ForeScout Technologies has announced the ControlFabric platform to enable IT security products to dynamically share information and allow enterprises to more rapidly respond to a range of enterprise security and operational issues. The platform features new interfaces that open ForeScout CounterACT to developers, customers and system integrators, allowing them to flexibly integrate CounterACT with other security and management systems.
“Continuous monitoring in real time is an ever-increasing requirement, and in terms of compliance, is a core tenet of popular industry standards. Extraordinary growth in the consumerisation of IT has led to the recognition that greater visibility and broader network-based control is required for remediating endpoint issues, which are growing in both volume and severity,” said Fran Howarth of Bloor Research. “The capabilities of today's generation of NAC technologies mean that every device connecting to the network can be automatically identified, controlled, remediated and continuously monitored. By making use of open standards, ForeScout’s ControlFabric platform offers a wealth of opportunity for ISVs, system integrators and customers to gain greater operational context and controls that advance an organisation’s network security capabilities towards continuous compliance.”
Enterprises are challenged with supporting business agility while managing security risks due to greater network, device, access and threat complexity. Exacerbating this situation is the proliferation of BYOD device use as well as increased exposure to rogue devices, non-compliant systems and targeted attacks. To optimise IT resources and responsiveness, organisations require real-time operational insight and efficient means to resolve security problems and contain incidents.
ForeScout ControlFabric is an open platform that enables ForeScout CounterACT and other IT solutions to exchange information and mitigate a wide variety of network and endpoint security concerns. The platform helps enterprises to advance situational awareness by leveraging infrastructure data and to improve the security posture by applying policy-based controls to expedite remediation actions. It also saves time and money through the automation of routine activities. ForeScout CounterACT is a proven, enterprise-scale network security solution that provides visibility of all network users, endpoints and applications in real time. CounterACT shares this intelligence with other security and management systems that interoperate through ForeScout’s ControlFabric Interface, and it receives information from these systems to trigger security policies. This allows enterprises to apply broader network-based controls by leveraging existing IT security and management tools that heretofore have been limited to analysing, alerting and reporting information (e.g. SIEM, VA and ATP).
“IT organisations require defences that not only interoperate with each other but also provide more value than the individual solutions deliver on their own. It’s about maximising their ROI in people, process and tools,” said Gord Boyce, CEO of ForeScout. “Developed and proven over the last few years, the ForeScout ControlFabric platform allows customers to mobilise their enterprise tools and operational data in truly creative ways that dramatically improve visibility, risk management and productivity.”
The ControlFabric platform includes base integrations in the form of CounterACT plug-ins that work with popular network infrastructure, endpoints, directories, systems management, such as Microsoft SCCM, and endpoint security software, such as antivirus. This out-of-the-box interoperability allows ForeScout’s customers to find security gaps and address unauthorised network access and data leakage, bring your own device (BYOD) risks, endpoint compliance violations and advanced persistent threats (APTs).
ControlFabric extended integrations, developed and supported by ForeScout, bring additional value to the CounterACT appliance and are available as licensed plug-ins for:
* Mobile Device Management (MDM) – to help automate the enrolment of new mobile devices in the MDM system and to ensure that only authorised and compliant devices can connect to the network. Modules for AirWatch, Citrix, Fiberlink, MobileIron and SAP Afaria are available
* Advanced Threat Detection (ATD) – to enable IT security managers to quickly quarantine devices that are identified as infected and exfiltrating data, a module for FireEye is available with a module for McAfee’s new Advanced Threat Defence and others planned
* Security Information and Event Management (SIEM) – to bring real-time endpoint security posture details into SIEM tools and to allow them to be able to isolate or remediate endpoint security faults. SIEM modules are available for HP ArcSight, IBM QRadar, McAfee Enterprise Security Manager, RSA Envision, Splunk Enterprise and Tibco LogLogic
* Endpoint Protection – provides complete awareness and control of host-based defences of both managed and unmanaged devices. The integration module for McAfee ePolicy Orchestrator software informs McAfee ePolicy Orchestrator of unmanaged systems and helps it initiate automated remediation of security faults by either quarantining the endpoint or remediating the configuration problem on the endpoint
* Vulnerability assessment (VA) – will trigger a scan of new devices the moment they join the network plus add the ability to preform a remediation action, such as quarantining an endpoint and/or initiating a software update, as soon as the VA product identifies a serious vulnerability. The integration module currently supports Tenable Nessus, with support for McAfee Vulnerability Manager and Qualys planned
In addition, ForeScout has made the ControlFabric platform more extensible for developers, system integrators and customers through the new ControlFabric Interface. This set of standards-based integration mechanisms allows disparate security and management systems to communicate bi-directionally with the platform and, ultimately, the CounterACT network security appliance. The ControlFabric Interface currently employs LDAP, SYSLOG, SQL, Web Services API and other standards with more integration options planned.