Presentation is loading. Please wait.

Presentation is loading. Please wait.

So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.

Published byBrett Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015."— Presentation transcript:

1 So how to identify exactly who and what is on your network at any point in time?
Andrew Noonan, SE ForeScout February 2015

2 ForeScout is a Leader in the NAC Market
#1 Strong Foundation Market Leadership Enterprise Deployments In business 13 years Campbell, CA headquarters 200+ global channel partners Independent Network Access Control (NAC) Market Leader Focus: Pervasive Network Security 1,700+ customers worldwide Financial services, government, healthcare, manufacturing, retail, education From 500 to >1M endpoints ForeScout Confidential

3 Inadequate Visibility Means Security Gaps
Corporate Resources Non-corporate VISIBLE NOT VISIBLE Antivirus out of date Endpoints Unauthorized application Agents not installed or not running Network Devices Applications Users

4 Inadequate Collaboration
VA MDM Patch APT Inadequate Collaboration

5 Detection-Mitigation Divide

6 Impacts to the Enterprise
+ IT Risks + IT Costs Greater IT Security Risks Greater IT Costs $ Investigation Mitigation Rogue devices System breach Data leakage Compliance violation

7 + Coordinated Controls
Desired State Real-time Visibility + Coordinated Controls Ticketing Remediation Systems Management Endpoint Security Wireless SIEM Switches MDM AAA Vulnerability

8 ForeScout CounterACT Visibility Access Control Onboarding
Discovery and inspection - who, what, where Managed, unmanaged, corporate, BYOD, rogue Access Control Flexible policies - allow, alert, audit, limit, block 802.1X, VLAN, ACL, virtual firewall, hybrid-mode Onboarding Guest management and BYOD onboarding Automated MDM enrollment Interoperability Works with your existing IT infrastructure ControlFabric open integration architecture Ease of Deployment Fast implementation, agent-less, all-in-one appliance Multi-vendor environments, no upgrades needed 1 2 3 4 5

9 Continuous Monitoring and Mitigation
Continuous Visibility Endpoint Mitigation Endpoint Authentication & Inspection Network Enforcement Information Integration

10 1. Visibility Who are you? Who owns your device? What type of device?
Where/how are you connecting? What is the device hygiene? Employee Partner Contractor Guest Corporate BYOD Rogue Windows, Mac iOS, Android VM Non-user devices Switch Controller VPN Port, SSID IP, MAC VLAN Configuration Software Services Patches Security Agents

11 Network Visibility WHO? WHAT? WHERE? POSTURE? INTERNAL EXTERNAL
CORE LAYER SWITCH AD / LDAP / RADIUS / DHCP VPN CONCENTRATOR FIREWALL INTERNET USER NAME TITLE GROUPS WHO? OS BROWSER AGENT PORTS PROTOCOLS WHAT? DISTRIBUTION LAYER SWITCH CORPORATE LAN GUEST LAN VPN CLIENTS MAC ADDRESS IP ADDRESS SWITCH IP CONTROLLER IP PORT / SSID / VLAN WHERE? Apps Services Processes Versions POSTURE? Registry Patches Encryption Antivirus INTERNAL EXTERNAL

12 Real-time Network Asset Intelligence
Complete Situational Awareness

13 2. Granular Access Control Policies
Modest Strong Alert / Allow Trigger / Limit Remediate / Block Open trouble ticket Send notification SNMP Traps Start application Run script Auditable end-user acknowledgement Send information to external systems such as SIEM etc. HTTP browser hijack Deploy a virtual firewall around the device Reassign the device to a VLAN with restricted access Update access lists (ACLs) on switches, firewalls and routers to restrict access DNS hijack (captive portal) Automatically move device to a pre- configured guest network Trigger external controls such as endpoint protection, VA etc. Move device to quarantine VLAN Block access with 802.1X Alter login credentials to block access, VPN block Block access with device authentication Turn off switch port (802.1X, SNMP) Install/update agents, trigger external remediation systems Wi-Fi port block

14 3. Onboarding Visibility of corporate and personal devices
Automated onboarding Identify device Identify user Assess compliance Flexible policy controls Register guests Grant access (none, limited, full) Enforce time of day, connection type, device type controls Block unauthorized devices from the network EMPLOYEE CONTRACTOR GUEST UNAUTHORIZED WEB CRM

