5-Network Access Control-FoIntelitec-ReScout-ByOD-You Dont Have A Choice-External

2013 ForeScout Technologies, Page 1 ForeScout Confidential
!"#$% '()*+,$() -.//01 2*)$%("+ !"(")*#

3%#*/4%56 7*48(%+%)$*9 : 0*#;"9$;* <*6=%#, /*45#$6>
!"#$% '()*
?@AB C @%5 B%(D6 E";* " -8%$4*
ForeScout Named SoIe Contender in the Expansive
Network Access ControI Market as its Share Increases by 10 Percent
ForeScout Recognized as the Largest Independent Vendor and the Fastest Growing
Among Leaders in the Network Access Control Market
CUPERTINO, CaIif. -June 18, 2013 ForeScout Technologies, nc., a leading provider of real-time
network security solutions for Fortune 1000 enterprises and government organizations, today announced
that Frost & Sullivan has recognized ForeScout's increased market share and leadership in the
Network Access Control (NAC) market. ForeScout was distinguished as the sole market contender and
the one possessing the highest market penetration and capability to meet market demands for technology
and scalability.
According to the Frost & Sullivan Global Analysis of the Network Access Control (NAC) Market report,
published in June 2013, the three best-selling NAC solutions in both large enterprises and small medium
businesses (SMBs) are respectively Cisco, ForeScout and Juniper, which represent more than 63.3
percent of the NAC market. Frost estimates that ForeScout expanded its 2012 NAC market share by
more than 10 percent from the prior year. The report aIso indicates resurgent NAC adoption is driven
by enterprise Bring Your Own Device (BYOD) security initiatives, and it forecasts the market is
growing by a 23.3 percent CAGR and will reach more than $670 million by 2017.1
3#%96 F /5++$;"( G+%H"+ I("+>9$9 %J 68* <I- !"#,*6
2*K%#6
IH%56 3%#*/4%56
ForeScout is the leading global provider of pervasive network security solutions for Global
2000 enterprises and government organizations.
lndependent Network Access
Control (NAC) market leader
Foundatio
n
1400+ global implementations
Financial services,
government, healthcare,
manufacturing, retail,
education.
Cupertino HQ, 185 employees
200+ global channel partners
Enterprise
Deployments
Market
Leadership
**NAC Competitive Landscape
ApriI 2013, Frost&SuIIivan
!"#$%&"'(
*Magic Quadrant for Network Access
ControI, December 2012, Gartner Inc.
!"#$%&"'( *$&+,"-"./$0

Personal,
Mobile
Devices.
Threat
Dynamics
C
o
m
p
lia
n
c
e
Costs
L -%(;*#)$() 7#*(M9 IJJ*46$() .(J%/*4 'JJ*46$;*(*99
78* ?@AB 08*(%N*(%(
BYOD refers to employees who bring their own computing
devices such as smartphones, laptops and PDAs to the
workplace for use on the corporate network.
3$)86 %# 'NH#"4*O
"The rise of "bring your own device" programs is the
singIe most radicaI shift in the economics of cIient
computing for business since PCs invaded the
workpIace."
- Gartner1
1 Gartner "Bring Your Own Device: New Opportunities, New ChaIIenges", August 16, 2012
B$9#5K6$;* .7 -%(95N*#$P"6$%(
App Stores and Web Apps
Diverse
Device
OS
Standards
Mobile
Apps
Personal and Mobile Devices
Data loss
Lost phone or laptop
Unauthorized access
Compromised systems
Malware
Threaten the network
Compliance
Rogue infrastructure
Unauthorized apps (e.g. iCloud)
Jailbroken devices
78* 2$9,9 %J !%H$+* /*45#$6> Q ?@AB
For more depth, see:
Gartner,"Strategic Road Map for Network Access Control,
Lawrence Orans and John Pescatore,11 October 2011, D number
G00219087
?
?
?
x
x
?
?
'RK+%M$() <*6=%#, I44*99 "(M 78#*"6 B>("N$49
CLOUD
FREWALL
?
X
X
?
?
?
?
?
?
X
?
78* '(6*#K#$9* -8"++*()*
+,,$--./.0.12 3.145"1 6578957.-.#: +,,$-- ;#< =#<85.#1 >951$,1.5#
Demand for pervasive network
resource and data accessibility
20% of infrastructure is
unknown, invisible
Up to 50% of endpoints are
non-compliant
T consumerization
"Endpoint baselining scans reveal that many
endpoints (up to 50%) are noncompliant."
?;91#$9
".enterprise perimeter is becoming more open and
extended..."
@A6
"Enterprises are only aware of 80% of the devices on
their networks.
?;91#$9
!"#$ &'()'*+,*- ./( &011/(',2+ 3456 728,(/29*2'-:; << 6*=*9>*( <?@@; A/=09*2' B??<<C<?D
!"#$%&# #&()#$ * +,#-%. /)0# 12% 3&4-5&6 78& 9"5$: "%; $8& 90$0#&< !"#$%&#< =">< ?@AB< 3"4-; C-DD-:
! #(=E,'*=',2+ ) FG*H,>G* &'()'*+I ./( &*=0(,2+ 72'*(1(,-* 3(,2+ 4/0( 5J2 6*8,=* K3456L : M6$ N<OOCCD; P02* <?@<;
"By 2017, 50% of employers will require employees
to bring their own device to the workplace.
?;91#$9
?@AB B$9#5K6$%( -%NK%5(M9 /*45#$6> -8"++*()*9
"78% say there are more than twice as many personal devices connecting to
corporate networks now than compared to two years ago.
!"#$%&"'% )$&$*+,-
Less ControI Over
Applications
Devices,
Mobile OS
standards
Users
Enroll, enforce security
Lock Down Configurations
Assure appropriate access
to sensitive resources
More CostIy to
Gain executive commitment,

form committee
Gather operation data,

build requirements
dentify and assess use cases
Formulate policies
Which corporate applications?
Which users?
How will data be secured?
Who will be responsible for
BYOD support?
What happens if the device is
lost or stolen?
How will the endpoint device be
updated?
Acceptable use policies?
Decide how to enforce policies
Build a project plan
Evaluate solutions
mplement solutions
3#"N*=%#,S /*45#$() ?@AB .NK+*N*(6"6$%(
.NK"46 %J I44*991 <*6=%#, "(M 78#*"6 B>("N$49
Question: Can you accurately answer how many wired or
wireless devices are on your network?
Assuming you could, would you know how many are:
Are in vioIation:
OS Patches
Host-based security
Antivirus, Encryption, DLP.
Unwanted software
M, P2P, unlicensed.
Configuration management
Manageable
Unmanageable
Guests
Unknown
Misconfigured
Vulnerable
Windows
Linux/Unix
Mac
Hand Held
Printers
VoP
Networking
.etc
TechnoIogy that identifies users and network-attached devices and
automaticaIIy enforces security poIicy.
T8"6 $9 <*6=%#, I44*99 -%(6#%+ U<I-VO

"
#
$
%
&
'()(*
+
'
,
-
.
#/0123/
<I- 'RK"(M$() W"+5* 0#%K%9$6$%(
Endpoints
Network Devices
AppIications
Users
Non-Corporate/BYOD
No Protection PossibIe
Corporate Resources
NAC ReaI-time VisibiIity and Automated ControI
E%2"%$&; "((D-5"$-)%F
Not VisibIe
G%$-4-#0: )0$ )H ;"$&F
I%5#>($-)%< 3JK )# L>:M=.N$M
".&%$ %)$ -%:$"DD&; O #0%%-%.
?
Protection PossibIe
VisibIe
0*#;"9$;* <*6=%#, /*45#$6> 0+"6J%#N
65#1.#"5"- B.-./.0.12% C5#.159.#: ;#< D$7$<.;1.5#
1--"23 4-"&53 6/7/(3
1-$#(3 8,9"#7
:0$#;.'/<$<3 1'("7=($<3
>/= ?@($#,=- %A0($7
1-$#(3 B$C"#(3
4/;</#$&(/",=- 8,($--/.$,&$
D",(/,'"'0
E/0/F/-/(A
G$(2"#5
?,9"#&$7$,(
?,<C"/,(
B$7$</=(/",
8,9"#7=(/",
8,($.#=(/",
?,<C"/,(
1'(+$,(/&=(/", H
8,0C$&(/",
I$>/&$ I/0&">$#A3 J#"9/-/,.
%$&'#/(A J"0('#$3
D",(#"- E=-/<=(/",
J$#>=0/>$
G$(2"#5
%$&'#/(A
G"$( X(K#*4*M*(6*M W$9$H$+$6>1 -%(6#%+1 I56%N"6$%(
See All devices:
Managed, Rogue,
Wired, Wireless,
PC, Mobile.
Filter By:
Business Unit,
Network, lssue,
Device Types.
lnstant lntelligence:
Who, What, Where,
When, Security
Posture.
lnstant Status:
Devices, Policy
Violations.
Granular, Extensible
Policies, Automated
Enforcement
'(MK%$(6 .(6*++$)*(4* "(M -%NK+$"(4*
ForeScout
100% visibility of all devices,
including unmanaged and
rogue devices
Higher levels of endpoint
compliance
Automate the installation,
activation and update of
endpoint agents
Control network access
dentify and block malicious
network behavior
-%NK+*6* I99*6 .(6*++$)*(4*
AK*#"6$%("+ .(6*)#"6$%(
Complete, accurate asset
intelligence
100% visibility of endpoint risks,
