Transforming Security

Through Visibility
TM

NAME
TITLE
 Confluence of Macro Trends Creating Visibility Challenges
Growth of Devices and Cloud Adoption Creates IT and OT Convergence
Platform Diversity New Challenges

INFORMATION OPERATIONAL
TECHNOLOGY TECHNOLOGY
DATA CENTER
• 28Bn IP-based devices by 2020
CORPORATE HQ

CLOUD

VIRTUAL SERVERS
SERVERS
• INDUSTRIAL CONTROL
SYSTEMS

• CRITICAL
INFRASTRUCTURE

DESKTOP LAPTOP MOBILE

1990s 2020

› Innumerable device-specific operating systems (OS) › Multiple Device Locations and Access Points › OT networks are no longer physically separated

› Cannot get agents onto new devices › Heterogeneous Environment with Multiple Vendors › Threats moving between cyber and physical dimensions

› Cannot write agent-based software for every OS › De-centralized Management › Assets are highly vulnerable and rarely can be patched

2
ForeScout
Platform
Visibility & Control Gap Vulnerability

Increasing Surface Area of Attack

See: Discover, Classify, and Assess Devices on the Network

DISCOVER all IP-addressable devices at time of connec t

› Type of device › DLP agents › Version number

› Location › Patch management agents › Registry
› Connection type › Encryption agents › File name, dates, and sizes
› Hardware info › Firewall status › Services and processes installed or
› MAC and IP address › Configuration running
› Certificate › Wired, wireless, and VPN › Installed
› Name › Rogue devices › Running
› Authentication status › Type of device › Version number
› Workgroup › Manufacturer › Registry settings
CLASSIFY
› OS type devices
› Email and phone number
into
categories
›
› using a rich set
Connection type
Server name
of data
›
›
Files sizes
Anti-malware / virus / DLP agents
› Version number › Server OS type › Patch management agents
› Registry › Server vendor › Type of device
› File name, dates,
BYOD and sizes › IoT
Guest OS information › Corporate Managed
Location
› Services and processes installed or › Type of device › Connection type
running › Location › Hardware info
› Installed › Connection type › MAC and IP address
ASSESS
› Running device security posture › to take
Hardware info action › Certificate
› Version number › MAC and IP address › Name
› Registry settings › Certificate › Authentication status
› Files sizes › Name › Workgroup
› Anti-malware / virus / DLP agents › Authentication status ! › Email and phone number
› Patch management agents › Workgroup › OS type
› Encryption agents › Email and phone number › Encryption agents
› Firewall status › OS type › Firewall status
› Configuration › Version number › Configuration
› Wired, wireless, and VPN › Registry › Wired, wireless, and VPN
› Rogue devices › File name, dates, and sizes › Rogue devices
Corporate Managed
› Type ofPersonal
device laptop › Security
Services camera
and processes installed or › Type of device
› Manufacturer running › ManufacturerDesktop
› Connection type › Installed › Connection type
› Server name › Running › Server name
› Server OS type › Version number › Server OS type
› Server vendor › Registry settings › Server vendor
› Guest OS information › Files sizes › Guest OS information
5
› Anti-malware / virus /
Control: Implement Policies and Take Action

! NOTIFY
 Open trouble ticket

 Send email notification

 SNMP Traps

 Start application

 Run script to install application

COMPLY
 Auditable end-user acknowledgement


 Deploy a virtualhijack
HTTP browser firewall


 Reassign the device
Trigger endpoint to a VLANsystem
management

 Update access lists

!  DNS hijack (captive portal)

 Move device to a guest network

RESTRICT
Security camera
 Move device to quarantine VLAN

 Block access with 802.1x

 Alter login credentials to block access

 Block access with device authentication

Windows PC
 Turn off switch port (802.1X, SNMP)

 Wi-Fi port block

6
 Terminate applications
Orchestrate: Enhance Value of Existing Security
Solutions
+EXTENDED MODULES
EMM VA

NGFW SIEM

EPP / EDR ATD

ITSM PAM

COMPLIANCE CMT

Advanced Compliance (SCAP)

+BASE MODULES
SDN CLOUD

7
Solution #1– Network Access Control

Network
Device Network Asset Incident
Key Use Cases:
Access
Compliance Segmentation Management Response
Control
• Control access to confidential data based
on device and user profiles
ForeScout Platform
• Prevent infected or noncompliant devices
Campus Data center Cloud
Operational
technology
from spreading malware

