ForeScout Technologies, Inc., a leading provider of real-time network security solutions for Fortune 1000 enterprises and government organizations, and FireEye®, Inc. the leader in stopping today’s new breed of cyberattacks, announced an integrated approach to dynamically mitigate advanced persistent threats (APTs) and zero-day attacks. By combining the ForeScout CounterACT platform with the FireEye threat protection platform, enterprises can rapidly identify, verify and quarantine APTs, botnets and propagating malware affecting systems in distributed and “bring your own device” (BYOD) environments. As a result, companies can reduce breaches, data leakage and reputation risks while preempting costly investigation and remediation tasks.
The ForeScout FireEye solution will be demonstrated during the InfoSec Europe conference at Kensington, London from April 23 25, 2013 in stand J10.
“Being vigilant in regards to updating signatures and reputation lists, or monitoring for network anomalies is no longer good enough,” said Morris Altman, director of network services and information security officer at Queens College. “With FireEye and ForeScout, we know the details, security posture and activity of all devices on our network, and we can automatically isolate violations, malware and affected systems before anything gets out of hand.”
According to FireEye’s 2H2012 Advanced Threat Report, on average, a malware event occurs at a single organization once every three minutes, and the number of infections per company has nearly quadrupled since last year. This activity can include the receipt of a malicious email, a user clicking a link on an infected website, or an infected machine making a callback to a command and control server. In many cases, the malware is so new or has morphed to such an extent that conventional signature-based protection is unavailable, which is called a “zero-day attack.” Worse yet, the host-based defenses that should be on every system connecting to a corporate network are in many cases outdated, corrupt or non-existent. By the time an organization discovers an insecure system or an advanced threat, the damage is already done, and the cost to investigate issues and remediate systems is high. Companies can dramatically reduce their vulnerability footprint and avoid unplanned operating expenditures by assuring endpoint compliance, identifying advanced threats and isolating affected systems and malware connectivity.
“FireEye’s goal is to enable companies to advance their security strategies while helping them to stop modern malware and attack methods, such as zero-day attacks and APT. To accomplish this requires that organizations further coordinate their defenses,” said Tim Mather, chief security officer at FireEye. “By joining our best-of-breed solution, the partnership with ForeScout provides our customers with the level of correlated control and automated response necessary to address a broad array of advanced cyber threats.”
The FireEye platform creates a cross-enterprise threat protection fabric using a next-generation threat detection engine, dynamic threat intelligence and interoperability with a broad ecosystem of technology alliance partners to secure all major threat vectors and enable rapid detection, validation and response to cyberattacks. Partner integrations, such as that with ForeScout, can utilize FireEye APIs and standards-based Threat Intelligence Metadata to address the network visibility, endpoint validation and enforcement options needed by today’s organizations to automate key cybersecurity workflows.
ForeScout CounterACT is a real-time security platform that delivers complete visibility and automated control for all devices, users, systems and applications attempting to connect to an enterprise network wired or wireless, managed or unmanaged, PC or mobile. Working together, FireEye MPS (malware protection system) identifies attacks and blocks any outbound malware activity while simultaneously informing CounterACT of the affected system and threat severity. In turn, CounterACT applies an enforcement policy, which may include: quarantining the endpoint; blocking or limiting specific communications between the endpoint and other systems; reporting rich details about the endpoint; notifying the end-user and/or administrator; and triggering system remediation.
“In order to satisfy business demand for greater accessibility and device diversity, organizations require better coordinated controls to address broader, faster and more sophisticated threats” said Gil Friedrich, vice president of technology at ForeScout. “The joint ForeScout FireEye solution not only provides an effective means to detect advanced threats, but an efficient way to thwart such attacks before they can do significant damage demonstrating the value of security control automation.”
Together ForeScout CounterACT and the FireEye platforms offer enterprises:
• Automated breach response in real time - Take decisive and automated actions for any compromised devices on your network. When FireEye MPS determines that an endpoint may have been compromised, it can prevent data exfiltration and notify ForeScout CounterACT to quarantine the endpoint and optionally initiate remediation based on device type, location, severity and other policy elements.
• Real-time visibility - Readily gain operating and security details of all devices on your network, including unauthorized devices, BYOD devices, those with configuration violations and those that have been breached.
• Endpoint security assurance - Reduce enterprise risk by ensuring that endpoints have complete, updated and active defenses according to policy. ForeScout CounterACT works without requiring agents to provide find and fix security gaps on both systems you own and those you do not.
• Flexible, policy enforcement - FireEye MPS leverages ForeScout CounterACT’s mechanisms to enforce security policies using ACL, Firewall, WLAN and VLAN assignment and unique ForeScout Virtual Firewall technology to isolate all or specified endpoint communications.
• Layered defense for advanced threats - FireEye MPS real-time protection stops APTs regardless of whether they are incoming, propagating or actively exfiltrating data. As part of a layered defense, FireEye MSP complements ForeScout’s ActiveResponse™ technology within ForeScout CounterACT that blocks attack behavior.
The ForeScout CounterACT plug-in for FireEye is available to CounterACT customers under active maintenance at no additional charge. For further information on threat protection, download the “CISO Guide to Advanced Threat Protection.”
About FireEye, Inc.
FireEye pioneered the next generation of threat protection to help organizations protect themselves from being compromised. Cyber attacks have become much more sophisticated and are now easily bypassing traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways, compromising the majority of enterprise networks. The FireEye platform supplements these legacy defenses with a new model of security to protect against the new breed of cyber attacks. The unique FireEye platform provides the industry’s leading cross-enterprise threat protection fabric to dynamically identify and block cyber attacks in real time. The core of the FireEye platform is a signature-less, virtualized detection engine and a cloud-based threat intelligence network, which help organizations protect their assets across all major threat vectors, including Web, email, mobile, and file-based cyber attacks. The FireEye platform is deployed in over 40 countries and more than 1,000 customers and partners, including over 25 percent of the Fortune 100.
About ForeScout Technologies, Inc.
ForeScout (forescout.com) enables organizations to accelerate productivity and connectivity by allowing users to access corporate network resources where, how and when needed without compromising security. ForeScout’s real-time network security platform for access control, mobile security, endpoint compliance and threat prevention empower IT agility while preempting risks and eliminating remediation costs. Because the ForeScout CounterACT solution is easy to deploy, unobtrusive, intelligent and scalable, it has been chosen by more than 1,400 of the world’s most secure enterprises and military installations for global deployments spanning 37 countries. Headquartered in Cupertino, California, ForeScout delivers its solutions through its network of authorized partners worldwide. Learn more at forescout.com.
© ForeScout Technologies 2013. ForeScout CounterACT is a trademark of ForeScout Technologies, Inc. All names mentioned are trademarks of their respective owners.
Katherine Nellums, LEWIS Pulse
P: +1 415.432.2441 - E: knellums[.]lewispulse.com.