Upload
andris-soroka
View
784
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.
Citation preview
John Hagerty – EMEA Sales Director
Automated Security Control
• Founded in 2000
• HQ Cupertino California, R&D Tel Aviv Israel
• 44% year-over-year growth
– Leading independent vendor of Network Access Control
– #2 market share behind Cisco
• Global deployments
– Multiple vertical industries
– Very large deployments (>200,000 endpoints)
• Global Support – ‗Follow the sun‘
ForeScout Overview
ForeScout is a leading provider of automated security
control solutions for Fortune 1000 enterprises and
government organizations.
Gartner Leader - December 2011
―Magic Quadrant for Network Access Control‖,
December 8, 2011; Lawrence Orans and
John Pescatore; Gartner, Inc.
• A consistent record of growing faster than the
NAC market, and proven ability to win large deals
• The highest visibility among pure-play NAC
vendors, particularly in the government and
financial sectors
• Strong marks for scalability, with some of the
largest active deployments of all vendors
• Clientless approach that eases the support for a
wide variety of endpoints, particularly in BYOD
environments
• Users continue to cite ease of deployment and
flexible enforcement methods as a primary
selection criteria
Customers and Their Requirements
The Challenge: Balance Access Agility With Security
• Employees, Guests,
Contractors
• Smartphones and
personal devices
• Wireless, wired,
VPN
• Data loss
• Zero-day attacks
and malware
• Endpoint integrity
• Regulations and
compliance
Security
Access
Agility
Requires real-time,
comprehensive
visibility
Requires real-time,
automated controls
Large Customers in Each Product Segment
• Total purchases: $9.8M - Network Access Control (NAC) Customer
• Primary use: Block unauthorized users (per DISA requirement)
• Secondary use: Enforce policies (no USB memory sticks, etc.)
• Total purchases: $3.8M - Threat Protection, Endpoint Compliance, and NAC Customer
• Primary use: Segment network (federated organization)
• Secondary use: Block attacks, remediate endpoints, register guests
• Total purchases: $1.2M - Mobile Security Customer
• Primary use: Protecting and managing mobile consumer device
• Total purchases: $4.6M - Endpoint Compliance Customer
• Primary use: Manage endpoint compliance
• Secondary use: Block unauthorized users
• Total purchases: $2.4M - Endpoint Compliance Mobile Security Customer
• Primary use: Visibility, compliance reporting and automated endpoint remediation
• Secondary use: Mobile security, enabling‖ Bring Your Own Computer to Work‖
CounterACT – How It Works
Visible Not Visible
Limited Visibility Means Security Gaps
ForeScout Comprehensive Visibility
Endpoints
Network Devices
Applications
Corporate Resources
Antivirus out of date
Firewall installed but turned off
Encryption agent not installed
Protection Possible No Protection Possible
Users
Non-Corporate
ForeScout Provides Visibility and Control
.
ForeScout Automated Security
Control Platform Interoperable
Scalable Agentless
Knowledgebase
Mobile
Control
Network
Access Control
Endpoint
Compliance
• Block intrusions
and worms
• Detect infected
machines
Threat
Control • Find and fix
security gaps
• Enforce policies
• Track violations
• Register guests
• Limit access
• Block unauthorized
users and rogue
devices
• Detect and report
on mobile devices
• Restrict access
How It Works
ForeScout
CounterACT
• Out of band
• Clientless
• One appliance
Deploy at the Core
( ( ( ( ( ( (
See Grant Fix Protect
• What type of device?
• Who owns it?
• Who is logged in?
• What applications?
