Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout Technologies Considerations To Secure Enterprise Mobility /

Similar presentations


Presentation on theme: "© 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout Technologies Considerations To Secure Enterprise Mobility /"— Presentation transcript:

1 © 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout Technologies Considerations To Secure Enterprise Mobility / BYOD March, 2013

2 © 2013 ForeScout Technologies, Page 2 About ForeScout ForeScout is the leading global provider of real-time network security solutions for Global 2000 enterprises and government organizations. Innovative Technologies Real-time visibility and control Leader ranking by Gartner, Forrester and Frost & Sullivan… Global Deployments Financial, healthcare, education, manufacturing and government… Enterprise implementations (> 250k endpoints) At a Glance Founded in 2000 HQ in Cupertino, CA Dominant independent vendor of Network Access Control (NAC) #2 market share, behind Cisco BYOD, endpoint compliance and cloud fueling growth *Magic Quadrant for Network Access Control, December 2012, Gartner Inc. **Forrester Wave Network Access Control, Q2-2011, Forrester Research ***Analysis of the NAC Market, February 2012, Frost & Sullivan

3 © 2013 ForeScout Technologies, Page 3 Enterprise mobility is the use of wireless, mobile and consumer devices, as well as mobile and cloud-based applications to enable access to corporate resources. Bring Your Own Device (BYOD) strategy is the extent that an IT organization prohibits, tolerates, supports or embraces the use of personal mobile devices at work and the controls to enforce such policy. Framing Enterprise Mobility and IT Consumerization / BYOD Risks Data loss Lost phone or laptop Unauthorized access Compromised system Unknown data protection Malware Phishing, access, mobile/app Compliance Rogue devices, unauthorized apps, inconsistent policy Risks Data loss Lost phone or laptop Unauthorized access Compromised system Unknown data protection Malware Phishing, access, mobile/app Compliance Rogue devices, unauthorized apps, inconsistent policy Challenge Proliferation of mobile devices on corporate networks impacts security Consumers are setting the rules with personal and mobile device and application use IT teams need visibility and control; user, device, application, data and network Challenge Proliferation of mobile devices on corporate networks impacts security Consumers are setting the rules with personal and mobile device and application use IT teams need visibility and control; user, device, application, data and network

4 © 2013 ForeScout Technologies, Page 4 Market Research – Mobile Security Product Requirements Generally, virtually all respondents rate all of these MDM features as being important oressential (90% or higher). Essential features of network access control andunified policy management are unavailable from MDM solutions. Boston Research Group, ForeScout Sponsored Mobile Security Study, 2012 Network Access Control Security Posture Security Management Software Management Unified Policy Management Inventory Management

5 © 2013 ForeScout Technologies, Page 5 1. Form a committee 2. Gather data 3. Identify use cases 4. Formulate policies –Which corporate applications? –Which users? –How will data be secured? –Who will be responsible for BYOD support? –What happens if the device is lost or stolen? –How will the endpoint device be updated? –Acceptable use policies? Framework: Securing BYOD Implementation

6 © 2013 ForeScout Technologies, Page 6 5. Decide how to enforce policies –Network controls? –Device controls? –Data controls? –App controls? 6. Build a project plan –Device enrollment –Remote device management? –Cloud storage? –Wipe devices when employees are terminated? 7. Evaluate solutions –Ease of implementation? –Cost? –Security? –Usability? Framework: Securing BYOD Implementation

7 © 2013 ForeScout Technologies, Page 7 1. Form a committee 2. Gather data 3. Identify use cases 4. Formulate policies 5. Decide how to enforce policies 6. Build a project plan 7. Evaluate solutions 8. Implement solutions –Network controls? –Device controls? –Data controls? –App controls? Framework: Securing BYOD Implementation

8 © 2013 ForeScout Technologies, Page 8 1. Form a committee 2. Gather data 3. Identify use cases 4. Formulate policies 5. Decide how to enforce policies 6. Build a project plan 7. Evaluate solutions 8. Implement solutions Framework: Securing BYOD Implementation

9 © 2013 ForeScout Technologies, Page 9 Enterprise Mobility Control Characteristics NAC is Fundamental to Secure BYOD/CYOD CHARACTERISTICS APPROACH Block all personal devices Very secure! Career limiting… Manage all personal devices (MDM) Good security at the device level Phones/tables… not Win & Macs Separate management console Restrict the data (VDI) Strong data protection Varying user experience Not for the road warrior Control apps (MEAM, MAW) Secure the app and data Must be used with other controls Control the network (NAC) Foundational, simple, real-time coverage Network-centric visibility and control

10 © 2013 ForeScout Technologies, Page 10 CounterACT: Continuous Monitoring & Remediation Proven Platform for Real-time Visibility and Automated Control Port-based Enforcement [With or without 802.1x] Natively or with 3 rd party Integration SIEM, MDM Identity, HBSS Complete Visibility Complete Visibility Enforcement Remediation System Integration System Integration Endpoint Authenticate & Inspect Device Discovery, Profiling [HW/SW USER LOC...] Multi-factor, Complete, Clientless Interrogation Continuous Monitoring

11 © 2013 ForeScout Technologies, Page 11 CounterACT: Continuous Monitoring & Remediation See Grant Fix Protect Real-time Network Asset Intelligence Device type owner, login, location Applications, security profile CRM Web Guest User Sales Policy-based Controls Grant access, register guests Limit or deny access Automated Enforcement Remediate OS, configuration, security agents Start/stop applications, disable peripherals Block worms, zero-day attacks, unwanted apps Phased-in, manual or fully automated X

12 © 2013 ForeScout Technologies, Page 12 What is Mobile Device Management The Essentials Device enrollment OTA configuration Security policy management Real-time reporting Remote lock, wipe, selective wipe Self-service portal Enterprise App portal Advanced Management access controls Application management Document management Certificate management Profile lock-down Corporate directory integration Geo sensing PII Protection Event-based Security & Compliance Device Enrollment, Acceptable Use Corp App Storefront MDM Actions

13 © 2013 ForeScout Technologies, Page 13 NAC+MDM Synergies: 1+1=3 Unify visibility, compliance and access control NAC focus is network MDM focus is mobile device MDM AloneNAC AloneNAC+MDM VisibilityFull info on managed only. Basic OS info on all devices Complete Access ControlFor managed and only Partial (Missing endpoint info) Complete DeploymentPre-reg agentNetwork-based, Automated Complete EnforcementPolling rateOn network accessComplete Network controlNoYesComplete Root detectionOn profile checkOn network accessComplete

14 © 2013 ForeScout Technologies, Page 14 ForeScout CounterACT

15 © 2013 ForeScout Technologies, Page 15 Unified Visibility and Control Security operators gain greater visibility and control

16 © 2013 ForeScout Technologies, Page 16 Easy to use and deploy with Low TCO Hybrid 802.1X/Agentless approach; works within existing/legacy environment Easy, centralized administration; high availability, scalable, non-disruptive Real-time situational awareness All users, devices, applications - infrastructure agnostic Wired, wireless, managed, rogue, VMs, PC, mobile, embedded Flexible, Integrated Mobile Security Value of NAC with MDM device security ForeScout: broadest integration with leading MDM vendors Rapid results and time-to-value Extensible templates and controls with robust SIEM, HBSS, CMDB, MDM and directory integration ForeScout CounterACT Advantages

17 © 2013 ForeScout Technologies, Page 17 Thank You ** The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. ***Frost & Sullivan chart from 2012 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth Base year 2011, n-20 *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service ]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Download ppt "© 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout Technologies Considerations To Secure Enterprise Mobility /"

Similar presentations


Ads by Google