Download presentation
Presentation is loading. Please wait.
Published byUrsula Jacobs Modified over 6 years ago
1
ForeScout How To Compete Brian Gonsalves & Monish Pahwa
SGG & GMCC Market Intelligence March 2013
2
Agenda Overview Contrast Awareness Winning 1 2 3 4 Value Proposition
Pitch 1 Contrast Comparing Assets Knowing What To Focus On 2 Awareness ForeScout’s Tactics Cisco’s Rebuttal 3 Winning ForeScout’s Weaknesses Why Cisco 4
3
ForeScout Overview Basics Momentum Above & Beyond
Founded in 2000, headquartered in Cupertino, CA 110 employees, R&D is driven out of Israel Currently pre-IPO Momentum Estimated revenues for last year were $50M They claims they grew over 44% Y-Y They also claim they’ve been profitable since the 2H CY10 Above & Beyond Claims to have over 1,300 installations in over 37 countries Primary vertical targets: financial, government, healthcare, retail, SP, etc. Recognized as a leader in the Gartner MQ for NAC along side Cisco
4
ForeScout’s Pitch Value Proposition: The Basics
Generally Clientless Operation No agent required. Can push a dissolvable agent as needed, Secure Connector Posture handled through a free plugin Basic authentication is also a free plugin Policy Administration Similar in scope to Cisco’s ISE, yet has broader user scalability: 2.5M Already touts IPS, virtual FW (basically zoning) & MDM as differentiators Offers a modular, open API to enable broader integrations Policy Enforcement Due to their API, they truly can work with anyone’s infrastructure No major hiccups in Guest access However the brunt of decision-making falls on the network vendor
5
ForeScout’s Pitch Value Proposition: The Advanced Stuff
Integrated Security Needed For BYOD & Compliance Touts their IPS: which leverages honeypot-like functionality Creates policy zones with a virtual FW Then they can provide forensics & reporting depth given a tie-in with HP-ArcSight Device Visibility Offers decent profiling capabilities Then either MDM-lite (in-house) or 3rd party MDM capabilities: both via FiberLink Again, with HP-ArcSight on the backend, customers get valuable levels of detail CounterACT Enterprise Manager Exceptionally user-friendly management tool Right click to policy creation is very, very smooth Their management also scales to multi-tenancy for MSSP, cloud environments
6
ForeScout’s Modular API & Plugins
Database Policy Engine Packet Engine Plugins Windows Mac-Linux 802.1X Host Scan Host Scan DB WiFi Router Switch VPN Various FW’s Mobile NAC-MDM User Directory SIEM McAfee ePO PCI …. And More API Allows For Expansion In Scope Info gathered from plugins is incorporated into CounterACT tools for policy creation, etc. Most plugins are bundled in at no extra cost, some are monetized Plugin SDK & API specs are available to create custom plugins Over 20 different plugins are available
7
ForeScout’s Portfolio
Positioning: Next Generation NAC Clientless Operation No agent. Devices tracked by: user, group, type, etc. Can provide a dissolvable agent, Secure Connector Exceptional Scalability Policy management for up to 2.5M users Leveraging a manager of manager appliance (OEM) Monitor Device Behaviors Can also inspect what’s happening on the device Leveraging integrated IPS to monitor anomalies
8
ForeScout’s Portfolio
Positioning: Next Generation NAC Forensics & Reporting Integration with HP-ArcSight (SIEM) Broader visibility. Plays very well with compliance Device Management Offers branded MDM-lite: provisioning, inventory, etc. Offers full MDM via FiberLink or MobileIron Easy Point & Click Management Very user-friendly. Effective in demos Also scalable up to MSSP, cloud environments
9
ForeScout’s Portfolio
Positioning: Next Generation NAC Future Proof Plugin SDK & API are open for customization Up to 20 plugins to date & more coming Consolidation Play Everything you need for BYOD in a single appliance Whether it be IPS, MDM you name it Total Cost Of Ownership Various automated controls: transparent, gentle, etc. No infrastructure changes, clientless install, etc.
