Escolar Documentos
Profissional Documentos
Cultura Documentos
NEXT
WELCOME
Explore ForeScout Solutions and learn how ForeScout keeps you HOW TO USE THIS GUIDE
secure across all your network environments: campus, IoT, data
This interactive guide includes
center, cloud and operational technology (OT). clickable links. Use them to
jump between sections or
ForeScout Solutions include Device Visibility, Asset Management, access supporting resources.
Device Compliance, Network Access Control, Network
Segmentation and Incident Response. The navigation bar at the top
allows you to move between
Start here to experience the ForeScout difference. sections.
Nearly 20% of organizations 54% percent say $3.62 million is the global
observed at least one Internet that IoT security average cost of a data breach,
of Things (IoT) - based attack gives them anxiety up 17% since 2013.
in the past three years. . -2017 Ponemon Cost
of Data Breach Study
-Gartner 2018 -Forrester 2017
NEXT
ForeScout Solutions
Need to know 100% Need 100% inventory Need to fill the gap
of what is on your of all your connected left by periodic scans
network in real-time devices to true-up your to provide real-time
and all the time? CMDB? device compliance?
Distribution Core
Switch Switch
Public Cloud
Services
Agentless
• No agents required
Video: Extended Visibility
Software-Defined
Data Center Solution Brief
Granular Device
• Classification
1
ForeScout end-user customer feedback
Asset Management
“Prior to ForeScout we used a
To effectively manage and secure The ForeScout difference: number of disparate tools for
business assets, you need in-depth • Illuminate blind spots that asset discovery and audit, and a
significant amount of manual work
details about every device in your periodic scanning tools miss
was required to collate all of the
network. Manual asset discovery can • Efficiently manage the security data, which introduces risk. The
result in an incomplete and inaccurate posture and lifecycle of devices ForeScout solution eliminated this
configuration managment database problem and the fact it is so much
• Share contextual data with more than an audit and discovery
(CMDB), undermining IT and security ITAM tools tool added real value to us.”
management initiatives.
- Michael Cock, Sutton & East
Surrey Water PLC
Complex deployments
Active scanning Limited support
Limited IoT, OT and Periodic scanning and vendor dependencies
discovery solutions (build-your-own API
WITHOUT unmanaged device misses transient = high TCO (due to
= critical integrations = complex
visibility = inaccurate devices = incomplete agent-based solutions with
ForeScout inventory inventory
infrastructure configurations, manual
ongoing maintenance
disruption CMDB true-ups)
and operational issues)
Rich Classification
• Who, What, Where, version, etc.
• Real-world classification
Automated Process
• Single view
• Send data to CMBD (orchestration)
ServiceNow Datasheet
Vendor Neutral
• No network upgrades
• Campus, data center/cloud
and OT (passive)
* IP-based connected devices
Device Compliance
Partial compliance is noncompliance. The ForeScout difference: “In the past we had to run internal
assessments to create reports
Vulnerable platforms, unpatched • Gain real-time compliance
required for PCI-DSS compliance.
devices and default passwords instead of periodic scans With ForeScout, one interface will
expose your network to substantial • Increase auditing and deliver us the status of all Windows
risk, creating compliance gaps that compliance team efficiencies updates/patches and our anti-virus,
by 26% on average* which saves us a significant amount
continue to widen as more devices
of time doing audit and compliance
are added or become virtual and reporting.”
• Manage all devices: managed,
extend into the cloud. unmanaged, IoT and OT - Shibu Pillai,
* IDC, November, 2016 Network Specialist (Security)
City of Guelph
Agent based = Basic compliance Point-in-time Agent-based Complex design Agent based =
lower compliance assessment compliance remediation or no deployment
WITHOUT levels (due to segmentation
checks complexity
ForeScout endpoints with and high TCO
broken/missing agents)
1 4
Agentless Classification
• Who, What, Where, version, etc.
• Real-world classification
Manage Weak/Default
Password
• Agentless IoT devices
• Continuous
Device
Compliance
Ease of Development
• Agentless
• Quick to deploy
Vendor Neutral
• No network upgrades
• Campus, data center/cloud
and OT
Network Access Control (NAC)
“ForeScout enables us to tackle
Many devices can’t be managed The ForeScout difference: complex security challenges.
We build something, set it and
with traditional security methods • Gain 100% visibility - no agents forget it. Basically, we are getting
and require a new approach to required technologies to talk to one another
NAC that isn’t dependent on • Isolate IoT and noncompliant and then solve problems in an auto-
agent-based security methods. devices on your network mated way. Automation allows are
employees, our security team, and
New types of IoT devices can • Deploy without the burden our security operations center to
lead to serious breaches. of costly network upgrades, focus on what really matters.”
agents or vendor lock-in
– Nick Duda, Principal Security
Engineer, HubSpot
WITH
Agentless visibility Endpoint visibility Comprehensive Dynamic Continous Automated Flexible, Easy to Network
and classification includes access segmentation monitoring remediation easy-to-use deploy and orchestration
(with rich out-of- configuration management enables policy engine use via multiple
the-box assessment appropriate integrations
taxonomy) network access
WITHOUT ForeScout
Limited IoT Agent required Limited context Complex design Point-in-time Limited Challenging, Complex Limited
visibility (limited (resulting in limited available for (802.1X is snapshots automated complex-to- to deploy, integration
out-of-the-box visibility) managing required, and remediation use policy high TCO with third-
taxonomy) appropriate other technologies engine party systems
access control may be needed)
Active Directory
1 1 1
2 2 2
4 4 4
Managed Devices
Agentless Classification
• Who, What, Where, version, etc.
• No software agents required
Granular Device
Gartner Market Guide
• Classification
802.1x or Not
• Your choice
Network Segmentation
Network segmentation limits the The ForeScout difference: “We needed a vendor-agnostic
lateral movement from one system • Use device intelligence for rich approach that would give us
or device to another by creating device segmentation—including IoT visibility into disparate networks
segmented zones across the network. • Apply policy-based segmentation
coming on board due to the
Yet device security posture and across the entire network merger.”
behavior are constantly changing. • Leverage out-of-the-box - U.S.-based Retail Bank
How do you properly segment devices integrations with next-generation
with so many dynamics in play? firewalls (NGFWs) for device-based
policies
?
3 4
BYOD
Devices
?
Windows
Devices
BYOD
Devices
IoT Devices
Axis
IP Camera Rogue
Devices
Rich Classification
• Who, What, Where, version, etc.
• Real-world classification
Dynamic Network
Vendor Neutral Segmentation Webinar
-
• No network upgrades
• Campus, data center/Cloud
and OT (passive)
Network
Segmentation
Ease of Development
• Agentless
• Quick to deploy
Reduced Window of
Splunk Extended
Exposure Module Datasheet
• Via orchestration
ESG Lab Review:
ForeScout & Splunk
2
IDC, The Business Value of Pervasive Device and Network Visibility and Control with ForeScout
Success Stories
MEDICAL
Automatically discovered 4,500 previously
unknown devices (15%) including IoT and
medical systems Learn More
FINANCIAL
Fully operational in less than two weeks
Learn More
ENERGY
Detected 400 vulnerable hosts and
addressed WannaCry attached
vulnerabilities within 48 hours Learn More
FLORIDA MEDICAL CENTER
security RESULTS:
departments, Automatically discovered 4,500 previously unknown devices (15%)
it’s invaluable.” including IoT and medical systems
CISO, Florida
Achieved orchestration between ForeScout and Palo Alto Networks firewalls
Medical Center
Streamlined asset inventory and reporting, device management and
regulatory compliance
Please note: this is a technical, hands-on session where an on-site ForeScout Expert
will coach you through best-practice policy creation and deployment.
Everything you learn can be quickly applied to your environment using the ForeScout platform.
Toll-Free (US) +1-866-377-8771 © 2018. ForeScout Technologies, Inc. is a Delaware corporation. The ForeScout logos and trademarks can be found
Tel (Intl) +1-408-213-3191 at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks/. Other names mentioned
Support +1-708-237-6591 may be trademarks of their respective owners.