A new Splunk integration with ForeScout Technologies enables improved network visibility and the ability to take automated, policy-based actions on correlated data for a stronger security posture.
The ForeScout Extended Module for Splunk enables bi-directional communication between ForeScout CounterACT and Splunk Enterprise or Splunk Enterprise Security (Splunk ES) to help accelerate incident response and minimise the impact of data breaches.
According to ForeScout Technologies CEO, Michael DeCesare, as a result of the speed at which security managers are deploying new ways of staying ahead of emerging threats, there is more need for orchestration and information sharing between security vendors.
“Through our collaboration with Splunk and an agentless approach to visibility, ForeScout streamlines security operations and reduces the window of exposure to limit malware proliferation and data exfiltration from devices on the network,” he explained.
Securing IoT endpoint access
ForeScout’s integration with Splunk Enterprise and Splunk ES enables customers to make use of high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritisation. The increasing volume of IoT devices connecting to the network has created new windows of opportunity for today’s cybercriminals to enter an organisation. ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk's Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organisations better combat advanced attacks through a unified defense.
“To help stay ahead of advanced threats, Splunk customers rely on technology that enables an analytics-driven approach to security and automates the incident response process. The Adaptive Response Initiative, and collaboration with partners like ForeScout, helps break down the silos between what are typically disparate security systems to provide our customers with faster threat investigation and remediation,” said Doug Merritt, president and CEO, Splunk.
Customers gain improved correlation and incident prioritisation based on ForeScout data such as:
* Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT
* Device profiling and classification information
* Device security posture and compliance gaps
* Network authentication, access and location information
Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:
* Enable Splunk software to delegate alert mitigation actions in real-time
* Take network actions to quarantine, isolate or limit access of IP-connected devices
* Initiate remediation and threat mitigation actions on a broader range of devices
* Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions