ForeScout Technologies has extended its collaboration with McAfee. The integration between ForeScout CounterACT and McAfee Enterprise Security Manager (ESM) provides enterprises with dynamic situational awareness of network access and endpoint compliance issues while reducing log management and threat management processes.
ForeScout’s automated security platform, ForeScout CounterACT, lets you see and control everything connected to your network, no matter the device or user. The platform employs multi-factor system fingerprinting technologies, such as software installation, running services, processes, open ports and network activity, and does not require an agent on the endpoint. Advanced policy enforcement capabilities allows administrators to set rules that can dynamically find and fix endpoint configuration and security issues with little or no intervention, or to automatically quarantine or remove devices in compliance violation or exhibiting malicious behaviour. All CounterACT activity is recorded and sent to the McAfee ESM to fulfill reporting and auditing requirements.
The combination of endpoint classification, policy assessment, remediation and notification capabilities offers commercial enterprises and government agencies the means to progress continuous monitoring and mitigation programs.
McAfee ESM is the only SIEM built for “Big Security Data.” ESM’s ability to collect, store, and perform complex processing on billions of events provides an extensible platform to address both current and evolving needs of security information and event management. With this new integration, McAfee ESM captures, retains, and analyses network access violations, endpoint compliance problems, and mobile security issues identified by ForeScout CounterACT. This level of network access control (NAC) log integration enables security professionals to further streamline incident response, forensics, and compliance processes.
“Although many SIEM deployments have been funded to address regulatory compliance reporting requirements, the rise in successful targeted attacks has caused a growing number of organisations to use SIEM for threat management to improve security monitoring and early breach detection,” according to a recent Gartner report. “There is a danger of SIEM products (which are already complex) becoming too complex as vendors extend capabilities. Vendors that are able to provide deployment simplicity as they add function will be the most successful in the market.”
Organisations can reduce log management system administration by employing CounterACT to:
* Check for the presence and activity of a logging application or service on an endpoint
* Install, reactivate, enforce or change a logging application or service on an endpoint based on pre-defined configuration policies
“ForeScout NAC and McAfee SIEM interoperability has tremendous operational and threat prevention value for our customers,” said Sam Davis, vice president of business development at ForeScout Technologies. “With this level of integration, customers can further leverage CounterACT’s automated security control capabilities to deliver dynamic network access and device intelligence while enhancing GRC processes.”
“By supporting interoperability between McAfee’s ESM SIEM and ForeScout CounterACT, we can give our mutual customers an effective way to extend situational awareness and to enforce access, mobile and endpoint compliance controls for all users and devices,” said Ed Barry, vice president of the Security Innovation Alliance, McAfee. “The joint solution will enable more rapid remediation of enterprise-wide threats that can originate from non-compliant endpoints.”
As a member of the McAfee Security Innovation Alliance (SIA) program, ForeScout has achieved compatibility for its integration of ForeScout CounterACT Network Access Control (NAC) with McAfee ePolicy Orchestrator platform, and today’s announcement extends ForeScout’s interoperability with an additional product in the McAfee portfolio, ESM.