e.g. rogue, unmanaged devices
Send intelligence to external
systems, external systems can
leverage CounterACT response
Faster, more automated
mitigation of security issues
Full guest &contractor mgmt.
Cost savings due to automation
ForeScout
Y*;*#")$() -%5(6*#I-7 .(6*#%K*#"H$+$6>
McAfee ePO Integration
Certified integration with ePO
Endpoint protection policy assurance
CounterACT real-time inspection
informs ePO
Fortifies HBSS compliance
McAfee ESM integration
CounterACT sends access,
violations and action events to SEM
CounterACT to send endpoint
intelligence to McAfee ESM
CounterACT enforcement based on
McAfee ESM correlated data
!"#
E%= <I- /5KK%#69 ?@AB Q -@AB
MDM
LDAP
WAP
Switch
Endpoints
NAC
I56%N"6*M G5*96 2*)$96#"6$%( !"(")*N*(6
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
ForeScout MDM ForeScout MDM
OperationaI Management
Expense management
nventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Remote wipe, selective wipe
Configuration enforcement
Detect rooted / jailbroken
Containerization / encryption
P data privacy screening
Unified visibiIity and network
access poIicy
User impact Transparent Lightweight Lightweight Lightweight
Price $ $$ $$$* $$$$
1
1
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
Expense management
nventory management
Network Security
Access control
Block threats
Detect on access
Profile device
Password
access poIicy
Price $ $$ $$$* $$$$
1
1
1 Expected delivery Q4 2012
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
Expense management
nventory management
Network Security
Access control
Block threats
Detect on access
Profile device
Password
access poIicy
Price $ $$ $$$* $$$$
*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower
risk devices/users are managed by ForeScout Mobile Security Module.
1
1
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
Expense management
nventory management
Network Security
Access control
Block threats
Detect on access
Profile device
Password
access poIicy
Price $ $$ $$$* $$$$
*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower
risk devices/users are managed by ForeScout Mobile Security Module.
1
1
T8> -%NH$(* <I- =$68 !B! J%# ?@ABQ-@AB
100% visibility of all mobile
devices, managed & unmanaged
Prevent unauthorized devices
from accessing the network
Automate MDM enrollment
Assess posture assessment
upon network connection
Network mitigation
Unified compliance reporting of
all network devices
ForeScout
X($J$*M !%H$+* /*45#$6>
D.,4 CAC @#1$958$9;/.0.12
Deploy in one day
Physical or virtual appliance
Out-of-band
Works with your existing

