Symantec and ForeScout Delivering a Unified Cyber Security Solution
Government-ForeScout-Solution-Brief
3
1 Solution Brief Organizational Challenges • Preserve the trust of citizens, other agencies and allies’ governments by protecting data privacy • Improve security posture without impeding government services or the free flow of information • Comply with North American, European and international regulatory mandates and directives designed to protect sensitive information, such as FISMA, NERC, ISO/IEC 27001 and the GDPR 5 • Facilitate streamlined network access and information sharing for trusted contractors, research organizations and the public • Achieve continuous monitoring and mitigation capabilities that leverage existing investments Technical Challenges • Discover BYOD, IoT, rogue devices and other endpoints connected to government networks • Control access to confidential data • Prevent infected or non-compliant devices from spreading malware across the network • Enable employees and contractors to use their personal devices while preserving security • Guard against targeted threats that can result in stolen data and network downtime • Measure effectiveness of security controls and demonstrate compliance with regulations Government Government security, privacy and compliance start at the endpoint ForeScout Technologies, Inc. helps government IT professionals by helping protect confidential data, demonstrating compliance with regulations and providing secure network access for a wide range of devices and user populations. What’s more, ForeScout achieves this in a cost-effective, efficient and non-disruptive manner. The Challenge Here’s a small sample of data breaches that have occurred at government agencies in 2015: • Theft of Social Security numbers and other sensitive personal information from the computer systems of the U.S. Government Office of Personnel affected roughly 21.5 million people. 1 • British Intelligence recently revealed that ISIS hackers intercepted top secret British Government emails and were targeting information held by some of Prime Minister David Cameron’s most senior advisors. 2 • German government websites, including Chancellor Angela Merkel’s page, were hacked in an attack claimed by a group demanding Berlin end support for the Ukrainian government. 3 It’s no wonder government agencies the world over are urgently seeking advanced network security solutions. As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks. As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks. Traditional network security products focus on blocking external attacks with firewalls and intrusion prevention systems (IPS). However, insider threats can do an incredible amount of damage in terms of disruptions to operations, theft of sensitive data and loss of reputation. Misuse and abuse of data resources by employees and contractors are rampant, as are risks associated with the wide array of personally owned devices that are used to access networks during the workday. At least 80 million insider attacks occur each year in the United States alone, and that figure only includes reported attacks. 4 One can only imagine the true number and its associated costs.
-
Upload
jonathan-reyes -
Category
Documents
-
view
58 -
download
1
Transcript of Government-ForeScout-Solution-Brief
1
Solution Brief
Organizational Challenges
•Preservethetrustofcitizens,other
agenciesandallies’governmentsby
protectingdataprivacy
•Improvesecurityposturewithout
impedinggovernmentservicesorthe
freeflowofinformation
•ComplywithNorthAmerican,
Europeanandinternational
regulatorymandatesanddirectives
designedtoprotectsensitive
information,suchasFISMA,NERC,
ISO/IEC27001andtheGDPR5
•Facilitatestreamlinednetworkaccess
andinformationsharingfortrusted
contractors,researchorganizations
andthepublic
•Achievecontinuousmonitoringand
mitigationcapabilitiesthatleverage
existinginvestments
Technical Challenges
•DiscoverBYOD,IoT,roguedevices
andotherendpointsconnectedto
governmentnetworks
•Controlaccesstoconfidentialdata
•Preventinfectedornon-compliant
devicesfromspreadingmalware
acrossthenetwork
•Enableemployeesandcontractors
tousetheirpersonaldeviceswhile
preservingsecurity
•Guardagainsttargetedthreatsthat
canresultinstolendataandnetwork
downtime
•Measureeffectivenessofsecurity
controlsanddemonstrate
compliancewithregulations
GovernmentGovernment security, privacy and compliance start at the endpoint
ForeScoutTechnologies,Inc.helpsgovernmentITprofessionalsbyhelpingprotectconfidentialdata,demonstratingcompliancewithregulationsandprovidingsecurenetworkaccessforawiderangeofdevicesanduserpopulations.What’smore,ForeScoutachievesthisinacost-effective,efficientandnon-disruptivemanner.
The Challenge
Here’sasmallsampleofdatabreachesthathaveoccurredatgovernment
agenciesin2015:
• TheftofSocialSecuritynumbersandothersensitivepersonalinformationfrom
thecomputersystemsoftheU.S.GovernmentOfficeofPersonnelaffected
roughly21.5millionpeople.1
• BritishIntelligencerecentlyrevealedthatISIShackersinterceptedtopsecret
BritishGovernmentemailsandweretargetinginformationheldbysomeofPrime
MinisterDavidCameron’smostsenioradvisors.2
• Germangovernmentwebsites,includingChancellorAngelaMerkel’spage,were
hackedinanattackclaimedbyagroupdemandingBerlinendsupportforthe
Ukrainiangovernment.3
It’snowondergovernmentagenciestheworldoverareurgentlyseeking
advancednetworksecuritysolutions.Ascyberthreatsincreaseinnumbersand
effectiveness,governmentagenciesmustrethinkhowtoeliminateintrusions,
protectsensitiveinformationandmitigateexposuretocyberattacks.
As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks.
Traditionalnetworksecurityproductsfocusonblockingexternalattackswith
firewallsandintrusionpreventionsystems(IPS).However,insiderthreatscan
doanincredibleamountofdamageintermsofdisruptionstooperations,theft
ofsensitivedataandlossofreputation.Misuseandabuseofdataresourcesby
employeesandcontractorsarerampant,asarerisksassociatedwiththewidearray
ofpersonallyowneddevicesthatareusedtoaccessnetworksduringtheworkday.
Atleast80millioninsiderattacksoccureachyearintheUnitedStatesalone,and
thatfigureonlyincludesreportedattacks.4Onecanonlyimaginethetruenumber
anditsassociatedcosts.
2
Solution Brief
CounterACT as a Cornerstone for Government Cybersecurity
Continuous Diagnostics and Mitigation (CDM) CounterACTaddresseskey
requirementsfortheU.S.Federal
Government’sCDMapproachto
cybersecurityandcanserveas
thecenterpieceofyoursolution,
ensuringcontinuoushardwareand
softwarevisibility,monitoringand
reportingforcomprehensiveasset
management.
Continuous Monitoring and Mitigation (CMM) CounterACTcapabilitiesgobeyond
assetdiscovery,monitoringand
reportingtoaddresstheneedsof
publicsectoragencies.CounterACT
alsoprovidesadvancedaccess
controlandremediationcapabilities
aswellasabroadrangeof
ControlFabricintegrationswithbest-
in-classnetwork,security,mobility
andITmanagementsolutions.
Traditionalendpointsecuritysystemssuchasantivirus,patchmanagementand
encryptionalsoleavealottobedesiredbecausetheyarelimitedtomanaged,
user-basedendpoints.Fartoooften,thesesecuritysystemsarenotfully
operationalandup-to-dateonallendpoints,leavinggapsinprotectionandfailing
toidentifycompromisedendpointsordeterroguewirelessaccesspointsfrom
extendingyournetworkwithoutyourknowledge.
The ForeScout Solution
Ifthereisonethingthatisuniversalamongallgovernmentagencies,it’sthe
necessitytocontinuouslyimprovesecurityandprovecompliance.Manyagencies
atalllevelsofgovernmentuseForeScoutCounterACT™forbothpurposes.
CounterACT’smilitary-gradesecurityprotectsmanyofthenetwork
infrastructuresoftheDoDaswellasthoseofitsmilitarycontractorsand
suppliers.ForeScoutCounterACTiscertifiedattheCommonCriteriaEAL4+
level,theindustry’shighestsecuritycertificationforNetworkAccessControl
(NAC)solutions.ItisincludedintheDoD’sDefenseInformationSystemsAgency
(DISA)UnifiedCapabilitiesApprovedProductsList(UCAPL)ofthosethathave
completedInteroperability(IO)andInformationAssurance(IA)certification,
demonstratingthatitmeetsthegovernment’shighstandardsforsecurity,ease
ofuseanddeployment,lowend-userimpactandinteroperabilitywithexisting
remediationsolutionsandinfrastructure-agnosticrequirements.
