Upload
vuongthuan
View
221
Download
2
Embed Size (px)
Citation preview
© 2013 ForeScout Technologies, Page 1 ForeScout Confidential
Scott Gordon (CISSP-ISSMP), Chief Marketing Officer
ForeScout Technologies — Pervasive Network Security
May, 2013
Realizing Continuous Compliance
© 2013 ForeScout Technologies, Page 2 ForeScout Confidential
About ForeScout
ForeScout is the leading global provider of pervasive network security solutions for Global
2000 enterprises and government organizations.
• Independent Network Access
Control (NAC) market leader
Foundation
• 1400+ global implementations
• Financial services, government,
healthcare, manufacturing,
retail, education…
• Cupertino HQ, 185 employees
• 200+ global channel partners
Enterprise Deployments Market Leadership
**NAC Competitive Landscape
April 2013, Frost&Sullivan ForeScout
*Magic Quadrant for Network Access
Control, December 2012, Gartner Inc.
ForeScout Technologies
© 2013 ForeScout Technologies, Page 3 ForeScout Confidential
4 Converging Trends Affecting InfoSec Effectiveness
© 2013 ForeScout Technologies, Page 4 ForeScout Confidential
Increasing Security, Risk Management Costs
Resources
Remediation
Incident
Investigation,
Response
Reputation
Loss,
Defense
Operations
Prevention
$ $ $
$
$
$
© 2013 ForeScout Technologies, Page 5 ForeScout Confidential
Increasing Compliance Mandates, Reduced Impact on Operational Results
Incidents and Violations
Security Expenditure Variance
© 2013 ForeScout Technologies, Page 6 ForeScout Confidential
?
?
?
x x
? ?
Exploding Network Access and Threat Dynamics
? X
X
? ?
?
?
?
?
X
?
© 2013 ForeScout Technologies, Page 7 ForeScout Confidential
Disruptive IT Consumerization
App Stores and Web Apps
Diverse
Device
OS
Standards
Mobile
Apps
Personal and Mobile Devices
© 2013 ForeScout Technologies, Page 8 ForeScout Confidential
The Enterprise Challenge Accessibility Without Compromising Access and Endpoint Protection
• Demand for pervasive network
resource and data accessibility
• 20% of infrastructure is
unknown, invisible
• Up to 50% of endpoints are
non-compliant
• IT consumerization
“Endpoint baselining scans reveal that many
endpoints (up to 50%) are noncompliant…“
Gartner
“…enterprise perimeter is becoming more open and
extended...“
IDC
“Enterprises are only aware of 80% of the devices on
their networks.
Gartner
“NAC Strategies for Supporting BYOD Environments”, 22 December 2011, document G00226204
Gartner report - “Bring Your Own Device: The Facts and the Future, Gartner, May, 2013, David Willis
“ Architecting a Flexible Strategy for Securing Enterprise Bring Your Own Device (BYOD) ” IDC #233664, June 2012,
“By 2017, 50% of employers will require employees
to bring their own device to the workplace.
Gartner
© 2013 ForeScout Technologies, Page 9 ForeScout Confidential
Don’t Worry - Innovate
© 2013 ForeScout Technologies, Page 10 ForeScout Confidential
Impact of Access, Network and Threat Dynamics
Question: Can you accurately answer how many wired or
wireless devices are on your network?
Assuming you could, would you know how many are:
Are in violation:
• OS Patches
• Host-based security
Antivirus, Encryption, DLP…
• Unwanted software
IM, P2P, unlicensed…
• Configuration management
• Manageable
• Unmanageable
• Guests
• Unknown
• Misconfigured
• Vulnerable
• Windows
• Linux/Unix
• Mac
• Hand Held
• Printers
• VoIP
• Networking
…etc
© 2013 ForeScout Technologies, Page 11 ForeScout Confidential
Technology that identifies users and network-attached devices and
automatically enforces security policy.
What is Network Access Control (NAC)?
Limit Resolve
© 2013 ForeScout Technologies, Page 12 ForeScout Confidential
NAC Expanding Value Proposition
Endpoints
Network Devices
Applications
Users
Non-Corporate/BYOD
No Protection Possible
Corporate Resources
NAC Real-time Visibility and Automated Control
Unwanted application…
Not Visible
Antivirus out of date…
Encryption, DLP or Sys.Mgmt.
agent not installed / running
?
Protection Possible
Visible
© 2013 ForeScout Technologies, Page 13 ForeScout Confidential
Pervasive Network Security Platform Continuous Visibility, Monitoring and Remediation
Allow, Block, Limit, Alert, Inform
User-guided, Automated, via External System
Alert, Report, Bi-directional Intelligence
Continuous
Visibility
Network
Enforcement
Endpoint
Remediation
Information
Integration
Endpoint
Authentication &
Inspection
Device Discovery, Profiling
Security Posture, Control Validation
Pervasive
Network
Security
© 2013 ForeScout Technologies, Page 14 ForeScout Confidential
Pervasive Network Security Platform Complete Visibility, Control and Automation
Continuous
Monitoring &
Mitigation
Allow, Block, Limit, Alert, Inform
User-guided, Automated, via External System
Alert, Report, Bi-directional Intelligence
Continuous
Visibility
Network
Enforcement
Endpoint
Remediation
Information
Integration
Endpoint
Authentication
& Inspection
Device Discovery, Profiling
Security Posture, Control Validation
Pervasive
Network
Security
© 2013 ForeScout Technologies, Page 15 ForeScout Confidential
Gain Unprecedented Visibility, Control, Automation
See All devices:
Managed, Rogue,
Wired, Wireless,
PC, Mobile…
Filter By:
Business Unit,
Network, Issue,
Device Types…
Instant Intelligence:
Who, What, Where,
When, Security
Posture…
Instant Status:
Devices, Policy
Violations…
Granular, Extensible
Policies, Automated
Enforcement
© 2013 ForeScout Technologies, Page 16 ForeScout Confidential
Endpoint Intelligence and Compliance
NextGen NAC
• 100% visibility of all devices,
including unmanaged and
rogue devices
• Higher levels of endpoint
compliance
• Automate the installation,
activation and update of
endpoint agents
• Control network access
• Identify and block malicious
network behavior
© 2013 ForeScout Technologies, Page 17 ForeScout Confidential
Complete Asset Intelligence
© 2013 ForeScout Technologies, Page 18 ForeScout Confidential
Policy-Based Endpoint Profiling
© 2013 ForeScout Technologies, Page 19 ForeScout Confidential
Operational Integration
• Complete, accurate asset
intelligence
• 100% visibility of endpoint risks,
e.g. rogue, unmanaged devices
• Send intelligence to external
systems, external systems can
leverage CounterACT response
• Faster, more automated
mitigation of security issues
• Full guest &contractor mgmt.