• Automatically enforce actions for identified

situations without human involvement

ForeScout can do network access control either with 802.1x or without

802.1x. Many network devices are not ready to do 802.1x. so having a
non-.1x solution is critical.
- IT Central Station Review

8
Solution #2 – Device Compliance

Network
Device Network Asset Incident
Key Use Cases:
Access
Compliance Segmentation Management Response
Control
• Detect and take action against suspicious
or rogue endpoints the instant they access
ForeScout Platform the network

Campus Data center Cloud

Operational
technology
• Achieve device compliance without the
administrative burden or end user inconvenience
of software agents

• Control endpoint configurations according

to organizational best-practice policies and
regulatory
We use the NIST mandates
Framework for internal auditors and external
entities—CounterACT has really helped with bonding back to NIST.
- RWJBarnabas Health 2017

*IDC Business Value Analysis, December 2016

9
Solution #3 – Network Segmentation

Network
Device Network Asset Incident
Key Use Cases:
Access
Compliance Segmentation Management Response
Control
• Gain visibility into what devices are
talking to each other
ForeScout Platform
• Dynamically assign segments as the
Campus Data center Cloud
Operational network and/or devices change
technology
• Prevent select devices from
communicating to other devices in
different areas of the network across the
extended enterprise
ForeScout provides Immediate relocation of network devices to
segregated "Vendor" network based on autonomous analysis.
- IT Central Station Product Review, 2017

10
Solution #4 – Asset Management

Network
Device Network Asset Incident
Key Use Cases:
Access
Compliance Segmentation Management Response
Control
• An accurate picture of connected endpoints,
infrastructure components and BYOD/
ForeScout Platform IoT devices

Campus Data center Cloud

Operational
technology
• Rich contextual data for consumption by
operations staff or third-party tools

• Orchestration of common, closed-loop

processes with ITAM and other
complementary IT services
We found a lot of industrial control systems, HVAC, building
automation systems—a lot of devices with embedded OSs.
- State of Missouri 2017

11
Solution #5 – Incident Response

Network
Device Network Asset Incident
Key Use Cases:
Access
Compliance Segmentation Management Response
Control
• Remediate mis-configured, vulnerable & non-
compliant virtual & physical devices
ForeScout Platform
• Hunt for vulnerabilities, IOCs & other
Campus Data center Cloud
Operational
technology
attributes provided by leading threat
detection, VA & SIEM vendors

• Automate mundane IT tasks natively or in

concert with leading ITSM & security
orchestration vendors
300 hours to less than 18 hours per month reduction in user
downtime and system restoration time.
- Hillsborough Community College 2017

12
Our Product Vision

THE DEFACTO STANDARD FOR DEVICE VISIBILITY & CONTROL ACROSS THE ENTERPRISE

Campus Data Center Cloud Operational Technology

Physical Building
Laptops / Security Automation
Network Desktops Mobile Badging Servers Private Cloud Public Cloud

Users IoT Devices Virtual Servers Security Physical Controller

Equipment Systems

ForeScout Confidential – Do Not Distribute 13

Why Customers Choose ForeScout

1. Visibility
 Continuous monitoring
 Agentless deployment

2. Time-to-Value
 Rapid installation
 Existing IT systems

3. Orchestration
 Fragmentation reduction
 Automated response

14
We are a Proven Cybersecurity Partner

Gartner IoT Security Market Guide

Gartner, 2016
JP Morgan Chase Hall of Fame
Innovation Award for Transformative Deloitte’s Fastest Growing
Security Technology Companies in North America
JPMC, 2016 Deloitte, 2017
Gartner NAC Market Market Guide
Gartner, 2016

Scale Customers Licenses Net Promoter Score

1M+ 2500+ 52M+ 77

Devices in a single In over 70 Total device capacity Above industry
deployment countries sold average

15
References

• IDC Business Value Report (slides 8, 9,12) –

https://www.forescout.com/idc-business-value/
• IT Central Station (slides 8, 10) – www.itcentralstation.com
• ForeScout Customer Reference (slides 9,11,12) - https://www.forescout.com
/company/customers/

16