network? Allow, limit or block network access Remediate Endpoint Systems Block internal attack
  17. 17. © 2014 ForeScoutTechnologies, Page 17
  18. 18. © 2014 ForeScoutTechnologies, Page 18 Who are you? Who owns your device? What type of device? What is the device hygiene? • Employee • Partner • Contractor • Guest • Corporate • BYOD • Rogue • Windows, Mac • iOS, Android • VM • Non-user devices • Configuration • Software • Services • Patches • Security Agents • Switch • Controller • VPN • Port, SSID • IP, MAC • VLAN Where/how are you connecting?
  19. 19. © 2014 ForeScoutTechnologies, Page 19 Dynamic and Multi-faceted DHCP REQUESTS AD, LDAP, RADIUS SERVER AGENT ACTIVE DIRECTORY MIRROR TRAFFIC NMAP SCAN
  20. 20. © 2014 ForeScoutTechnologies, Page 20 Complete Situational Awareness
  21. 21. © 2014 ForeScoutTechnologies, Page 21 Complete Situational Awareness Compliance Problems: Agents, Apps, Vulnerabilities, Configurations See Devices: Managed, Unmanaged, Wired, Wireless, PC, Mobile…
  22. 22. © 2014 ForeScoutTechnologies, Page 22 Complete Situational Awareness Filter Information By: Business Unit, Location, Device Type…
  23. 23. © 2014 ForeScoutTechnologies, Page 23 Complete Situational Awareness See Device Details: What, Where, Who, Security Posture…
  24. 24. © 2014 ForeScoutTechnologies, Page 24 Complete Situational Awareness Site Summary: Devices, Policy Violations…
  25. 25. © 2014 ForeScoutTechnologies, Page 25
  26. 26. © 2014 ForeScoutTechnologies, Page 26 Modest Strong Open trouble ticket Send email notification SNMP Traps Start application Run script Auditable end-user acknowledgement Send information to external systems such as SIEM etc. HTTP browser hijack Deploy a virtual firewall around the device Reassign the device to a VLAN with restricted access Update access lists (ACLs) on switches, firewalls and routers to restrict access DNS hijack (captive portal) Automatically move device to a pre- configured guest network Trigger external controls such as endpoint protection, VA etc. Move device to quarantine VLAN Block access with 802.1X Alter login credentials to block access, VPN block Block access with device authentication Turn off switch port (802.1X, SNMP) Install/update agents, trigger external remediation systems Wi-Fi port block Alert / Allow Trigger / Limit Remediate / Block
  27. 27. © 2014 ForeScoutTechnologies, Page 27 • Visibility of corporate and personal devices • Network Access Control – Identify who, what, where, when, configuration, security posture • Flexible policy controls – Register guests – Grant access (none, limited, full) – Enforce time of day, connection type, device type controls • Block unauthorized devices from the network EMPLOYEE CONTRACTOR GUEST UNAUTHORIZED WEB EMAIL CRM
  28. 28. © 2014 ForeScoutTechnologies, Page 28 User Type Limited Internal Access Authenticate via Contractor Credentials BYOD Posture Check Contractor/PartnerGuest Internet Access Guest Registration Sponsor Authorization Personal Device Corporate Asset Authenticate via Corporate Credentials BYOD Posture Check Internal Access Corporate Asset Posture Check Employee
  29. 29. © 2014 ForeScoutTechnologies, Page 29
  30. 30. © 2014 ForeScoutTechnologies, Page 30 CORE SWITCHES ACTIVE DIRECTORY SCCM ENDPOINT PROTECTION SIEM VA MDM ATD DATACENTER REMOTE USERS VPN CONCENTRATOR COUNTERACT ENTERPRISE MANAGER SERVERFARM
  31. 31. © 2014 ForeScoutTechnologies, Page 31 DATACENTER REMOTE USERS VPN CONCENTRATOR ACTIVE DIRECTORY SCCM ENDPOINT PROTECTION SIEM VA MDM ATD COUNTERACT ENTERPRISE MANAGER CORE SWITCHES SERVERFARM
