Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Access. Controlled. ™ Len Rosenberg Security Engineer Are You Exposed? Threat Protection with CounterACT.

Similar presentations


Presentation on theme: "Network Access. Controlled. ™ Len Rosenberg Security Engineer Are You Exposed? Threat Protection with CounterACT."— Presentation transcript:

1 Network Access. Controlled. ™ Len Rosenberg Security Engineer Are You Exposed? Threat Protection with CounterACT

2 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Identify, Prove and Stop Who’s Connecting to Your Network ? Right Now

3 Network Access. Controlled. ™ © ForeScout Technologies, Inc.  Focus On The Source Of The Threat Stop Source Stop Attack Stop potential Damage Hackers Worm Propagating Sources  Control to Ensure Appropriate Access In real-time Identifies Ownership of Device Measures Compliance Enforces Policies Identify, Prove and Stop Threats Before they Impact Network

4 Network Access. Controlled. ™ © ForeScout Technologies, Inc. CounterACT – Hacker/Worm The Revolutionary Key Hackers and Worms have no knowledge of LAN/Network resources. They have to aggressively perform reconnaissance to look for LAN/Network vulnerabilities to exploit. Proof Point 400+ Customers Trust to put into Auto-Block Mode

5 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Malicious Source Performs Reconnaissance:  Hackers and serious espionage  Self propagating malware Propagates exponentially ? The CounterACT Monitors:  Network service scans  Queries to devices that DO NOT exist  Queries to devices that DO NOT support the requested services  Other high level recon activity ie. attempting multiple usernames or multiple passwords CounterACT – Hacker/Worm Step 1: Monitor Reconnaissance 12

6 Network Access. Controlled. ™ © ForeScout Technologies, Inc. ActiveResponse Responds to the Reconnaissance:  With Uniquely marked, counterfeit information  The Intruder cannot tell this is a mark Appears identical to legitimate network resources  Mark is dynamic to the type of reconnaissance performed CounterACT – Hacker/Worm Step 2: Interaction 3

7 Network Access. Controlled. ™ © ForeScout Technologies, Inc. CounterACT Responds to the Reconnaissance:  With Uniquely marked, counterfeit information  The Intruder cannot tell this is a mark Appears identical to legitimate network resources  Mark is dynamic to the type of reconnaissance performed CounterACT – Hacker/Worm Step 2: Interaction 3 Sheaths or Cloaks your network in bogus data

8 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Malicious Source Attacks:  Unknowingly attempts to gain access to network using the counterfeit resource CounterACT – Hacker/Worm Step 3: Identification CounterACT Has Proven the Attacker’s Malicious Intent:  Immediately  Without examining payload OR performing deep packet inspection  Since there is NO legitimate reason for any user to attempt to gain access – no one has permission  Malicious intent PROVEN beyond doubt 5 4 Never Affects Legitimate Network Traffic

9 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Protection NOT Disruption CounterACT – Hacker/Worm Known Device/Person in infected - Only surgically block infected ports Non disruptive to other activities Unknown Device/Person is infected - Completely block users access - Disruptive to user Non disruptive to your network Zero-day Attack unfolding - Accuracy of IPS allows for automatic action - Disruptive to attacker Non disruptive to network staff IF: In Production Networks For Over Four Years

10 Network Access. Controlled. ™ © ForeScout Technologies, Inc. CounterACT Detects Every Device Determining if device is company owned or guest or contractor Without need for prior knowledge of device Interrogates All Devices For degree of security policy compliance Enforces real-time protection from self-propagating threats No quarantine by default requirement Enforcement Tailored To Violation Level of restriction matched to the exact degree of policy violation Avoiding needless interruption of user productivity Deploy & Enforce Without Disruptions No disruption to the network, IT staff and compliant users Automatically guiding non-compliant users into compliance UniversalDiscovery End Point X-Ray TailoredEnforcement NonDisruptive Network Access Control

11 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Universal Discovery Enforce Policy on ALL Devices Clientless Since No Software/Code Required on Endpoints All Devices Detected Upon Network Connection Guests, Contractors, Printers, VoIP Devices, etc Applies to Local and Global Domain Users CounterACT CounterACT Works with Existing Domain Treats Domain or Non-Domain Users Differently in Accordance with Defined Policies Universal Discovery “Clientless solutions are typically the easiest to deploy, achieve broad protection and enforcement, and are the most scalable.” Jeff Wilson, Principle Security Analyst

