Romy Arifin

Romy.arifin@Westcon.com
 Outdated NAC misconceptions

Complex architecture

Requires reconfiguration and upgrade of existing switches

Requires installation of endpoint agents

Requires 802.1X

Long drawn-out implementations

Brittle, prone to disruption and breakage

2015 ForeScout Technologies, Page 3

 Fast and easy deployment
No infrastructure changes
or network upgrades
No need for endpoint agents
802.1X is optional
Integrated appliance
(physical or virtual)
Streamline and automate
existing IT processes
Guest registration
MDM enrollment
BYOD onboarding
Asset intelligence

Shift away from restrictive Integrate with other IT systems

allow-or-deny policies
Break down information silos
Flexible controls, based on
user and device context Reduce window of vulnerability
by automating controls & actions
Preserve user experience

2015 ForeScout Technologies, Page 4

 # 1
Strong Foundation Market Leadership Enterprise Deployments
In business 13 years Network Access 1,700+ customers worldwide
Campbell, CA Control (NAC) Market Financial services, government,
headquarters Leader healthcare, manufacturing,
200+ global channel Focus: Continuous retail, education
partners monitoring and From 500 to >1M endpoints
mitigation

2015 ForeScout Technologies, Page 5

 *Magic Quadrant for Network Access **NAC Competitive Landscape
Control, December 2014, Gartner Inc. April 2013, Frost & Sullivan

**Frost & Sullivan 2013 report NC91-74, Analysis of the Network Access Control
Market: Evolving Business Practices and Technologies Rejuvenate Market
Growth Chard base year 2012.

*This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from ForeScout. Gartner
does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any
warranties of merchantability or fitness for a particular purpose. Gartner "Magic Quadrant for Network Access Control, Lawrence Orans and Claudio Neiva, December 10, 2014.

2015 ForeScout Technologies, Page 6

 1 Visibility

2 Access Control

3 Onboarding )

4 Interoperability

5 Easy Deployment

2015 ForeScout Technologies, Page 7

 Discovery and inspection - who, what, where
1 Visibility Managed, unmanaged, corporate, BYOD, rogue

Flexible policies - allow, alert, audit, limit, block

2 Access Control 802.1X, VLAN, ACL, virtual firewall, hybrid-mode

Guest management and BYOD onboarding

3 Onboarding Automated MDM enrollment

Works with your existing IT infrastructure

4 Interoperability ControlFabric open integration architecture

Fast implementation, agent-less, all-in-one appliance

5 Easy Deployment Multi-vendor environments, no upgrades needed

2015 ForeScout Technologies, Page 8

 Who are you? Who owns your What type of Where/how are What is the
device? device? you connecting? device hygiene?

Employee Corporate Windows, Mac Switch Configuration

iOS, Android Controller Software
Partner VPN
BYOD VM Services
Contractor Port, SSID
Patches
Non-user IP, MAC
Guest Rogue devices VLAN Security Agents

2015 ForeScout Technologies, Page 9

 CORE LAYER SWITCH
AD / LDAP / RADIUS / DHCP VPN CONCENTRATOR FIREWALL INTERNET

USER OS
NAME DISTRIBUTION BROWSER AGENT
WHO?

EMAIL
TITLE
LAYER
SWITCH
WHAT? PORTS
GROUPS PROTOCOLS

CORPORATE LAN GUEST LAN VPN CLIENTS

INTERNAL EXTERNAL
MAC ADDRESS
APPS REGISTRY
IP ADDRESS
SERVICES PATCHES
POSTURE? PROCESSES ENCRYPTION WHERE?

SWITCH IP
CONTROLLER IP
VERSIONS ANTIVIRUS
PORT / SSID / VLAN

2015 ForeScout Technologies, Page 10

 Device Operating System Security Agents
Type of device OS Type Anti-malware/DLP agents
Manufacturer Version number Patch management agents
Location Patch level Encryption agents
Connection type Services and processes Firewall status
installed or running
Hardware info Configuration
Authentication Registry

MAC and IP address File names, dates, sizes Network

Certificates Malicious traffic
Applications Rogue devices
User Installed

Name Running Peripherals

Authentication Status Version number Type of device

Workgroup Registry settings Manufacturer

Email and phone number File sizes Connection type

2015 ForeScout Technologies, Page 12

 Complete Situational Awareness

2015 ForeScout Technologies, Page 13

 Complete Situational Awareness

See Devices:
Managed, Unmanaged,
Wired, Wireless,
PC, Mobile

2015 ForeScout Technologies, Page 14

 Complete Situational Awareness

Filter Information By:

Business Unit,
Location,
Device Type

2015 ForeScout Technologies, Page 15

 Complete Situational Awareness

See Device Details:

What, Where,
Who

2015 ForeScout Technologies, Page 16

 Complete Situational Awareness

Site Summary:
Devices,
Categories

2015 ForeScout Technologies, Page 17

 Authentication Options Access Control Options
LDAP based Directory Systems VLAN Assignment
MAC Address Lists
ACL Management
RADIUS/802.1X
Virtual Firewall
Guest Registration

External Repositories 802.1X Block, VLAN, ACL

Flexible Implementation Hybrid Mode

Direct integration with directory 802.1X for wireless,
systems and external databases non-802.1X for wired
Built-in RADIUS Use 802.1X as default, fall back
Can operate as RADIUS proxy to non-802.1X if needed

2015 ForeScout Technologies, Page 18

 Modest
Alert / Allow
Open trouble ticket
Send email notification
SNMP Traps
Start application
Run script
Auditable end-user
acknowledgement
Send information to external
systems such as SIEM etc.
HTTP browser hijack
2015 ForeScout Technologies, Page 19
Trigger / Limit
Deploy a virtual firewall around
the device
Reassign the device to a VLAN
with restricted access
Update access lists (ACLs) on
switches, firewalls and routers to
restrict access
DNS hijack (captive portal)
Automatically move device to a
pre- configured guest network
Trigger external controls such as
endpoint protection, VA etc.
Strong
Remediate / Block
Move device to quarantine VLAN
Block access with 802.1X
Alter login credentials to block
access, VPN block
Block access with device
authentication
Turn off switch port (802.1X,
SNMP)
Install/update agents, trigger
external remediation systems
Wi-Fi port block
 Visibility of corporate and WEB EMAIL CRM

personal devices
EMPLOYEE

Automated onboarding
Identify device CONTRACTOR

Identify user
GUEST
Assess compliance

Flexible policy controls UNAUTHORIZED

Register guests
Grant access (none, limited, full)
Enforce time of day, connection type, device type controls

Block unauthorized devices from the network

2015 ForeScout Technologies, Page 20
 User Type

Guest Contractor/Partner Employee

Authenticate via
Corporate Credentials
Guest Registration Authenticate via
Contractor Credentials

Personal Device Corporate Asset

Sponsor
Authorization BYOD Posture Check BYOD Corporate Asset
Posture Check Posture Check

Internet Access Limited Internal Access Internal Access

2015 ForeScout Technologies, Page 21

 2015 ForeScout Technologies, Page 23
 2015 ForeScout Technologies, Page 24
 Visibility of all devices,
unmanaged & rogue
Does not require agents
Automate agent installation,
activation, update
Quarantine and remediate
Bi-directional integration
Endpoint protection
Vulnerability Assessment
Advanced Threat Detection
Patch management ForeScout

2015 ForeScout Technologies, Page 25

 ForeScout sends both low-level (who, what, where) and high-level (compliance status)
information about endpoints to SIEM

SIEM correlates ForeScout information with information from other sources and
identifies risks posed by infected, malicious or high-risk endpoints

SIEM initiates automated risk mitigation using ForeScout

ForeScout takes risk mitigation action on endpoint
Initiate Mitigation
SIEM
Real-time Info
Correlate, Identify Risks
Remediate

Quarantine

2015 ForeScout Technologies, Page 26

 Easy to use
802.1X not mandatory
Non-intrusive, audit-only mode
No agents needed (dissolvable or persistent agent can be used)

Fast and easy to deploy

All-in-one appliance
Out-of-band deployment
No infrastructure changes or network upgrades
Rapid time to value unprecedented visibility in hours or days
Physical or virtual appliances

Ideal for multi-vendor, heterogeneous network environments

2015 ForeScout Technologies, Page 28
 DATACENTER

USER
DIRECTORY

SCCM
CORE
SWITCHES
ENDPOINT
PROTECTION

COUNTERACT
ENTERPRISE SIEM
MANAGER

VA

MDM

ATD

REMOTE USERS VPN CONCENTRATOR

2015 ForeScout Technologies, Page 30

 DATACENTER

ACTIVE
DIRECTORY

SCCM
CORE
SWITCHES
ENDPOINT
PROTECTION

COUNTERACT
ENTERPRISE SIEM
MANAGER

VA

MDM

ATD

REMOTE USERS VPN CONCENTRATOR

2015 ForeScout Technologies, Page 31

 DATACENTER

CounterACT Deployed at the Core Layer

ACTIVE
DIRECTORY

SCCM
CORE
SWITCHES
ENDPOINT
PROTECTION

COUNTERACT
ENTERPRISE SIEM
MANAGER

VA

MDM

ATD

REMOTE USERS VPN CONCENTRATOR

2015 ForeScout Technologies, Page 32

 DATACENTER

CounterACT Deployed at the Distribution Layer

ACTIVE
DIRECTORY

SCCM
CORE
SWITCHES
ENDPOINT
PROTECTION

COUNTERACT
ENTERPRISE SIEM
MANAGER

VA

MDM

ATD

REMOTE USERS VPN CONCENTRATOR

2015 ForeScout Technologies, Page 33

 DATACENTER

CounterACT Deployed at the Access Layer

ACTIVE
DIRECTORY

SCCM
CORE
SWITCHES
ENDPOINT
PROTECTION

COUNTERACT
ENTERPRISE SIEM
MANAGER

VA

MDM

ATD

REMOTE USERS VPN CONCENTRATOR

2015 ForeScout Technologies, Page 34

 What surprised us the most was the amount of network visibility
Visibility that ForeScout CounterACT gave us. From a single location we can
1 tell which switch and which port connect to a particular host. This
International Rectifier
is tremendous because its visibility that we didnt have before.

14 locations, 2600 endpoints. We quickly saw that CounterACT

Access Control was extremely simple to implement since 802.1X does not need to
2 be applied to all the devices. This allowed for faster and easier
Unidad Editorial
deployment and a broader range of device protection.

Our search was prompted by the BYOD phenomenon, with

Onboarding students bringing more and more devices on to the network.
3 CounterACT provided the scalable, non-intrusive answer, enabling
Nottingham Trent University
all users easy and secure access to our wireless network.

The integration aspects of ForeScout are definitely a timesaver

Interoperability because now I don't have to micromanage ten different security
4 Pioneer Investments products to achieve the same effect. The interoperability & rules
engine allows us to use the product across more applications.

It took only five days to deploy CounterACT across the entire

Easy Deployment environment, monitoring all 15,000 endpoints and servers.
5 Vistaprint CounterACT provided real-time visibility into the complete
environment without the need for agents.

2015 ForeScout Technologies, Page 35

 Fast and easy to
deploy

Agentless and
non-disruptive

Scalable, no
re-architecting

2015 ForeScout Technologies, Page 36

 Fast and easy to Infrastructure
deploy Agnostic

Agentless and Works with mixed,

non-disruptive legacy environment

Scalable, no Avoid vendor

re-architecting lock-in

2015 ForeScout Technologies, Page 37

 Fast and easy to Infrastructure Flexible and
deploy Agnostic Customizable

Agentless and Works with mixed, Optimized for

non-disruptive legacy environment diversity and BYOD

Scalable, no Avoid vendor Supports open

re-architecting lock-in integration standards

2015 ForeScout Technologies, Page 38

 Questions?

2015 ForeScout Technologies, Page 39

 Pervasive Network Security
an IT Game Changer

2015 ForeScout Technologies, Page 40