Академический Документы
Профессиональный Документы
Культура Документы
Data loss
Lost phone or laptop
Unauthorized access
Compromised systems
Malware
Threaten the network
Compliance
Rogue infrastructure
Unauthorized apps (e.g. iCloud)
Jailbroken devices
78* 2$9,9 %J !%H$+* /*45#$6> Q ?@AB
For more depth, see:
Gartner,"Strategic Road Map for Network Access Control,
Lawrence Orans and John Pescatore,11 October 2011, D number
G00219087
2013 ForeScout Technologies, Page 9 ForeScout Confidential
?
?
?
x
x
?
?
'RK+%M$() <*6=%#, I44*99 "(M 78#*"6 B>("N$49
CLOUD
FREWALL
?
X
X
?
?
?
?
?
?
X
?
2013 ForeScout Technologies, Page 10 ForeScout Confidential
78* '(6*#K#$9* -8"++*()*
+,,$--./.0.12 3.145"1 6578957.-.#: +,,$-- ;#< =#<85.#1 >951$,1.5#
Demand for pervasive network
resource and data accessibility
20% of infrastructure is
unknown, invisible
Up to 50% of endpoints are
non-compliant
T consumerization
"Endpoint baselining scans reveal that many
endpoints (up to 50%) are noncompliant."
?;91#$9
".enterprise perimeter is becoming more open and
extended..."
@A6
"Enterprises are only aware of 80% of the devices on
their networks.
?;91#$9
!"#$ &'()'*+,*- ./( &011/(',2+ 3456 728,(/29*2'-:; << 6*=*9>*( <?@@; A/=09*2' B??<<C<?D
!"#$%&# #&()#$ * +,#-%. /)0# 12% 3&4-5&6 78& 9"5$: "%; $8& 90$0#&< !"#$%&#< =">< ?@AB< 3"4-; C-DD-:
! #(=E,'*=',2+ ) FG*H,>G* &'()'*+I ./( &*=0(,2+ 72'*(1(,-* 3(,2+ 4/0( 5J2 6*8,=* K3456L : M6$ N<OOCCD; P02* <?@<;
"By 2017, 50% of employers will require employees
to bring their own device to the workplace.
?;91#$9
2013 ForeScout Technologies, Page 11 ForeScout Confidential
?@AB B$9#5K6$%( -%NK%5(M9 /*45#$6> -8"++*()*9
"78% say there are more than twice as many personal devices connecting to
corporate networks now than compared to two years ago.
!"#$%&"'% )$&$*+,-
Less ControI Over
Applications
Devices,
Mobile OS
standards
Users
Enroll, enforce security
Lock Down Configurations
Assure appropriate access
to sensitive resources
More CostIy to
2013 ForeScout Technologies, Page 12 ForeScout Confidential
Formulate policies
Which corporate applications?
Which users?
How will data be secured?
Who will be responsible for
BYOD support?
What happens if the device is
lost or stolen?
How will the endpoint device be
updated?
Acceptable use policies?
Evaluate solutions
mplement solutions
3#"N*=%#,S /*45#$() ?@AB .NK+*N*(6"6$%(
2013 ForeScout Technologies, Page 13 ForeScout Confidential
.NK"46 %J I44*991 <*6=%#, "(M 78#*"6 B>("N$49
Question: Can you accurately answer how many wired or
wireless devices are on your network?
Assuming you could, would you know how many are:
Are in vioIation:
OS Patches
Host-based security
Antivirus, Encryption, DLP.
Unwanted software
M, P2P, unlicensed.
Configuration management
Manageable
Unmanageable
Guests
Unknown
Misconfigured
Vulnerable
Windows
Linux/Unix
Mac
Hand Held
Printers
VoP
Networking
.etc
2013 ForeScout Technologies, Page 14 ForeScout Confidential
TechnoIogy that identifies users and network-attached devices and
automaticaIIy enforces security poIicy.
T8"6 $9 <*6=%#, I44*99 -%(6#%+ U<I-VO
"
#
$
%
&
'()(*
+
'
,
-
.
#/0123/
2013 ForeScout Technologies, Page 15 ForeScout Confidential
<I- 'RK"(M$() W"+5* 0#%K%9$6$%(
Endpoints
Network Devices
AppIications
Users
Non-Corporate/BYOD
No Protection PossibIe
Corporate Resources
NAC ReaI-time VisibiIity and Automated ControI
E%2"%$&; "((D-5"$-)%F
Not VisibIe
G%$-4-#0: )0$ )H ;"$&F
I%5#>($-)%< 3JK )# L>:M=.N$M
".&%$ %)$ -%:$"DD&; O #0%%-%.
?
Protection PossibIe
VisibIe
2013 ForeScout Technologies, Page 16 ForeScout Confidential
0*#;"9$;* <*6=%#, /*45#$6> 0+"6J%#N
65#1.#"5"- B.-./.0.12% C5#.159.#: ;#< D$7$<.;1.5#
1--"23 4-"&53 6/7/(3
1-$#(3 8,9"#7
:0$#;.'/<$<3 1'("7=($<3
>/= ?@($#,=- %A0($7
1-$#(3 B$C"#(3
4/;</#$&(/",=- 8,($--/.$,&$
D",(/,'"'0
E/0/F/-/(A
G$(2"#5
?,9"#&$7$,(
?,<C"/,(
B$7$</=(/",
8,9"#7=(/",
8,($.#=(/",
?,<C"/,(
1'(+$,(/&=(/", H
8,0C$&(/",
I$>/&$ I/0&">$#A3 J#"9/-/,.