12 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Universal Discovery Manages Guest/Student Access Universal Discovery CounterACT Instantly Determines Whether the Device is Managed or a Guest/Student Depending on Policy in Place…  Automatically Assign to a Guest/Visitor VLAN with Internet Access  Prompt Visitor for Login to the Device to Conduct an In-Depth Interrogation  Limit or Block Access

13 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Tailored Enforcement Custom Fit To Your Business Needs Full Spectrum of Policy Enforcement Options Degree of Disruption Directly Related to Degree of Violation Maximum User Disruption is Reserved Only for Critical Violations Customized Policy Enforcement with CounterACT Business Dictates Level of Enforcement of Policy Violations Different Enforcement for Domain Users, Contractors and Guests Not Binary Provides Multiple Limited Disruption Enforcement Options End User Can Remain Productive While Minor Policy Violations are Addressed Turn off physical switch port Terminate unauthorized applications HTTP Browser Hijack Send Open Trouble Ticket Deploy a Virtual Firewall around an infected or non-compliant device

14 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Non Disruptive Deploy NAC without Disruption Non Disruptive Non-Disruptive Deployment Not-Inline Deployment Ability to Deploy in/through Multiple Modes – Audit, Inform, Educate, Enforce Non-Disruptive Management NAC System Does Not Require Continual Monitoring Simple Format for Updating/Changing Policies HTTP Interrupt Automatically Informs User of Out-of-Policy Situations and Process to Self-Remediate and Return to Compliance without IT Intervention High Availability ensures NAC policies are always enforced Non-Disruptive Access Allows Contractors/Guests Access According to Policy Without Physical Adjustment to Network

15 Network Access. Controlled. ™ © ForeScout Technologies, Inc. CounterACT Non Disruptive Deployment Steps To Achieving NAC Deployment Without Network Disruption Inform All Connecting Devices of New Policy - Hijack Browser Session Upon Every New Connection - Force verification login from notification dialogue box Flexible Automatic Enforcement - Notify/Remediate/Limit Network Access/Quarantine/Deny Access Know Your Network - Level of Current Policy Compliance - Quality of Created Policy Engage Non Compliant End User Personally - With NetSend or Browser Hijack Notify End User of Specific Policy Violation, Using Their Name

16 Network Access. Controlled. ™ © ForeScout Technologies, Inc. CounterACT Non Disruptive Deployment Move Users To Compliance Without Effecting Productivity Deployment Timeline Level of Compliance Enforcement Number of Non-Compliant Devices Informed Users Achieve Compliance Before Sanctions are Imposed Enforcement is Limited to a Small Number of Policy Violators

17 Network Access. Controlled. ™ © ForeScout Technologies, Inc. Network Access Control Analyst Recommendations " NAC is too important a process to wait another two years, and many enterprises have heterogeneous environments anyway. If you are unable to implement infrastructure-based NAC by year-end 2007, begin now with either endpoint software-based or appliance-based NAC solutions, but develop a strategy for integrating these solutions with infrastructure-based NAC." “For mass-market broad deployment there is more than enough functionality in clientless solutions to create granular access policies that meet or exceed security and compliance requirements.” Jeff Wilson, Principle Security Analyst John Pescatore VP Distinguished Analyst “… All NAC projects should include the ability to establish baseline endpoints for malware and to quarantine infected devices before they gain network access.” Lawrence Orans, Research Director

18 Network Access. Controlled. ™ © ForeScout Technologies, Inc. ForeScout’s CounterACT Instantly Identifies Self-Propagating Threats Without disrupting legitimate network traffic Without requiring signatures Unmatched Accuracy – Trusted by over 400 customers in auto-block mode Provides Network Access Policy Enforcement Ensures all connecting devices are compliant with network security policies End users do not have to be affected by NAC deployment (unless non-compliant) Can easily determine access rights based upon domain membership Deploy Immediately w/o Fear of Network Disruption Non-inline architecture for straight forward integration with existing infrastructure Monitor and education modes provide simple way to bring users into compliance to reach degree of compliance desired before enforcement is turned on CounterACT is NAC at Work NAC that is customer driven, global deployment proven Cuts through confusion to provide a real “working” NAC solution Controlling Access

19 Network Access. Controlled. ™


Download ppt "Network Access. Controlled. ™ Len Rosenberg Security Engineer Are You Exposed? Threat Protection with CounterACT."

Similar presentations


Ads by Google