10
Agenda Overview Contrast Awareness Winning 1 2 3 4 Value Proposition
Pitch 1 Contrast Comparing Assets Knowing What To Focus On 2 Awareness ForeScout’s Tactics Cisco’s Rebuttal 3 Winning ForeScout’s Weaknesses Why Cisco 4
11
ForeScout Portfolio CounterACT Products CounterACT: 100
Virtual Models: 100, 1000, 2000, 4000, 10000
12
Profiling Comparison Cisco ISE ForeScout CounterACT
Profiling scalability ,200 events per second Unclear Maximum endpoints License up to 250,000 7.0: 2,500,000 Device fingerprinting Device Sensor Yes HTTP feed DHCP feed Netflow feed No DNS feed RADIUS feed NMAP feed Other key feeds Device Sensor, SNMP Predefined device templates Over 90 Custom device templates End-user device profiling Smartphones, tablets, PCs, etc. Non-user device profiling Printers, cameras, APs, etc. NAT device detection
13
Posture Comparison Cisco ISE ForeScout CounterACT
Native agent operation Yes, NAC Agent Yes, via plugin Clientless or web portal Yes, Guest Yes Microsoft updates > Service packs > Hot fixes > OS & browser versions AV, Antimalware > Installation > Signatures File date checks App process checks Auto-remediation > Device brought back up to spec > Granted access thereafter > Denied access otherwise
14
ID & Guest Comparison Cisco ISE ForeScout CounterACT AD-LDAP support
Yes RADIUS 7.0: Open RADIUS TACACS Roadmap Yes, via plugin Microsoft NAP Role-based delegation Agent network configuration Automated Generally clientless Full guest lifecycle management > Self-service portal > Details via , SMS, etc. > Internet-only access > Time-based controls > Device registration Unclear > Billing tickets > User scalability Up to 25,000 MDM integration Yes, 3rd party or branded
15
Policy Enforcement Comparison
Cisco ForeScout 802.1X: switching Yes Yes, via plugin 802.1X: wireless 802.1X: routing 802.1AE: switching No 802.1AE: wireless 802.1AE: routing SGA/SGT: switching Limited SGA/SGT: wireless SGA/SGT: routing SGA/SGT: firewall As of ASA 9.0 Guest VLANs No network assets Flexible authentication Named ACLs, dACLs Change of authorization Device feed Yes, Device Sensor & Netflow
16
Cisco’s Solution Current & Future State AnyConnect (AC)
Offers 802.1X, 802.1AE, remote access, web security & much more True, today you need the NAC agent for posture & remediation However, in the not too distant future, we’ll be unifying these offerings Identity Services Engine (ISE) Offers policy management, posture, guest access & profiling in 1 box Only limitation is non-RADIUS endpoints, which is a limited use-case However, in the not too distant future, we’ll be resolving this use-case Cisco’s Core Infrastructure Offering advanced security functionality in the core: 802.1X, 802.1AE, SGA/SGT Only challenge is that it isn’t completely ubiquitous, however it will be Today we have the entire Catalyst series, Nexus 5K, 7K, ISRs, ASA covered
17
What Cisco Should Focus On
Setting The Agenda Positioning The Vision Of The Network Policy decision & enforcement platform: users, devices, apps & behaviors Through innovations such as SGA/SGT your network can now pre-classify traffic The real power comes in ubiquity in order to ensure consistent enforcement Cisco Has Shipped Dell’Oro: nearly 807M fixed, managed switch ports since 2000 Dell’Oro: over 214M modular switch ports since 2000 Dell’Oro: assuming 25 APs per controller, nearly 8M WLAN ports since 2005 Moving Up The Stack Dell’Oro: assuming 4 ports per router, over 45M access router ports since 2000 Infonetics: assuming 4 ports per FW, nearly 8M FW ports since 2005 This is true security automation & decision making no other vendor can match
18
What Cisco Should Focus On
Setting The Agenda Intelligent Network By using the device sensor & Netflow, the network creates a bidirectional feed Allowing the network to feed ISE data on devices, behaviors, etc. Enhancing the agility, as well as automating, the policy decision-making process Process Automation: CoA & More CoA: attributes, assignments & rights are executed at the nearest L2 connection Flexible authentication: out of simplicity, fewer pop-ups to prove who you are As well as encryption, e.g. MAC Sec Policy Management Is Something That Cuts Across The IT Team ForeScout has limited relationships across the IT teams Cisco has the expertise in working across the stack & each of the IT teams Leverage our relationships (Net Ops, Apps group, etc). Get them involved!