ForeScout has more than 100 deployments across all 15 U.S. Federal Cabinet Departments, including all the DoD services. ForeScout is a member of all five teams awarded a CDM contract to date.*
Inmorethan60countries*,ForeScouthelpsgovernmentagenciesatthefederal,
stateandmunicipallevelsmeetthenumerousaccesscontrolandcontinuous
endpointcompliancerequirementswithanagentless,easy-to-deployand
scalablesolution.GovernmentagenciesuseForeScoutCounterACTtoprotect
theircriticalnetworkinfrastructureandsensitivedata,measurecompliancewith
securitypoliciesandimproveoperationalefficiency.Here’show:
SeeCounterACTofferstheuniqueabilitytoseedevicestheinstantthey
connecttogovernmentnetworks,withoutrequiringsoftwareagents
orpriorknowledgeofthedevice.Itseesdevicesotherproductssimply
can’t,suchassmartphones,tablets,laptopsandotheragency-ownedand
personalmobiledevicesaswellasInternetofThings(IoT)devices,and
evendetectsstealthysnifferdevicesthatdonotutilizeanIPaddress.
ControlUnlikesystemsthatflagviolationsandsendalertstoITand
securitystaff,ForeScoutCounterACTactuallyenforcesnetworkaccess
control,endpointcompliance,mobiledevicesecurityandthreatcontrol,in
oneautomatedsystem.Asaresult,citizens,contractorsandgovernment
employeescanaccessnetworkswithoutcompromisingsecurity.In
addition,CounterACTcontinuouslymonitorsdevicesonyournetwork
andimprovestheeffectivenessofyoursecuritypoliciessoyoucan
demonstratecompliancewithregulations.
OrchestrateCounterACTintegrateswithmorethan70network,security,
mobilityandITmanagementproducts*viaitsControlFabric™Architecture.
Thisabilitytoorchestrateinformationsharingandoperationamongmyriad
securitytoolsallowsyouto:
“ “ForeScout improved the visibility into what was connected to the network and helped enforce security policies on devices.”
– Chief Information Officer, U.S. Federal Government
Solution Brief
Copyright © 2016. All rights reserved. ForeScout Technologies, Inc. is a privately held Delaware corporation.
ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are trademarks
or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners.
Version 1_16
ForeScout Technologies, Inc.
900 E. Hamilton Avenue #300
Campbell, CA 95008 USA
Toll-Free (US) 1-866-377-8771
Tel (Intl) +1-408-213-3191
Support 1-708-237-6591
Fax 1-408-371-22843
Learnmoreat
www.ForeScout.com
1http://www.cnn.com/2015/07/09/politics/office-of-personnel-management-data-breach-20-million/
2http://www.mirror.co.uk/news/uk-news/isis-hackers-intercept-top-secret-6428423
3http://www.reuters.com/article/2015/01/07/us-germany-cyberattack-idUSKBN0KG15320150107
4TheDangerfromWithin,HarvardBusinessReview,September2014
5Regulatorylegislationorstandards:TheFederalInformationSecurityManagementAct(FISMA),NorthAmericanElectricReliability
Corporation(NERC),InternationalStandardizationOrganization/InternationalElectrotechnicalCommission(ISO/IEC)andGeneralData
ProtectionRegulation(GDPR).
*AsofOctober2015
•Sharecontextandcontrolintelligenceacrosssystemstoenforceunified
networksecuritypolicies
•Reducevulnerabilitywindowsbyautomatingsystem-widethreat
response
•Gainhigherreturnoninvestment(ROI)fromyourexistingsecurity
toolswhilesavingtimethroughworkflowautomation
Seeing Is Believing
ForeScoutCounterACTissoldaseitheravirtualorphysicalappliancethat
deployswithinyourexistingnetwork,typicallyrequiringnochangestoyour
networkconfiguration.TheCounterACTappliancephysicallyinstallsout-of-band,
avoidinglatencyorissuesrelatedtothepotentialfornetworkfailure.Itcanbe
centrallyadministeredtodynamicallymanagetensorhundredsofthousandsof
endpointsfromoneconsole.
