Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Integration brings improved incident response

ForeScout Technologies : 10 January, 2017  (New Product)
Fully integrated approach to minimising security breach impact results from collaboration between ForeScout and Splunk
Integration brings improved incident response

A new Splunk integration with ForeScout Technologies enables improved network visibility and the ability to take automated, policy-based actions on correlated data for a stronger security posture.

The ForeScout Extended Module for Splunk enables bi-directional communication between ForeScout CounterACT and Splunk Enterprise or Splunk Enterprise Security (Splunk ES) to help accelerate incident response and minimise the impact of data breaches.

According to ForeScout Technologies CEO, Michael DeCesare, as a result of the speed at which security managers are deploying new ways of staying ahead of emerging threats, there is more need for orchestration and information sharing between security vendors.

“Through our collaboration with Splunk and an agentless approach to visibility, ForeScout streamlines security operations and reduces the window of exposure to limit malware proliferation and data exfiltration from devices on the network,” he explained.

Securing IoT endpoint access

ForeScout’s integration with Splunk Enterprise and Splunk ES enables customers to make use of high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritisation. The increasing volume of IoT devices connecting to the network has created new windows of opportunity for today’s cybercriminals to enter an organisation. ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk's Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organisations better combat advanced attacks through a unified defense.

“To help stay ahead of advanced threats, Splunk customers rely on technology that enables an analytics-driven approach to security and automates the incident response process. The Adaptive Response Initiative, and collaboration with partners like ForeScout, helps break down the silos between what are typically disparate security systems to provide our customers with faster threat investigation and remediation,” said Doug Merritt, president and CEO, Splunk.

Customers gain improved correlation and incident prioritisation based on ForeScout data such as:

* Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT
* Device profiling and classification information
* Device security posture and compliance gaps
* Network authentication, access and location information

Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:

* Enable Splunk software to delegate alert mitigation actions in real-time
* Take network actions to quarantine, isolate or limit access of IP-connected devices
* Initiate remediation and threat mitigation actions on a broader range of devices
* Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo