Forescout Solution Guide
Forescout Solution Guide
Forescout Solution Guide
NEXT
WELCOME HOW TO USE THIS GUIDE
NEXT
Forescout Solutions
Gain 100% visibility Manage and secure Continuously assess
and classification of all IP-connected devices devices, PRQLWRUWKHP
DQGHQIRUFH security
all connected physical, with an accurate, policies to maintain
virtual and IoT/OT devices. real-time inventory. compliance.
• No agents required
6LOHQW'HIHQVH'DWDVKHHW
Software-Defined
Data Center Solution Brief
Forescout Device Cloud
• Provides accurate, real-world
SANS Institute Device
device classifications
Visibility and Control Report
Device
Visibility
Continuous Monitoring 27,&66ROXWLRQ%ULHI
• Point-in-time scanning
is too infrequent Device Visibility and Control
White Paper
Passive Scanning
• Extends visibility to OT systems
and critical infrastructure 1
Forescout end-user customer feedback
Asset Management
Accurately manage and secure The Forescout difference: :LWKWKH)RUHVFRXWVROXWLRQ
connected things. • Maintain an accurate CMDB ZHH[SHFWWRVDYHPLOOLRQVIURP
Manual asset discovery produces inac- with real-time updates to H[SRQHQWLDOO\IDVWHUDXGLWVWKDWSUR
curate, out-of-date asset details that improve operational consistency
GXFHIHZHUILQGLQJVDQGUHTXLUH
undermine your IT and security man- and reduce manual errors
OHVVUHPHGLDWLRQHIIRUW
agement initiatives. To effectively • Inventory and track agentless
devices, including IoT devices, — Phil Bates,
manage and secure your business,
VMs and OT/critical infrastructure Chief Information Security Officer,
you must automate the inventory
• Share contextual data with State of Utah
process and maintain accurate asset
ITSM tools
details across IT and OT networks.
Complex deployments
Active scanning Limited support
Limited IoT, OT and Periodic scanning and vendor dependencies
BEFORE discovery solutions (build-your-own API
unmanaged device misses transient = high TCO (due to
= critical integrations = complex
Forescout visibility = inaccurate devices = incomplete
infrastructure configurations, manual
agent-based solutions with
inventory inventory ongoing maintenance
disruption CMDB true-ups)
and operational issues)
Plug-and-play automation
Continuous asset Flexible architecture
AFTER Agentless visibility Passive visibility (eyeExtend PRGXOHV
monitoring = (supports multivendor
and classification for inventory of OT and orchestrate real-time
up-to-date inventory networks across campus,
(comprehensive, critical infrastructure data sharing, alerts and
(detects changes data center, cloud and
accurate inventory) devices responses with ITSM
and transient devices) hybrid deployments)
and security tools)
Location: San Jose Forescout App for Switch Port Name: G01/1/2 Forescout eyeExtend powered by
+ Asset Management
Asset Tag: User-AB1234 )LUPZDUH56/RJL[¡ eyeSight then updates or creates a new
….other CMDB properties VLAN: 130 ServiceNow® CMDB Configuration Item
2 3 4
(CI) with additional context such as the
Device IP: 172.16.130.112 OS: Windows 7 64-bit
Enterprise SP1
2 switch port to which the device is
MAC Adrs: 005056822f9f
User: CyberSam connected, VLAN information, network
Switch Port Name: G01/1/2
…+hundreds of other device,
segment information, location,
VLAN: 130 user & network properties compliance status, and so on.
OS: Windows 7 64-bit CI Name: WIN7-SAM1
Enterprise SP1 Internet
User: CyberSam
Class: Computer The Forescout platform can also verify
eyeSight + eyeExtend
if the device has the latest patches;
3
Location: San Jose
…+hundreds of other device, for ServiceNow
user & network properties Asset Tag: User-AB1234 if not, it can inform the ITSM platform
….other CMDB properties
and trigger remediation actions.