  32. 32. © 2014 ForeScoutTechnologies, Page 32 CORE SWITCHES DATACENTER REMOTE USERS VPN CONCENTRATOR COUNTERACT ENTERPRISE MANAGER ACTIVE DIRECTORY SCCM ENDPOINT PROTECTION SIEM VA MDM ATD CounterACT Deployed at the Core Layer Management Port Mirror Traffic
  33. 33. © 2014 ForeScoutTechnologies, Page 33
  34. 34. © 2014 ForeScoutTechnologies, Page 34 Switches & Routers Network Devices Endpoints IT Network Services Wireless Firewall & VPN Endpoint & APT Protection Vulnerability Assessment SIEM/GRC MDM
  35. 35. © 2014 ForeScoutTechnologies, Page 35
  36. 36. © 2014 ForeScoutTechnologies, Page 36 • Visibility of all devices, unmanaged & rogue • Does not require agents • Automate agent installation, activation, update • Quarantine and remediate • Bi-directional integration – Endpoint protection – Vulnerability Assessment – Advanced Threat Detection – Patch management ForeScout
  37. 37. © 2014 ForeScoutTechnologies, Page 37 • ForeScout sends both low-level (who, what, where) and high-level (compliance status) information about endpoints to SIEM • SIEM correlates ForeScout information with information from other sources and identifies risks posed by infected, malicious or high-risk endpoints • SIEM initiates automated risk mitigation using ForeScout • ForeScout takes risk mitigation action on endpoint SIEM Real-time Info Correlate, Identify Risks Initiate Mitigation Remediate Quarantine
  38. 38. © 2014 ForeScoutTechnologies, Page 38 Initiate Scan Scan Scan Results Connect Blockor Allow EndpointSwitch Vulnerability Assessment System
  39. 39. © 2014 ForeScoutTechnologies, Page 39 Visibility • Detection of virtual machines that are located in the wrong zone (e.g. port group) • Detection of virtual machines that lack an up-to-date version of VMware tools • Detection of peripheral devices (e.g. a physical USB drive) connected to a virtual machine • Detection of the hardware associated with each virtual machine • Detection of the guest operating system running on each virtual machine
  40. 40. © 2014 ForeScoutTechnologies, Page 40 VMware vSphere VMware vSphere VMware vSphere VMware vCenter Server Manage vSphere Distributed Switch VMware Plugins Mirror Traffic
  41. 41. © 2014 ForeScoutTechnologies, Page 41 Core Switch Virtual Environment Server Virtualization Virtual Desktop Infrastructure Endpoint • Mobile Phone • Laptop • PC Desktop • Printer • VOIP Thin Client Policy for Virtual Policy for Physical Desktop Policy for Thin Client ForeScout
  42. 42. © 2014 ForeScoutTechnologies, Page 43 Web Services API LDAPSQL
  43. 43. © 2014 ForeScoutTechnologies, Page 44
  44. 44. © 2014 ForeScoutTechnologies, Page 45 • Mobility and BYOD are transforming the enterprise – Mobile device adoption and diversity has exploded – Enterprise perimeter becoming more open and extended – Over 60% of employees use a personal device for work1 – Capabilities of consumer technology meet or exceed the features of IT-supplied assets – Employees can purchase and use mobile technology faster than IT adoption cycles 1 Gartner, “Bring Your Own Device: The Facts and the Future”, April 2013, David A. Willis 1
  45. 45. © 2014 ForeScoutTechnologies, Page 46 Secure the Device Secure the Data Secure the Network • Secure configuration • Enforce passwords • Control user actions • Manage content & apps • Protect privacy • Remote wiping Mobile Device Management (MDM) • What is on my network? • Control access • Enforce security posture MDM + MCM + VDI Next-Generation Network Access Control (NAC)
