Security Vendors and Their Technology: Working Better, Together

The IT security technology arsenal does not come from one box – or one vendor
The IT security technology arsenal does not come from one box – or one vendor

For the information security vendors, someone like Morris Altman wears many hats. He’s an end-user, a customer, a reference, and likely at times a post-market tester who works in real-world conditions. That’s because Altman’s day job is director of network services at Queens College, part of the City University of New York (CUNY) system.

Altman is also the school’s internet security officer, and his responsibilities include managing operations of the college’s servers, wired and wireless networks, its telephone system, and also IT security. At Queens College he oversees a user base of more than 5000 computers on the school’s wired network, while an equal number – if not more – traverse the school’s wireless network. Whereas the wired network is reserved for faculty, staff, and on-campus computer labs, the wireless network is the domain for students and guests.

It’s this often unruly wireless network that, over time, has presented the biggest IT security challenge for Altman and his staff. “All of the students’ devices use are on the wireless network and treated as if they are outside of the college’s network, similar to the way a computer from an ISV connection would be treated”, he tells me.

Altman admits that some of the other large challenges facing the school’s network environment are identical to what any corporate setting would experience: keeping computers up to date for anti-virus, operating system and application patches. “And, of course, somehow computers still get infected and we need to stop them from doing damage”, he laments.

There is one area where IT security on campus is far ahead of the corporate curve. When it comes to the bring your own device (BYOD) growing pains many IT and security departments have endured over the last several years, Altman considers this old hat from his chair. “We have been dealing with BYOD since the first portable computers were invented, many, many years ago”, he reflects. “We have been used to this for quite some time.”

These early portable devices were a challenge in that they would bring in infections that they picked up from outside the college’s network, Altman explains. The resulting chaos required a solution, so about a decade ago Queens College enlisted ForeScout and its CounterACT network access control (NAC) product.

And as for those infections brought in from portable devices? “That stuff has been stopped by the IPS portion of ForeScout CounterACT”, he relays, adding that the product has been an extremely successful investment. “When worms were first breaking out, we would have hundreds of computers get infected. When we brought in ForeScout CounterACT, the first time there was a worm, three computers were infected, the others had infections stopped right there on the device, and the users received pop-up messages telling them why their computer was being blocked from accessing the network. It was a huge change for us – a huge win. Not only did it stop hours and hours of work dealing with infected computers and tracking them, it also gave the people who had the problem an immediate notification so they knew what was happening.”

But as any real-world practitioner knows, the IT security technology arsenal does not come from one box – or one vendor. Altman recalls Queens College’s history, as the school’s network has been downed a number of times. The NAC purchase helped combat this problem, but more issues continue to pop up – and that’s where vendor product integration is critical. “Now with concerns about data leakage, we also use CounterACT integrated with FireEye technology and it detects when a computer on the network tries to communicate with a command-and-control server”, he explains. “As soon as that happens we will then block the connection before data transmits.”

In fact, ForeScout has an extensive recent track record of integration deals with fellow security vendors, even those that specialize in the same niche of the security technology market – among them, AirWatch, Tenable, McAfee and Qualys. The Campbell, California-based company, however, is hardly the only security vendor playing nice with others in the industry in the name of a greater good. As far back as 2010, Qualys and Imperva teamed up to integrate their web security scanning software and firewall offerings. That same year, McAfee introduced its Security Connected initiative, which focused on allowing organizations to integrate various information security technologies.

“They are pushing integration with other vendor’s products”, Altman says of ForeScout. “That’s where they are starting to excel over other vendors.”

It’s this type of leadership that led Symantec’s former CEO to proclaim ForeScout the Vendor of the Year at the 2014 RSA Conference in San Francisco. And while this accolade may be well deserved, what is apparent from a survey of the industry is that there are many leaders in the race to cooperate, win customers and – most importantly – secure the cyber space.

What’s hot on Infosecurity Magazine?