• Cost savings due to automation NextGen NAC
© 2013 ForeScout Technologies, Page 20 ForeScout Confidential
Leveraging CounterACT Interoperability
McAfee ePO Integration
• Certified integration with ePO
• Endpoint protection policy assurance
• CounterACT real-time inspection informs ePO
• Fortifies HBSS compliance
McAfee ESM integration
• CounterACT sends access, violations and action events to SIEM
• CounterACT to send endpoint intelligence to McAfee ESM
• CounterACT enforcement based on McAfee ESM correlated data
ePO
© 2013 ForeScout Technologies, Page 21 ForeScout Confidential
SIEM Integration with NAC SIEM Correlated Event Triggers CounterACT Response
© 2013 ForeScout Technologies, Page 22 ForeScout Confidential
BYOD Disruption Compounds Security Challenges
“78% say there are more than twice as many personal devices connecting to
corporate networks now than compared to two years ago.”
Dimension Research
Less Control Over
Applications
Devices,
Mobile OS
standards
Users
Enroll, enforce security
Lock Down Configurations
Assure appropriate access
to sensitive resources
More Costly to
© 2013 ForeScout Technologies, Page 23 ForeScout Confidential
BYOD/CYOD Control Assess Control Flexibility and Cost-Effectiveness
“Only a subset of corporate mobile users need advanced Mobile Device Management.“
IDC Research
VDI - Virtual Desktop
Infrastructure
MAW – Mobile Application
Wrapper
WAP – Wireless Access Point
MDM - Mobile Device
Management
NAC – Network Access Control
© 2013 ForeScout Technologies, Page 24 ForeScout Confidential
Automated Guest Registration Management
© 2013 ForeScout Technologies, Page 25 ForeScout Confidential
How NAC Supports BYOD / CYOD
MDM
LDAP
WAP
Switch
Endpoints
NAC
© 2013 ForeScout Technologies, Page 26 ForeScout Confidential
Why Combine NAC with MDM for BYOD/CYOD
• 100% visibility of all mobile
devices, managed & unmanaged
• Prevent unauthorized devices
from accessing the network
• Automate MDM enrollment
• Assess posture assessment
upon network connection
• Network mitigation
• Unified compliance reporting of
all network devices
NextGen NAC
© 2013 ForeScout Technologies, Page 27 ForeScout Confidential
Unified Mobile Security Rich MDM Interoperability
© 2013 ForeScout Technologies, Page 28 ForeScout Confidential
Secure
Gateway
Achieving Continuous Monitoring & Remediation Mitigate the Risk of Rogue Devices, APT, Zero-Day Attacks
Sys
Mgmt.
Secure Asset
Management
MDM
MAM
Host
Controls
Security Risk
Management
VA /
DLP GRC
SIEM
AAA
Network
Operations
ForeScout
NAC
NGFW
/ VPN
Silo’d Tool Exposures Coordination, Containment
MDM
MAM
Sys
Mgmt.
Secure Asset
Management
ForeScout
CounterACT
Platform VA /
DLP
SIEM
NGFW
/ VPN
AAA
Host
Controls
© 2013 ForeScout Technologies, Page 29 ForeScout Confidential
Cyber Security Automation, More Than Technology
Service Level Agreement
IT Security Efficiency
Effectiveness
Security Risk Mgmt.
Network Operations
Policy
Controls
Tools
Results
Coordination
Device Is Unknown,
On Core Network
Automatic
Quarantine
© 2013 ForeScout Technologies, Page 30 ForeScout Confidential
NAC, Accelerating IT-GRC Control Effectiveness Empowering Pervasive Network Security
Visibility • Unique network presence; see, control everything
• Real-time network intelligence: who, what, where…
Control Automation • Next-gen NAC closes the gaps
• Automate authentication, access control
• Automate compliance, verification
• Automate remediation and mitigation
• Bi-directional integration: network, security, identity,
wireless, mobile, GRC platforms
Requires • Policy and operational agreement between security
operations and network operations
• Next-gen NAC (ForeScout CounterACT)
© 2013 ForeScout Technologies, Page 31 ForeScout Confidential
Thank You
*This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of
the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service
]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings.
Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or
fitness for a particular purpose.
**Frost & Sullivan 2013 report NC91-74, Analysis of
the Network Access Control Market: Evolving
Business Practices and Technologies Rejuvenate
Market Growth” Chard base year 2012.