  46. 46. © 2014 ForeScoutTechnologies, Page 47 • 100% visibility of all mobile devices, including those not yet enrolled in the MDM system • Prevent unauthorized devices from accessing the network. • More highly automated MDM enrollment process • Real-time security posture assessment upon network connection • Unified compliance reporting of all network devices – Windows, Mac, phones, tablets, etc. ForeScout CounterACT
  47. 47. © 2014 ForeScoutTechnologies, Page 48 ) ) ) ) ) ) )  ?  – Device connects to network  Classify by type  Check for mobile agent – If agent is missing  Quarantine device  Install mobile agent (HTTP Redirect) – Once agent is activated  Check compliance  Allow policy-based access  Continue monitoring Enterprise Network MDM MDM 1 2 3 Device can access to internal server ForeScout CounterACT
  48. 48. © 2014 ForeScoutTechnologies, Page 49 Device-based control Network-based control Enterprise App Mgmt (Distribution, Config) Inventory Management Device Management (App Inventory, Remote Wipe, etc.) Policy Compliance (Jailbreak detection, PIN lock, etc.) Secure Data Containers Guest Registration Network Access Control (Wireless, Wired, VPN) Cert + Supplicant Provisioning Mobile + PC Network Threat Prevention Visibility of Unmanaged Devices
  49. 49. © 2014 ForeScoutTechnologies, Page 50
  50. 50. © 2014 ForeScoutTechnologies, Page 51 ต้องการระบบ Authentication สําหรับพนักงาน ภายในองค์กรทั้งหมด โดยสามารถทําได้ทั้ง ระบบ Wired และ Wireless ภายในอุปกรณ์ชุด เดียว • User ทําการ Authenticationผ่าน ForeScout • ทํา MAC Authenticationให้กับผู้บริหาร • ตรวจสอบ Antivirus Compliance (Installed/Running) • ส่ง HTTP Notification แจ้งเตือนเครื่องที่ไม่ติดตั้ง Antivirus
  51. 51. © 2014 ForeScoutTechnologies, Page 52 ต้องการระบบ Authentication และระบบ Hardware/Software Inventory ภายในอุปกรณ์ชุด เดียว • ทําระบบ BYOD • User ทําการ Authentication ผ่าน ForeScout • ใช้งานร่วมกับระบบ MDM • ตรวจสอบ Endpoint Compliance • Threat Prevention • ประกาศข่าวสารผ่าน HTTP Notification
  52. 52. © 2014 ForeScoutTechnologies, Page 53
  53. 53. © 2014 ForeScoutTechnologies, Page 54 Corporate Resources Endpoints VM VM VM VM VM VM VM VM VM VM VM Non-corporate VM Users Applications Network Devices Antivirusout ofdate Unauthorizedapplication Agents not installedor not running ForeScout Continuous Monitoring and Mitigation
  54. 54. © 2014 ForeScoutTechnologies, Page 55 Endpoint Mitigation Endpoint Authentication & Inspection Network Enforcement Information Integration Continuous Visibility
  55. 55. © 2014 ForeScoutTechnologies, Page 56 Fast and easy to deploy Infrastructure Agnostic Flexible and Customizable Agentless and non-disruptive Scalable, no re-architecting Works with mixed, legacy environment Avoid vendor lock-in Optimized for diversity and BYOD Supports open integration standards
  56. 56. © 2014 ForeScoutTechnologies, Page 57 SUITE OF PACKAGED SOFTWARE INTEGRATION MODULES Vulnerability Assessment Advance Threat Detection SIEM (Bi-directional) MDM McAfee ePO Open (CustomerDevelopment) FAMILY OF APPLIANCE MANAGERS Asingle appliance to handle up to # of ForeScout appliances 5 10 25 50 100 150 200 Virtual appliances are also available. FAMILY OF APPLIANCES Asingle appliance to handle up to # of endpoints Endpoints 100 500 1,000 2,500 4,000 10,000 Virtual appliances are also available.
  57. 57. © 2014 ForeScoutTechnologies, Page 58 Choose ForeScout when you need… • Hardware & Software Inventory • Network Access Control • BYOD Security • Guest Networking • Endpoint Compliance • Threat Prevention CT- 4000 CT-R CT-100 CT-1000 CT-2000

×