Securing a Network: Forescout’s Core Capabilities
July 17, 2019
A problem that plagues organization’s capability to achieve complete endpoint protection is the inability to identify every device connected to the network. In other words, organizations struggle to achieve full visibility. To help solve that problem, Forescout Technologies revolutionized device visibility with a proven process attained through agentless visibility.
As discussed in this post, device visibility is essential to securing a network through detecting, inspecting, classifying and controlling any device or application that connects. This allows network admins to mitigate security risks and ensure that all devices on a network are not a threat or vulnerability. Traditionally, this was accomplished through installing security agents on a device. If an agent was not installed, then the network could not communicate with the device. As a result, rogue devices could navigate through the network undetected.
An added layer of complexity in endpoint protection is the expansion of networks. Networks are expanding virtually in data centers, cloud networks and there’s an ever-growing list of OT devices that are now communicating with business systems and are facing exposure like never before. Also, the frequency of devices joining and leaving the network makes it essential to accurately monitor them. These factors complied together are leaving organizations vulnerable to threats and attacks.
With the understanding of today’s network and device landscape in combination with the restriction of requiring security agents, Forescout set out to revolutionize the device visibility category – and did.
Today, Forescout can discover servers, desktops, laptops, tablets, smartphones, IoT devices, OT systems, network infrastructure components and rogue devices the instant they connect to the network – without agents installed. (see how one school discovered that a connected vending machine was the vulnerability)
The platform utilizes this approach to continuously monitor security posture. Forescout’s core capabilities are segmented into three categories: see, control and orchestrate.
‘See’ is the visibility component, in which there are three stages: discover, classify and assess. The discover stage concentrates on the admission event, identifying devices the instant they connect. The classify stage distinguishes the device type, ownership, applications and operating systems. Third, the assess stage focuses on compliance policies for authorized and rogue devices including antivirus agent status, patch management agent status, firewall status and network adapter.
‘Control’ is when actionable steps are taken based upon the insights gathered in the first stage. This includes notifying admins of security issues, complying to policies (for example, network segmentation) and restricting, blocking or quarantining compromised devices.
‘Orchestrate’ focuses on using the insights to inform management, and to automate common workflows across systems. This final step accelerates system-wide response to quickly mitigate risks.
Are you ready to see, control and orchestrate? Join the revolution and gain full visibility into your network with the Forescout platform.