ForeScout
CounterACT
See Grant Fix Protect
• Grant access
• Register guests
• Block access
• Restrict access
( ( ( ( ( ( (
ForeScout
CounterACT
See Grant Fix Protect
Email CRM Web
Guest
Employee
Guest
Sales
See Grant Fix Protect
• Remediate OS
• Fix security agents
• Fix configuration
• Start/stop applications
• Disable peripheral
ForeScout
CounterACT
Blocked Admission and Advised What is Out of Compliance
See Grant Fix Protect
• Detect unexpected behavior
• Block insider attack
• Block worms
• Block intrusions
ForeScout
CounterACT
See Grant Fix Protect
MOVE & DISABLE RESTRICT ACCESS ALERT & REMEDIATE
Deploy a Virtual Firewall around an infected
or non-compliant device
Reassign the device into a VLAN with
restricted access
Update access lists (ACLs) on switches,
firewalls and routers to restrict access
Automatically move device to a pre-
configured guest network
Open trouble ticket
Send email notification
SNMP Traps
Syslog
HTTP browser hijack
Auditable end-user acknowledgement
Self-remediation
Integrate with SMS, WSUS, SCCM,
Lumension, BigFix
Reassign device from production VLAN to
quarantine VLAN
Block access with 802.1X
Alter login credentials to block access
Block access with device authentication
Turn off switch port (802.1X or SNMP)
Terminate unauthorized applications
Disable peripheral device
ForeScout & the IT-GRC Framework
Switches & Routers
Network Devices
Endpoints
IT Network Services
Smart Phones & Tablets
Firewall & VPN
Endpoint Protection
Wireless
Mobile / BYOD / MDM
• Lot‘s of players in MDM market – See Gartner
• Customers want to the cost savings
• Users want the flexibility
• Customers requirements today are predominantly straight
forward :
– Protect the network in an ‗open‘ environment
– Posture checking
– Password requirements
– Malware concerns
– Remote wipe / control
What does the market want today ?
―Enterprises must be prepared to manage and secure a
wide range of devices, some of which they don't own.
Multiplatform MDM tools are one way to achieve this.‖
―No matter what [BYOD] strategy is selected, the ability to
detect when unmanaged devices are in use for business
purposes will be required — and that requires NAC.‖
Gartner Recommendations
Gartner, ―NAC Strategies for Supporting BYOD Environments‖,
22 December 2011, Lawrence Orans and John Pescatore
Gartner, ―Top 10 Mobile Technologies for 2012 and 2013‖, 14
February 2012, Nick Jones
ForeScout Solution Options
ForeScout CounterACT
ForeScout CounterACT
+ ForeScout Mobile
ForeScout CounterACT
+ ForeScout Mobile
+ MDM (3rd party)
MDM (3rd party)
Operational Management • Provisioning • Cost management • Inventory
Network Security • Access control • Block threats • Stability
Device Security • Password • Remote wipe • Configuration enforcement • Detect rooted / jailbroken • Containerization
Unified security management
User impact Transparent Lightweight Varies Varies
Price $ $$ $$$* $$$$
*Assumes that a portion of the mobile devices are enrolled in a 3rd party MDM
system and the rest are managed by ForeScout Mobile Security Module.
ForeScout MDM
• Fast deployment
– Simple provisioning processes
– Intuitive user interface
• Effortless scalability
– Instantly turn up devices, users, apps
– Start small and easily expand up
• Automatic upgrades
– Continuous updates available instantly
– No ongoing maintenance
• Unmatched affordability
– Zero infrastructure needed
– All inclusive subscription price model
Agility of the cloud for the pace of change in mobility
Unified Visibility
Why ForeScout
We Win Awards ! Secure Computing November 2012
Slide 27
The Holy Grail
• Easy to deploy
– Clientless
– No infrastructure changes
– Everything in a single appliance
• Rapid time to value
– Complete visibility in hours or days
• 100% coverage (no blind spots)
– Users, devices, systems, VMs, apps
• Extensive range of automated controls
– Transparent, gentle, or aggressive
• Works with every network without costly upgrades
Why Customers Choose ForeScout
Primary Contacts
• John Hagerty – EMEA Sales Director
[email protected] +44 7739 732805
• Richard Cassidy – Senior EMEA SE
[email protected] +44 7834 336426
• Nikki Gagie – EMEA Inside Sales and Marketing
[email protected] +44 1256 843633
Contacts
Thank You