infrastructure
3%#*/4%56 -%5(6*#I-7 J%# <*6=%#, I44*99 -%(6#%+
G$$ ;#< ,5#1950 $H$9214.#: 5# 25"9 #$1I59J
3%#*/4%56 -%5(6*#I-7
K4.9< ?$#$9;1.5# L$1I59J +,,$-- 65#1950
PhysicaI Layer
Device / PeripheraIs
Operating Systems
AppIications
User Information
User Behavior
VisibiIity Management ControI
PoIicy vioIations
Audited responses
TroubIe ticket requests
User notification
User "signed" acceptance
SeIf-remediation
Worm quarantine
User hacking prevention
User name
Authentication status
Group membership
RoIe-based poIicy
MuItipIe guest poIicies
Guest access
RoIe-based quarantine
AppIication instaIIed,
running
Registry vaIues
CompIiance reporting
AppIication whiteIist
Software remediation
AppIication bIocking
AppIication enforcement
OS fingerprint (patch,
services)
CompIiance reporting
Antivirus reporting
VuInerabiIity awareness
Patch management
Antivirus updates
Process bIocking
Registry Iocking
IP address, MAC address
VoIP Phone
USB peripheraIs
Inventory management
Device-based poIicy
Data Ioss prevention
Shutdown, disabIe
MuIti-home bIocking
3G modem bIocking
USB worm prevention
Switch, port, VLAN
Geographic Iocation
Number devices on port
RoIe-based access
PoIicy-based firewaII
VPN status
Port controI (802.1X, SNMP)
ACL
VLAN
3%#*/4%561 I44*+*#"6$() .7 -%(6#%+ 'JJ*46$;*(*99
=785I$9.#: >$9H;-.H$ L$1I59J G$,"9.12
Visibility
Unique network presence; see, control everything
Real-time network intelligence: who, what, where.
Automation
Next-gen NAC closes the gaps
Automate authentication, access control
Automate compliance, verification
Automate remediation and mitigation
Interoperability, Scale
Leverages existing infrastructure investment
Fully extensible policy engine
Bi-directional interface
Effectuates controls
Thank You
P78-: =".-5 Q0";#"%$ .#"(8-5 2": (0RD-:8&; R> !"#$%&#< S%5M ": ("#$ )H " D"#.&# #&:&"#58 %)$& "%; :8)0D; R& &4"D0"$&; -% $8& 5)%$&T$
)H $8& &%$-#& #&()#$M 78& !"#$%&# #&()#$ -: "4"-D"RD& 0()% #&U0&:$ H#)N 9)#&L5)0$M !"#$%&# ;)&: %)$ &%;)#:& "%> 4&%;)#< (#);05$ )#
:&#4-5& V;&(-5$&; -% )0# #&:&"#58 (0RD-5"$-)%:< "%; ;)&: %)$ ";4-:& $&58%)D).> 0:&#: $) :&D&5$ )%D> $8):& 4&%;)#: 2-$8 $8& 8-.8&:$
#"$-%.:M !"#$%&# #&:&"#58 (0RD-5"$-)%: 5)%:-:$ )H $8& )(-%-)%: )H !"#$%&#W: #&:&"#58 )#."%-X"$-)% "%; :8)0D; %)$ R& 5)%:$#0&; ":
:$"$&N&%$: )H H"5$M !"#$%&# ;-:5D"-N: "DD 2"##"%$-&:< &T(#&::&; )# -N(D-&;< 2-$8 #&:(&5$ $) $8-: #&:&"#58< -%5D0;-%. "%> 2"##"%$-&: )H
N&#58"%$"R-D-$> )# H-$%&:: H)# " ("#$-50D"# (0#():&M
PP9#):$ Y L0DD-4"% ?@AB #&()#$ Z[\A*]^< #2)GI-,- /.
'E* "*'J/(Q #==*-- $/2'(/G R)(Q*'S 78/G8,2+
30-,2*-- T()=',=*- )2A U*=E2/G/+,*- V*W08*2)'*
R)(Q*' B(/J'E_ [8"#; R":& >&"# ?@A?M

5-Network Access Control-FoIntelitec-ReScout-ByOD-You Dont Have A Choice-External

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

5-Network Access Control-FoIntelitec-ReScout-ByOD-You Dont Have A Choice-External

Загружено:

Авторское право:

Доступные форматы

2013 ForeScout Technologies, Page 1 ForeScout Confidential

!"#$% '()+,$() -.//01 2)$%("+ !"(")*#

Gain executive commitment,

Gather operation data,

dentify and assess use cases

Decide how to enforce policies

Build a project plan

Deploy in one day

Physical or virtual appliance

Works with your existing

Вам также может понравиться