19
Agenda Overview Contrast Awareness Winning 1 2 3 4 Value Proposition
Pitch 1 Contrast Comparing Assets Knowing What To Focus On 2 Awareness ForeScout’s Tactics Cisco’s Rebuttal 3 Winning ForeScout’s Weaknesses Why Cisco 4
20
ForeScout’s Sales Tactics
How They’ll Position Cisco Not Clientless Requires 2 agents at that (NAC agent & AnyConnect) No Microsoft NAP support No USB detection Far More Simple & Robust Even with ISE 1.2, you can only scale to 250,000 users Given non-RADIUS endpoints, you need 2 servers: ISE & ACS No Open API architecture Be Selective Enforcement works with any vendors core whether it is Cisco, Aruba, Juniper, etc. SGA/SGT is not pervasive at that At that, Cisco generally requires an infrastructure upgrade, e.g controllers
21
ForeScout’s Sales Tactics
How They’ll Position Cisco Not Integrated Need separate boxes for FW or IPS Lancope story isn’t well baked No SIEM integration. Not true anymore, we partner with LogRhythm now Mobile Device Management ForeScout delivers today what Cisco is promising a year out Cisco today can’t combine profiling, MDM, IPS & SIEM in a single system Cisco offers limited context in-comparison Management Cisco has lots of moving parts Especially if you’re an existing CSM customer, brace for the move to PRSM None of Cisco tools can scale to multi-tenancy or cloud environments
22
ForeScout’s Sales Tactics
Tolly Report ForeScout Bradford Cisco Juniper Tolly’s Observations Faster deployment with less operational impact due to clientless capabilities Provides extensive built-in policies & remediation options Combines rich feature sets, flexible implementation, easy admin, contributing to lower TCO Offers greater ease of use, integrated functionality, vendor interoperability & scalability More Details Available Here: Response To Tolly Test Report
23
ForeScout’s False Assumptions
Their FUD & Your Response ForeScout States: Cisco Requires Infrastructure Upgrades Cisco’s Response: Not True, ISE Can Be Deployed As A Simple Overlay ISE includes policy management & RADIUS/AAA which reduces complexity CounterACT doesn’t include robust RADIUS, at best it is an unproven plugin ForeScout States: Cisco Can’t Profile An Endpoint Without An Agent Cisco’s Response: Not True We have a broader set of OOB profiling feeds: Netflow, DHCP, etc. Additionally, Cisco’s profiling extends over wired, wireless & VPN Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly ForeScout States: Cisco Takes 10 Minutes To Profile A Device Cisco’s Response: Completely Untrue A new device is profiled as soon as it comes into the network Again this happens due a variety of profiling methods
24
ForeScout’s False Assumptions
Their FUD & Your Response ForeScout States: Cisco Requires 802.1X & An Agent For Posture Cisco’s Response: Endpoint Posture Is Independent Of Authentication No agent is needed for 802.1X Cisco can enforce posture irrespective of the authentication methods used ForeScout States: ISE Reports Are Limited In Customization Cisco’s Response: Not True Along side a state-of-the-art dashboard providing real-time intelligence With a high degree of synchronization with either Prime or CSM Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly ForeScout States: Cisco Device Classification Has Low Accuracy Cisco’s Response: Completely Untrue Cisco offers best-in-class device classification of both user & non-user devices Again this happens due a variety of profiling methods
25
Questions To Ask To Put ForeScout On The Defensive
Is CounterACT Completely Clientless? No. SecureConnector (dissolvable agent) must be installed on machines Especially for unmanaged hosts, USB sticks & VLAN enforcement Otherwise CounterACT must gain access via an Admin account to scan Does ForeScout Do Pre-Connect Checking Of Devices? No. Allows all devices to connect to the network without assessment Thus non-compliant hosts or malicious users can still pose a threat Which begs the question: what’s the point in what they deliver Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly What Impact Does Enabling Their So Called IPS Have The System? Continuous traffic monitoring will negatively impact appliance performance Must be deployed differently in the network when it is used for both NAC & IPS Monitoring traffic means added configuration, likely requiring more boxes
26
Agenda Overview Contrast Awareness Winning 1 2 3 4 Value Proposition
Pitch 1 Contrast Comparing Assets Knowing What To Focus On 2 Awareness ForeScout’s Tactics Cisco’s Rebuttal 3 Winning ForeScout’s Weaknesses Why Cisco 4
27
ForeScout’s Weaknesses
