Looking to enable better business agility while boosting continuous monitoring capabilities, ForeScout Technologies has rolled out the ControlFabric platform, which enables disparate IT security products from multiple vendors to dynamically share information, with analytics and other tools wrapped in to make it all actionable.
“IT organizations require defenses that not only interoperate with each other but also provide more value than the individual solutions deliver on their own. It’s about maximizing their ROI in people, process and tools,” said Gord Boyce, CEO of ForeScout.
ForeScout ControlFabric is an open platform that enables ForeScout CounterACT and other third-party IT solutions to exchange information and mitigate a wide variety of network and endpoint security concerns – eliminating security silos. The company's CounterACT real-time visibility platform can share intelligence bidirectionally with the other security and management systems that interoperate through ForeScout’s ControlFabric Interface, and it receives information from these systems to trigger security policies. This allows enterprises to apply broader network-based controls by leveraging existing IT security and management tools that heretofore have been limited to analyzing, alerting and reporting information (e.g. SIEM, VA and ATP).
Developers and IT staff can flexibly configure the platform to account for specific company needs. For instance, in one real-world example, one financial customer of the company sends information to the platform whenever a user connects to the network via VPN. ForeScout then sends operational details, such as which device, what the configuration is and the location, to a homegrown system that keeps track of where a user is and the resources that they typically use and are approved to use. If the information satisfies the policy framework, the system sends ForeScout an okay, which it verifies before sending the connection to a firewall that puts the device in a policy area appropriate to the user.
The launch comes as the sheer exponential growth of devices that connect to the corporate network have deepened the complexity of the threat landscape, as has the move to cloud applications and storage, and anytime, anywhere access to corporate resources. IT departments struggle to monitor and gain visibility over the bring-your-own device (BYOD) phenomenon, and rogue devices and non-compliant systems are common. However, resource-strapped IT departments struggle to manage it all and as a consequence, an enterprise’s exposure to targeted attacks escalates.
“Continuous monitoring in real time is an ever-increasing requirement, and in terms of compliance, is a core tenet of popular industry standards,” said Fran Howarth of Bloor Research, in a statement. “Extraordinary growth in the consumerization of IT has led to the recognition that greater visibility and broader network-based control is required for remediating endpoint issues, which are growing in both volume and severity.”
To optimize IT resources and responsiveness, organizations require real-time operational insight and efficient means to resolve security problems and contain incidents. And that means that ideally, data from all network systems should be correlated and made actionable for IT staff, in real time, so that threats and policy violations can be easily flagged and remediated.
“The capabilities of today's generation of [network access control] technologies mean that every device connecting to the network can be automatically identified, controlled, remediated and continuously monitored,” Howarth said. “By leveraging open standards, ForeScout’s ControlFabric platform offers a wealth of opportunity for ISVs, system integrators and customers to gain greater operational context and controls that advance an organization’s network security capabilities towards continuous compliance.”
The ControlFabric platform includes base integrations in the form of CounterACT plug-ins that work with popular network infrastructure, endpoints, directories, systems management, such as Microsoft SCCM, and endpoint security software, such as anti-virus. It also offers a vulnerability assessment (VA) that will trigger a scan of new devices the moment they join the network, plus add the ability to perform a remediation action, such as quarantining an endpoint and/or initiating a software update, as soon as the VA product identifies a serious vulnerability. The integration module currently supports Tenable Nessus, with support for McAfee Vulnerability Manager and Qualys planned, the company said.