15 Flexible Onboarding Options
User Type Guest Internet Access Guest Registration Sponsor Authorization Limited Internal Access Authenticate via Contractor Credentials BYOD Posture Check Contractor/Partner Personal Device Corporate Asset Authenticate via Corporate Credentials BYOD Posture Check Internal Access Corporate Asset Posture Check Employee

16 Automated MDM Enrollment
Device connects to network Classify by type Check for mobile agent If agent is missing Quarantine device Install mobile agent (HTTP Redirect) Once agent is activated Check compliance Allow policy-based access Continue monitoring 1 ForeScout CounterACT MDM ? 2 Your Enterprise Network 3 ) ) ) ) ) ) ) MDM MDM 16

17 Information Sharing and Automation
ASSET MANAGEMENT NETWORK OPERATIONS RISK MANAGEMENT Security Gateway GRC Continuous Monitoring and Mitigation Intelligence Exchange AAA SIEM NGFW / VPN VA/DLP System Management MDM / MAM Host Controls

18 5. Ease of Deployment Easy to use Fast and easy to deploy
802.1X not mandatory Non-intrusive, audit-only mode No agents needed (dissolvable or persistent agent can be used) Fast and easy to deploy All-in-one appliance Out-of-band deployment No infrastructure changes or network upgrades Rapid time to value – unprecedented visibility in hours or days Physical or virtual appliances Ideal for multi-vendor, heterogeneous network environments

19 Thank You

20 How CounterACT Detects and Inspects Devices
Dynamic and Multi-faceted Multiple methods Poll switches, APs and controllers for list of devices that are connected Receive SNMP trap from switches Monitor 802.1X requests to the built-in or external RADIUS server Monitor DHCP requests to detect when a new host requests an IP address Optionally monitor a network SPAN port to see network traffic such as HTTP traffic and banners Run NMAP scan Use credentials to run a scan on the endpoint Use optional agents RADIUS SERVER DHCP REQUESTS SNMP TRAPS USER DIRECTORY

21 Type of Information CounterACT can Learn
Device Type of device Manufacturer Location Connection type Hardware info Authentication MAC and IP address Certificates Operating System OS Type Version number Patch level Services and processes installed or running Registry File names, dates, sizes Security Agents Anti-malware/DLP agents Patch management agents Encryption agents Firewall status Configuration Network Malicious traffic Rogue devices Applications Installed Running Version number Registry settings File sizes User Name Authentication Status Workgroup and phone number Peripherals Type of device Manufacturer Connection type

22 2. Access Control Authentication Options Access Control Options
LDAP based Directory Systems MAC Address Lists RADIUS/802.1X Guest Registration External Repositories Access Control Options VLAN Assignment ACL Management Virtual Firewall 802.1X Block, VLAN, ACL Flexible Implementation Direct integration with directory systems and external databases Built-in RADIUS Can operate as RADIUS proxy Hybrid Mode 802.1X for wireless, non-802.1X for wired Use 802.1X as default, fall back to non-802.1X if needed

23 4. Interoperability Switches & Routers Endpoint & APT Protection
Endpoints Firewall & VPN IT Network Services MDM Wireless Network Devices SIEM/GRC Vulnerability Assessment CEF

24 Information Sharing and Automation

Download ppt "So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015."

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Network Access Control Systems at Educational Institutions Richard Becker Brian Leslie Kansas State University.

Network Access Control Systems at Educational Institutions Richard Becker Brian Leslie Kansas State University.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
© 2012 ForeScout Technologies, Page 1 Toni Buhrke, MBA, CISSP - Senior Security Solutions Architect Addressing the BYOD Challenge.

© 2012 ForeScout Technologies, Page 1 Toni Buhrke, MBA, CISSP - Senior Security Solutions Architect Addressing the BYOD Challenge.
© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.

© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Secure Computing Network

Secure Computing Network
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
Wireless Network Security

Wireless Network Security
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
It’s Not Your Father’s NAC: Next-generation NAC

It’s Not Your Father’s NAC: Next-generation NAC
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations

Ads by Google