Forescout
Although the ForeScout CounterACT solution is also available in the standard version that includes the agent, the agentless approach proposed also ensures verification of endpoints for Windows, MacOS, and Linux systems as well as IoT devices.
In addition to the basic platform, ForeScout offers modules that enable integration with third-party solutions, including NGFW — CheckPoint, Palo Alto Networks, PAM — CyberArk, SIEM — Juniper (QRadar), VA — Rapid7 and EMM — MobileIron.
ForeScout CounterACT consists of three main features enabling efficient execution of previously described tasks:
MORE INFORMATION:
https://www.forescout.com/ |
Description of technology
Threat detection and response - detects malicious behavior and provides the incident response for compromised unmanaged devices (i.e. integration with firewalls, switches, etc.).
Visibility and asset inventory - passively monitors all devices on the networks and provides the visibility of managed and unmanaged devices, incl. IoT.
CONTROL - Continuous network scanning and monitoring the activity of all devices ensures automation and exercising control based on rules regarding network access and compliance of terminal equipment with security policy. Automatic repair reduces the risks and increases the level of security of workstations without user's intervention.
ORCHESTRATION - Integration with over 70 providers of network and security solutions. Information exchange, automation of management processes and automatic response to incidents ensure increased level of network security.
VISIBILITY - Aiming to ensure 100% detection of connected devices and their identification. The ForeScout Device Cloud repository is used which is automatically updated in real time thanks to feedback from customers.
SCADA / OT Security - Detects anomalies in industrial networks based on analysis of behavior and matching patterns of malicious activity. Automatically discovers resources, visualizes communication paths up to the lowest levels of the OT network where technological processes are controlled. Passive monitoring only - it does not influence the OT network, no active scanning is required, there is no need to install software on end devices. Sends security alerts to SOC using SYSLOG.
Helpful files
Interested? Check our training offer.
SubscribeInstallation | Configuration | Use
Watch