%$&'#/(A J"0('#$3
D",(#"- E=-/<=(/",
J$#>=0/>$
G$(2"#5
%$&'#/(A
2013 ForeScout Technologies, Page 17 ForeScout Confidential
G"$( X(K#*4*M*(6*M W$9$H$+$6>1 -%(6#%+1 I56%N"6$%(
See All devices:
Managed, Rogue,
Wired, Wireless,
PC, Mobile.
Filter By:
Business Unit,
Network, lssue,
Device Types.
lnstant lntelligence:
Who, What, Where,
When, Security
Posture.
lnstant Status:
Devices, Policy
Violations.
Granular, Extensible
Policies, Automated
Enforcement
2013 ForeScout Technologies, Page 18 ForeScout Confidential
'(MK%$(6 .(6*++$)*(4* "(M -%NK+$"(4*
ForeScout
100% visibility of all devices,
including unmanaged and
rogue devices
Higher levels of endpoint
compliance
Automate the installation,
activation and update of
endpoint agents
Control network access
dentify and block malicious
network behavior
2013 ForeScout Technologies, Page 19 ForeScout Confidential
-%NK+*6* I99*6 .(6*++$)*(4*
2013 ForeScout Technologies, Page 20 ForeScout Confidential
AK*#"6$%("+ .(6*)#"6$%(
Complete, accurate asset
intelligence
100% visibility of endpoint risks,
e.g. rogue, unmanaged devices
Send intelligence to external
systems, external systems can
leverage CounterACT response
Faster, more automated
mitigation of security issues
Full guest &contractor mgmt.
Cost savings due to automation
ForeScout
2013 ForeScout Technologies, Page 21 ForeScout Confidential
Y*;*#")$() -%5(6*#I-7 .(6*#%K*#"H$+$6>
McAfee ePO Integration
Certified integration with ePO
Endpoint protection policy assurance
CounterACT real-time inspection
informs ePO
Fortifies HBSS compliance
McAfee ESM integration
CounterACT sends access,
violations and action events to SEM
CounterACT to send endpoint
intelligence to McAfee ESM
CounterACT enforcement based on
McAfee ESM correlated data
!"#
2013 ForeScout Technologies, Page 22 ForeScout Confidential
E%= <I- /5KK%#69 ?@AB Q -@AB
MDM
LDAP
WAP
Switch
Endpoints
NAC
2013 ForeScout Technologies, Page 23 ForeScout Confidential
I56%N"6*M G5*96 2*)$96#"6$%( !"(")*N*(6
2013 ForeScout Technologies, Page 24 ForeScout Confidential
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
ForeScout MDM ForeScout MDM
OperationaI Management
Expense management
nventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Remote wipe, selective wipe
Configuration enforcement
Detect rooted / jailbroken
Containerization / encryption
P data privacy screening
Unified visibiIity and network
access poIicy
User impact Transparent Lightweight Lightweight Lightweight
Price $ $$ $$$* $$$$
1
1
2013 ForeScout Technologies, Page 25 ForeScout Confidential
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
ForeScout MDM ForeScout MDM
OperationaI Management
Expense management
nventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Remote wipe, selective wipe
Configuration enforcement
Detect rooted / jailbroken
Containerization / encryption
P data privacy screening
Unified visibiIity and network
access poIicy
User impact Transparent Lightweight Lightweight Lightweight
Price $ $$ $$$* $$$$
1
1
1 Expected delivery Q4 2012
2013 ForeScout Technologies, Page 26 ForeScout Confidential
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
ForeScout MDM ForeScout MDM
OperationaI Management
Expense management
nventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Remote wipe, selective wipe
Configuration enforcement
Detect rooted / jailbroken
Containerization / encryption
P data privacy screening
Unified visibiIity and network
access poIicy
User impact Transparent Lightweight Lightweight Lightweight
Price $ $$ $$$* $$$$
*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower
risk devices/users are managed by ForeScout Mobile Security Module.
1
1
1 Expected delivery Q4 2012
2013 ForeScout Technologies, Page 27 ForeScout Confidential
7$*#*M !%H$+* /*45#$6> /*#;$4*9
D.:41-.E.#: 75/.0$ 149$;1 7;#;:$7$#1 ;#< $F8$#<.1"9$
ForeScout
CounterACT
ForeScout
CounterACT
+
ForeScout Mobile
ForeScout
CounterACT
+
ForeScout MDM ForeScout MDM
OperationaI Management
Expense management
nventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Password
Remote wipe, selective wipe
Configuration enforcement
Detect rooted / jailbroken
Containerization / encryption
P data privacy screening
Unified visibiIity and network
access poIicy
User impact Transparent Lightweight Lightweight Lightweight
Price $ $$ $$$* $$$$
*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower
risk devices/users are managed by ForeScout Mobile Security Module.
1
1
1 Expected delivery Q4 2012
2013 ForeScout Technologies, Page 28 ForeScout Confidential
T8> -%NH$(* <I- =$68 !B! J%# ?@ABQ-@AB
100% visibility of all mobile
devices, managed & unmanaged
Prevent unauthorized devices
from accessing the network
Automate MDM enrollment
Assess posture assessment
upon network connection
Network mitigation
Unified compliance reporting of
all network devices
ForeScout
2013 ForeScout Technologies, Page 29 ForeScout Confidential
X($J$*M !%H$+* /*45#$6>
D.,4 CAC @#1$958$9;/.0.12
2013 ForeScout Technologies, Page 30 ForeScout Confidential
Out-of-band