*Note
Real-Time Asset
Interactive Demo Learn More
White Paper
The Forescout difference: Asset Management
Deliver data and information needed to govern IT assets
Rich Classification
• Who, what, where, when, OS version & more
• Real-world classification
Automated Process
• Single view of all IP-connected devices
• Send data to CMDB (orchestration)
Vendor Neutral
• No network upgrades
• Campus, data center/cloud
and OT (passive)
* IP-based connected devices
Device Compliance
Evaluate and advance The Forescout difference: ª'XULQJRXUDVVHVVPHQWWKH,7WHDP
ZDVDEOHWROHYHUDJHWKH)RUHVFRXW
compliance with confidence
• Maintain continuous compli-ance SODWIRUPWRYHULI\WKDWRXU
Vulnerable platforms, unpatched instead of waiting forperiodic HQGSRLQWVZHUHUXQQLQJWKHODWHVW
devices, default passwords and broken scans SDWFKHVPRVWUHFHQWYHUVLRQVRI
security software create serious DQWLYLUXVVRIWZDUHDQGVRRQ7KH
• Top endpoint compliance YHQGRU
HDVHRIHQGSRLQWFRPSOLDQFH
compliance gaps that continue to
FRQWULEXWHGVLJQLILFDQWO\WR
widen as more devices are added, • Enforce compliance policies
SUHYHQWLQJLQWUXVLRQGXULQJWKLV
across all devices: managed,
become virtual and extend into the H[HUFLVH)RUHVFRXWVDZLWDOO«
unmanaged, IoT and OT
cloud. Forescout continuously assesses — Ryan Morris,
,3 Central Station customer reviews and Chief Technology Officer,
devices, monitors them and enforces California Office of Statewide Health
ratings, August 2019
compliance policies to reduce risk. Planning and Development
$JHQWEDVHG =
$JHQWEDVHG =
lower compliance Point-in-time Complex design
BEFORE levels (due to
Basic compliance
compliance
Agent-based
or no
deployment
Forescout assessment remediation complexityand
endpoints with checks segmentation
high TCO
broken/missing agents)
Granular compliance
AFTER Agentless device
assessment Continuous
Automated Dynamic
Agentless =
hygiene/compliance agentless segmentation
(XVLQJD richset of compliance easy to deploy
= higher compliance endpoint of poor-hygiene
endpointattributes) monitoring and use
levels remediation devices
Automated Process
• Single view (extended enterprise)
• Send data to EDR/VA/CMT (orchestration)
• Apply mitigating controls (segmentation)
Advanced Compliance
Manage Weak/Default Module Datasheet
Passwords
• Agentless IoT devices Compliance Guide
• Continuous
Device
Compliance Device Compliance
Solution Brief
Ease of Deployment
• Agentless
• Quick to deploy
Vendor Neutral
• No network upgrades
• Campus, data center/cloud
and OT
Network Access Control (NAC)
Control access simply and easily The Forescout difference: ª:HZHUHDZDUHRIPRVWRIZKDW
Traditional authentication and ZDVRQRXUQHWZRUNEXWWKH
• ,GHQWLI\GLVFRYHUFODVVLI\DQG )RUHVFRXWSODWIRUPWROGXVVRPXFK
access control of perimeter- LQYHQWRU\DOOFRQQHFWHGGHYLFHV PRUHDERXWHDFKGHYLFHSOXVLW
based networks no longer ZRUN • &RPSO\$VVHVVVHFXULW\ JDYHXVWKHDXWRPDWHGJUDQXODU
Forescout unifies policy-based SRVWXUHDQGFRPSOLDQFH FRQWUROFDSDELOLW\WKDWZHZHUH
• &RQQHFW(QIRUFHDFFHVV PLVVLQJ«
access control across heteroge-
SROLFLHVDFURVVKHWHURJHQHRXV
neous campus, data center, cloud 'DOH0DUURTXLQ
QHWZRUNV
and OT environments—with or ,QIRUPDWLRQ6HFXULW\2IILFHU
without 802.1X authentication. &UHGLW+XPDQ&UHGLW8QLRQ
802.1X design
Limited integration
BEFORE FRPSOH[LW\ Lack of heterogeneous Limited automation
Agent-dependent with third-party tools =
GHSOR\PHQW network infrastructure for network access,
Forescout systems disjointed, siloed
GHOD\VDQG support control and remediation
security management
H[SHQVH
Active Directory VA
Internet
2
Forescout queries Active Directory for additional
5 3 3 user info and data to ensure access to the
Wireless LAN appropriate resources (department, geography).
Controller Switch 4
Forescout does a posture assessment of end-points
4 and remediates, if necessary.
4 4 4
Managed Devices
)RUUHVWHU=HUR7UXVW3ODWIRUP
Network Segmentation
Confidently design, build and deploy The Forescout difference: “Today we know what’s on our
network segmentation at scale network—including IoT devices.
• Dynamically group devices by
Flat networks allow lateral movement business context The Forescout platform classifies
of threats and attacks. Want to the device and slips it onto the
• Visualize and map device flows
confidently deploy segmentation
to device groups appropriate VLAN segment.”
without disrupting the business? Need
• Simulate segmentation policies — Ken Compres, Sr.
enterprise-wide segmentation without Network Security Engineer/CSO,
prior to enforcement
multivendor complexity? Forescout lets Hillsborough Community College
• Orchestrate segmentation across
you bridge the skills gap with resources
multivendor enforcement points
and tools to segment your network
with confidence. Let us show you.
3 4
Forescout classifies the devices as a corporate-
2 managed device.
1HWZRUN6HJPHQWDWLRQ
6ROXWLRQ%ULHI
Simulate Segmentation
- Policies
• 'HVLJQWHVW YDOLGDWHSROLFLHV )RUHVFRXWH\H6HJPHQW'DWDVKHHW
EHIRUHHQIRUFLQJ
Network
)RUHVFRXWH\H6HJPHQWYLGHR
Segmentation
Monitor and Respond
• &RQWLQXRXVO\PRQLWRUDQGDVVHVVVHJPHQWDWLRQSROLFLHV
• 5HFHLYHSURDFWLYHDOHUWV
Orchestrate Controls
• (QIRUFHVHJPHQWDWLRQDFURVVFDPSXVGDWDFHQWHUFORXGDQG27
• 2UFKHVWUDWHFRQWUROVDFURVVPXOWLYHQGRUHQYLURQPHQWV
Incident Response
Respond and remediate quickly The Forescout difference: “Forescout is like having an
The instant your network security is • Detect cyber and operational automatic threat hunter that
breached, the clock starts ticking. threats to IT and OT networks hunts for threats around the
The Forescout platform automates • Reduce device and network clock across our global net-
threat detection, prioritization and breaches work. Tasks that took hours
• Automate threat detection,threat now take just minutes.”
containment while orchestrating ac-
tions with leading SOAR vendors to hunting and containmentto — Nick Duda,
accelerate incident response Principal Security Engineer,
accelerate incident response and
• Gain out-of-the-box workflow HubSpot
mitigate risk.
interoperability with 20+ security
solutions through Forescout
eyeExtend PRGXOHV
Real Time
• On-connect posture assessment, VA scanning
and SUHGHILQHG remediation
Splunk Extended
Module Datasheet
OT & ICS Vulnerabilities
• ICS vulnerability database and ESG Lab Review:
multifactor risk scoring Forescout & Splunk
• Via containment, orchestration
and faster MTTR Improve Attack Response
Webinar
IDC, The Business Value of Pervasive Device and Network Visibility and Control with Forescout
Success Stories
MANUFACTURING
Discovered and categorized 97 percent of
endpoints out of the box within
first seven hours Learn More
MEDICAL
Automatically discovered 4,500 previously
unknown devices (15%), including IoT and
medical systems Learn More
FINANCIAL
Fully operational in less than two weeks
Learn More
ENERGY
Detected 400 vulnerable hosts and
addressed WannaCry-attached
vulnerabilities within 48 hours Learn More
HAWORTH GLOBAL MANUFACTURER
security RESULTS:
departments, Automatically discovered 4,500 previously unknown devices (15%),
it’s invaluable.” including IoT and medical systems
CISO, Florida
Achieved orchestration between Forescout and Palo Alto Networks firewalls
Medical Center
Streamlined asset inventory and reporting, device management and
regulatory compliance
Please note: this is a technical, hands-on session where an RQOLQH Forescout Expert
will coach you through best-practice policy creation and deployment.
Everything you learn can be quickly applied to your environment using the Forescout platform.