Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

CounterACT integration with McAfee Threat Intelligence Exchange

ForeScout Technologies : 21 October, 2015  (New Product)
ForeScout CounterACT network access control platform is now fully integrated with McAfee TIE via the Data Exchange Layer to bring threat protection to BYOD devices and unmanaged endpoints
CounterACT integration with McAfee Threat Intelligence Exchange

Just a year after Intel Security and ForeScout Technologies announced their intent to integrate their products to provide greater threat intelligence across network connected devices, the companies have completed their development work and are shipping compatible products. The announcement is the latest in a long line of collaborations between the two companies extending over five years which has seen ForeScout products integrated with McAfee ePolicy Orchestrator as well as other Intel Security technologies.

The integration with the Threat Intelligence Exchange (TIE) takes place using the McAfee Data ExChange Layer (DXL), part of the fabric of communication over which compatible security products can exchange information and collaborate for mitigating threats across the system. By using this layer, customers using the network are able to protect their networks from unmanaged endpoints and BYOD devices using real time endpoint intelligence and threat data.

Fully available product

ForeScout CounterACT is one of the first third-party products to integrate with McAfee TIE over the McAfee Data ExChange Layer open platform, creating a combination of technologies that solves the problem of detecting, assessing and remediating unmanaged Windows devices on corporate networks.

ForeScout's International Marketing Director, Jan Hof, spoke to us and explained that the combined solution is bringing real benefits to a range of users right now, with a number of organisations involved in trials of the products. These include customers in the US Government, Medical, Financial Services and Higher Education markets as well as global partners and one ForeScout Gold Level parter.

ForeScout integration with McAfee TIE

The combination of CounterACT's continuous network monitoring and mitigation capabilities with the Threat Intelligence Exchange from Intel Security provides customers with a powerful way of gaining real-time control and visibility of all their managed and unmanaged endpoints, including BYOD, whether the endpoints have security agents installed or not.

As Jan Hof explained, McAfee's TIE allows real-time endpoint protection. Whereas devices once had their own AV software installed which had to be updated and patched as new threats were identified and mitigated, typically running behind the fact, TIE performs all this centrally and in real time, providing faster mitigation. "And by having CounterACT on the network, the endpoints on the network don't even need a McAfee agent installed. CounterACT just passes a hash to the TIE across the data exchange layer to check against the TIE threat database," Jan told us.

With this proliferation, IoT and BYOD devices circumvent security controls, serving as network-attached launching points for malware. Unfortunately, traditional endpoint security products can't detect whether BYOD computers are infected because the traditional systems rely on agents that are not deployed on BYOD computers. To solve this issue, ForeScout and Intel Security have joined forces to share threat intelligence to control BYOD endpoints without a McAfee software client on the device itself.

When asked how the integrated system knows if a user subsequently performs an action that could result in a threat being introduced to the network, Jan told us that different policies can be created for keeping information up to date once the initial hashes have been passed to the TIE for connected device processes, files and applications. These policies could be based on polling or triggers based on events or 3rd party software.

"If, for instance, a SIEM or Vulnerability Scanner sends a warning for a certain vulnerability to ForeScout CounterACT either over DXL or ForeScout ControlFabric, this can be used as a trigger to send an updated hash of this device to the TIE for further analysis," Jan Hof said.

Overall, the benefits of the ForeScout integration with Intel Security's TIE include:

Bi-directional information sharing

The bi-directional nature of the DXL solves the problem of detecting, assessing and remediating unmanaged Windows devices on corporate networks. The integrated offering enables bi-directional information sharing among existing McAfee security and management systems, helping automate security processes and minimise fragmented security operations.

BYOD visibility

ForeScout CounterACT provides real-time visibility into the customer network, detecting devices the moment they try to connect to the network. If the device is a BYOD Windows device, ForeScout scans the system to identify all running processes to maximise network visibility and security.

Real-time threat ranking

CounterACT requests the threat ranking of all devices’ running processes. Information is shared with ForeScout CounterACT via the McAfee Data ExChange Layer (DXL), prompting the McAfee Threat Intelligence Exchange (TIE) to respond back with a threat score for each process.

Malicious process mitigation

Based on the threat score, CounterACT allows devices to access networks as appropriate. Based on the network security policies, it can quarantine or limit network access of devices that contain malicious processes. In addition, CounterACT can terminate those processes to mitigate risk and remediate the endpoint if needed.

The proliferation of BYOD policies has enabled greater productivity  

With this proliferation, IoT and BYOD devices circumvent security controls, serving as network-attached launching points for malware. Unfortunately, traditional endpoint security products can’t detect whether BYOD computers are infected because the traditional systems rely on agents that are not deployed on BYOD computers. To solve this issue, ForeScout and Intel Security have joined forces to share threat intelligence to control BYOD endpoints without a McAfee client.

Commenting on the integration, Rob Greer, senior vice president at ForeScout Technologies said, “One of the core challenges facing the industry today is that for the most part, security companies simply aren’t sharing information with one another. This hobbled approach results in data siloes and allows threats to spread like wildfire.”  

In conclusion, D J Long, director and head of security innovation alliance at Intel Security said, “ForeScout CounterACT, through its integration with McAfee Threat Intelligence Exchange via the McAfee Data ExChange Layer, applies threat intelligence to unmanaged BYOD devices from contractors, employees, network guests and others. Customers can integrate multiple security components resulting in real-time information sharing between all their solutions.”

Read in detail about the ForeScout integration with McAfee TIE

Read the McAfee White paper on DXL and the Threat Intelligence Exchange

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo