Symantec and ForeScout Delivering a Unified Cyber Security Solution
Government-ForeScout-Solution-Brief
-
Upload
jonathan-reyes -
Category
Documents
-
view
58 -
download
1
Transcript of Government-ForeScout-Solution-Brief
1
Solution Brief
Organizational Challenges
•Preservethetrustofcitizens,other
agenciesandallies’governmentsby
protectingdataprivacy
•Improvesecurityposturewithout
impedinggovernmentservicesorthe
freeflowofinformation
•ComplywithNorthAmerican,
Europeanandinternational
regulatorymandatesanddirectives
designedtoprotectsensitive
information,suchasFISMA,NERC,
ISO/IEC27001andtheGDPR5
•Facilitatestreamlinednetworkaccess
andinformationsharingfortrusted
contractors,researchorganizations
andthepublic
•Achievecontinuousmonitoringand
mitigationcapabilitiesthatleverage
existinginvestments
Technical Challenges
•DiscoverBYOD,IoT,roguedevices
andotherendpointsconnectedto
governmentnetworks
•Controlaccesstoconfidentialdata
•Preventinfectedornon-compliant
devicesfromspreadingmalware
acrossthenetwork
•Enableemployeesandcontractors
tousetheirpersonaldeviceswhile
preservingsecurity
•Guardagainsttargetedthreatsthat
canresultinstolendataandnetwork
downtime
•Measureeffectivenessofsecurity
controlsanddemonstrate
compliancewithregulations
GovernmentGovernment security, privacy and compliance start at the endpoint
ForeScoutTechnologies,Inc.helpsgovernmentITprofessionalsbyhelpingprotectconfidentialdata,demonstratingcompliancewithregulationsandprovidingsecurenetworkaccessforawiderangeofdevicesanduserpopulations.What’smore,ForeScoutachievesthisinacost-effective,efficientandnon-disruptivemanner.
The Challenge
Here’sasmallsampleofdatabreachesthathaveoccurredatgovernment
agenciesin2015:
• TheftofSocialSecuritynumbersandothersensitivepersonalinformationfrom
thecomputersystemsoftheU.S.GovernmentOfficeofPersonnelaffected
roughly21.5millionpeople.1
• BritishIntelligencerecentlyrevealedthatISIShackersinterceptedtopsecret
BritishGovernmentemailsandweretargetinginformationheldbysomeofPrime
MinisterDavidCameron’smostsenioradvisors.2
• Germangovernmentwebsites,includingChancellorAngelaMerkel’spage,were
hackedinanattackclaimedbyagroupdemandingBerlinendsupportforthe
Ukrainiangovernment.3
It’snowondergovernmentagenciestheworldoverareurgentlyseeking
advancednetworksecuritysolutions.Ascyberthreatsincreaseinnumbersand
effectiveness,governmentagenciesmustrethinkhowtoeliminateintrusions,
protectsensitiveinformationandmitigateexposuretocyberattacks.
As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks.
Traditionalnetworksecurityproductsfocusonblockingexternalattackswith
firewallsandintrusionpreventionsystems(IPS).However,insiderthreatscan
doanincredibleamountofdamageintermsofdisruptionstooperations,theft
ofsensitivedataandlossofreputation.Misuseandabuseofdataresourcesby
employeesandcontractorsarerampant,asarerisksassociatedwiththewidearray
ofpersonallyowneddevicesthatareusedtoaccessnetworksduringtheworkday.
Atleast80millioninsiderattacksoccureachyearintheUnitedStatesalone,and
thatfigureonlyincludesreportedattacks.4Onecanonlyimaginethetruenumber
anditsassociatedcosts.
2
Solution Brief
CounterACT as a Cornerstone for Government Cybersecurity
Continuous Diagnostics and Mitigation (CDM) CounterACTaddresseskey
requirementsfortheU.S.Federal
Government’sCDMapproachto
cybersecurityandcanserveas
thecenterpieceofyoursolution,
ensuringcontinuoushardwareand
softwarevisibility,monitoringand
reportingforcomprehensiveasset
management.
Continuous Monitoring and Mitigation (CMM) CounterACTcapabilitiesgobeyond
assetdiscovery,monitoringand
reportingtoaddresstheneedsof
publicsectoragencies.CounterACT
alsoprovidesadvancedaccess
controlandremediationcapabilities
aswellasabroadrangeof
ControlFabricintegrationswithbest-
in-classnetwork,security,mobility
andITmanagementsolutions.
Traditionalendpointsecuritysystemssuchasantivirus,patchmanagementand
encryptionalsoleavealottobedesiredbecausetheyarelimitedtomanaged,
user-basedendpoints.Fartoooften,thesesecuritysystemsarenotfully
operationalandup-to-dateonallendpoints,leavinggapsinprotectionandfailing
toidentifycompromisedendpointsordeterroguewirelessaccesspointsfrom
extendingyournetworkwithoutyourknowledge.
The ForeScout Solution
Ifthereisonethingthatisuniversalamongallgovernmentagencies,it’sthe
necessitytocontinuouslyimprovesecurityandprovecompliance.Manyagencies
atalllevelsofgovernmentuseForeScoutCounterACT™forbothpurposes.
CounterACT’smilitary-gradesecurityprotectsmanyofthenetwork
infrastructuresoftheDoDaswellasthoseofitsmilitarycontractorsand
suppliers.ForeScoutCounterACTiscertifiedattheCommonCriteriaEAL4+
level,theindustry’shighestsecuritycertificationforNetworkAccessControl
(NAC)solutions.ItisincludedintheDoD’sDefenseInformationSystemsAgency
(DISA)UnifiedCapabilitiesApprovedProductsList(UCAPL)ofthosethathave
completedInteroperability(IO)andInformationAssurance(IA)certification,
demonstratingthatitmeetsthegovernment’shighstandardsforsecurity,ease
ofuseanddeployment,lowend-userimpactandinteroperabilitywithexisting
remediationsolutionsandinfrastructure-agnosticrequirements.
ForeScout has more than 100 deployments across all 15 U.S. Federal Cabinet Departments, including all the DoD services. ForeScout is a member of all five teams awarded a CDM contract to date.*
Inmorethan60countries*,ForeScouthelpsgovernmentagenciesatthefederal,
stateandmunicipallevelsmeetthenumerousaccesscontrolandcontinuous
endpointcompliancerequirementswithanagentless,easy-to-deployand
scalablesolution.GovernmentagenciesuseForeScoutCounterACTtoprotect
theircriticalnetworkinfrastructureandsensitivedata,measurecompliancewith
securitypoliciesandimproveoperationalefficiency.Here’show:
SeeCounterACTofferstheuniqueabilitytoseedevicestheinstantthey
connecttogovernmentnetworks,withoutrequiringsoftwareagents
orpriorknowledgeofthedevice.Itseesdevicesotherproductssimply
can’t,suchassmartphones,tablets,laptopsandotheragency-ownedand
personalmobiledevicesaswellasInternetofThings(IoT)devices,and
evendetectsstealthysnifferdevicesthatdonotutilizeanIPaddress.
ControlUnlikesystemsthatflagviolationsandsendalertstoITand
securitystaff,ForeScoutCounterACTactuallyenforcesnetworkaccess
control,endpointcompliance,mobiledevicesecurityandthreatcontrol,in
oneautomatedsystem.Asaresult,citizens,contractorsandgovernment
employeescanaccessnetworkswithoutcompromisingsecurity.In
addition,CounterACTcontinuouslymonitorsdevicesonyournetwork
andimprovestheeffectivenessofyoursecuritypoliciessoyoucan
demonstratecompliancewithregulations.
OrchestrateCounterACTintegrateswithmorethan70network,security,
mobilityandITmanagementproducts*viaitsControlFabric™Architecture.
Thisabilitytoorchestrateinformationsharingandoperationamongmyriad
securitytoolsallowsyouto:
“ “ForeScout improved the visibility into what was connected to the network and helped enforce security policies on devices.”
– Chief Information Officer, U.S. Federal Government
Solution Brief
Copyright © 2016. All rights reserved. ForeScout Technologies, Inc. is a privately held Delaware corporation.
ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are trademarks
or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners.
Version 1_16
ForeScout Technologies, Inc.
900 E. Hamilton Avenue #300
Campbell, CA 95008 USA
Toll-Free (US) 1-866-377-8771
Tel (Intl) +1-408-213-3191
Support 1-708-237-6591
Fax 1-408-371-22843
Learnmoreat
www.ForeScout.com
1http://www.cnn.com/2015/07/09/politics/office-of-personnel-management-data-breach-20-million/
2http://www.mirror.co.uk/news/uk-news/isis-hackers-intercept-top-secret-6428423
3http://www.reuters.com/article/2015/01/07/us-germany-cyberattack-idUSKBN0KG15320150107
4TheDangerfromWithin,HarvardBusinessReview,September2014
5Regulatorylegislationorstandards:TheFederalInformationSecurityManagementAct(FISMA),NorthAmericanElectricReliability
Corporation(NERC),InternationalStandardizationOrganization/InternationalElectrotechnicalCommission(ISO/IEC)andGeneralData
ProtectionRegulation(GDPR).
*AsofOctober2015
•Sharecontextandcontrolintelligenceacrosssystemstoenforceunified
networksecuritypolicies
•Reducevulnerabilitywindowsbyautomatingsystem-widethreat
response
•Gainhigherreturnoninvestment(ROI)fromyourexistingsecurity
toolswhilesavingtimethroughworkflowautomation
Seeing Is Believing
ForeScoutCounterACTissoldaseitheravirtualorphysicalappliancethat
deployswithinyourexistingnetwork,typicallyrequiringnochangestoyour
networkconfiguration.TheCounterACTappliancephysicallyinstallsout-of-band,
avoidinglatencyorissuesrelatedtothepotentialfornetworkfailure.Itcanbe
centrallyadministeredtodynamicallymanagetensorhundredsofthousandsof
endpointsfromoneconsole.