Enter your keyword

Transforming Security Through Visibility with ForeScout

ForeScout

The Challenge

Without a cutting-edge IoT security solution—one that begins with agentless visibility—IoT devices are invisible (and potentially unwanted) guests on your network. Video surveillance systems, projectors, smart copiers and printers, industrial controls and HVAC systems are common in most businesses today. These devices become more intelligent and valuable when networked, but when compromised, they can quickly become hackers’ favorite hardware. The “things” on this ever-expanding list of devices share one common trait—they include lightweight operating systems that don’t support software agents that traditional security tools require to discover and manage them. While industry analysts debate the pace of IoT’s phenomenal growth, enterprise IT staff have a more immediate concern: identifying the agentless devices that already reside on their networks. This critical lack of visibility insight is concerning in light of these facts:

  • Nearly half of U.S. organizations using some sort of IoT network (48%) have experienced a recent security breach.1
  • Less than 10 percent of new devices connecting to corporate networks will be manageable by traditional methods by 2020.2
  • There will be 29 billion connected things in use worldwide by 2020.3

 

IoT innovation and corporate networks

The vast majority of IoT devices today are used by businesses, not consumers. In fact, business/manufacturing, healthcare and retail account for nearly 79 percent of networked devices today.4 These devices are designed to capture and share information or automate functions—making them perfect candidates for IP-based network connectivity. Unfortunately, since they have minimal system resources and often include proprietary operating systems, they are not capable of accommodating management agents, leaving them invisible to traditional security management systems. Nonetheless, they are showing up on wired and wireless enterprise networks with little regard as to how they will be secured or the risk they pose to the businesses and government agencies that have so aggressively embraced them.

 

The ForeScout Solution:

The majority of new devices connecting to networks today are unmanaged IoT endpoints. ForeScout helps organizations ensure IoT device security in three distinct ways:

  1. See The ForeScout platform offers the unique ability to see devices the instant they connect to your network, without requiring software agents. We take this a step further by classifying devices and validating their identities. This key capability is essential for improving your endpoint compliance posture as well as defining your IoT security and enforcement policies. In addition, the ForeScout platform continuously monitors IoT devices, ports and connections.
  2. Control Once you understand each IoT device on your network, its owner and purpose, The ForeScout platform enables a broad range of network access controls. You can restrict access to a non-compliant device, block Internet access, quarantine any device based upon anomalous behavior and/or notify its owner of a security concern. And should you choose to isolate various devices to a various network segment or VLAN, the ForeScout platform simplifies this process.
  3. Orchestrate Without the ForeScout platform, third-party management solutions are blind to unmanaged and IoT endpoints. ForeScout extends our platform’s agentless visibility and control capabilities to leading network, security, mobility and IT management products via more than 20 ForeScout Extended Modules.* This unique ability to orchestrate multivendor security allows you to:
    • Share context and control intelligence among systems to enforce unified network security policy
    • Reduce vulnerability windows by automating system-wide threat response
    • Gain higher return on investment from your existing security tools while saving time through workflow automation

 

Passive-Only Monitoring — Inventory OT Devices Safely

Industrial IoT and critical infrastructure systems create unique visibility challenges. Most of these devices can’t support agents, and they are especially sensitive to active probing and scanning techniques that can cause system and business disruption. To address these concerns, the ForeScout platform now allows you to use passive-only discovery and profiling techniques in such environments without actively scanning or interrogating connected devices. ForeScout’s passive discovery and profiling techniques glean information by inspecting network traffic, directly integrating with network infrastructure and monitoring various networking protocols. This enables you to gain device visibility without scanning or accessing connected devices, thereby minimizing operational risk in OT environments. It removes traditional blind spots within your extended enterprise network and gives you an accurate, real-time inventory of these devices.

 

IoT Risk Assessment — Reduce Your Attack Surface

With IoT devices, weak and default credentials are an easy attack surface to exploit. Botnets such as Mirai take advantage of these weak credentials and harvest millions of IoT devices to disrupt critical services. The ForeScout platform allows you to assess and identify IoT devices with factory-default or weak credentials and automate policy actions to mitigate risk. You can use the ForeScout-provided IoT credentials library or your own custom credential library to identify devices using factory-default or commonly used credentials and SNMP strings in IoT devices. For high-risk devices with weak credentials, you can use ForeScout policies to automate risk-mitigation actions such as isolating or segmenting the devices until they are remediated.