How Cisco Can Set The Agenda Profiling Exploit our coverage to non-user endpoints We offer broader profiling schemes & forensics Additionally detail our roadmap for leveraging this data with the FW The Value Of The Client: AnyConnect Shipped over 150M endpoints to date Expand the scope of the discussion beyond just 802.1X, posture-remediation From a mobile perspective, include: persistent VPN, encryption, etc. Lancope Integration Cyber Threat Solution Analyzes flows up to 2,000 sources (up to 120,000 flows per second) Threat context: ISE, SIO, NBAR & more
28
ForeScout’s Weaknesses
How Cisco Can Set The Agenda Separation Of The FW Given ForeScout’s implementation (DDoS, DoS) can be missed at L3 How many users connect into the network from VPN (hotspot, home WiFi)? Segmentation & stateful inspection is best served where L2 & L3 are monitored Behavioral Analysis Beyond Just IPS In Cisco case, we can provide IPS within the same FW setup Yet the emerging threat vector is app usage (native or web-based) Cisco, again, can offer this in same FW setup via CX, ASA 9.0 with SS, etc. Linkage Back Into SIO Inside Cisco Global Security Operations Providing broad updates to every Cisco security product, every minutes In totality, ForeScout has no comparable offerings; even if they partner
29
TCO Per Endpoint Cisco ISE ForeScout CounterACT Difference (%)
For 500 Endpoints 3 Year Advanced $75 $87 14% 5 Year Advanced $92 $105 5 Year Wireless $72 46% For 1,000 Endpoints $60 $76 27% $73 $93 86% $53 175% For 25,000 Endpoints $28 $47 168% $34 $58 171% $25 232% For 100,000 Users $22 $40 182% $27 $49 181% $19 258%
30
Why Cisco A True Business Class Experience Strategic Relevance
Over $40B in annual revenue with over $5B invested back in R&D every year Security is 1 of Cisco’s top 5 priorities for the foreseeable future We’re a leader, or on the brink of leading, in every single Gartner MQ we play in Vision For Security From Self Defending Networks to SecureX, Cisco has always thought ahead Cisco is/has been recognized as the pioneer of the NAC market Now working to make ID-policy a strategic network feature, not an overlay Market Share Dell’Oro: LAN Switching, Access Routing, WLAN Infonetics: Network Security We’re increasingly embedding security as a service within the network
31
Why Cisco A True Business Class Experience Innovator
Cisco has a laundry list of industry 1sts, please see the ‘notes’ section Nearly 200 security patents issued or pending Over $1B spent in dynamic threat intelligence Architectural Integration Validated Security Solution Designs Inside Cisco Global Security Operations Allowing you to take on business transformation risk, while keeping you safe Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly Cisco-On-Cisco 1 of the leading IT shops embracing BYOD Sheila Jordan tweet: ‘Deploying a 1,000 iPhones, 500 android devices a month’ Experience is the best teacher & we’re happy to share our learnings
32
Why Cisco A True Business Class Experience
Enterprise License Agreement Cisco can position best-in-class products with an ELA Defense in depth is not that expensive, especially with the right discounts Also speaks to trust & a strategic relationship which is what security is based on Investment Protection Long duty cycles: over 5 years of support after EOE on both HW & SW Unmatched advanced & financial services Over 1,300 engineers focused on security product innovation Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly Support & Services ForeScout’s support services are limited in comparison to Cisco Cisco has over 10 JD Powers award winning security support centers globally As well as over 1,300 advanced security specialized partners
33
Why Cisco Cloud-Based Intelligence Zero-day detection
40+ languages 600+ engineers, technicians and researchers $100M+ spent in dynamic research and development 80+ PH.D.S, CCIE, CISSP, MSCE 24x7x365 operations WWW Web Devices IPS Endpoints Networks Visibility WWW ESA ASA WSA AnyConnect CWS IPS Control Cisco SIO Zero-day detection Reputation-based protection Consistent enforcement Actions Cisco’s Security Intelligence Operations gather analyzes vast amounts of global data and application traffic so it is able to provide real time threat landscape information. Critical information is pushed down to security devices every three to five minutes. SecureX’s ability to push global threat intelligence into the security architecture allows devices to make decisions based on a combination of both real threat information and context. This combination makes the Cisco SecureX architecture unique in the security industry. Information 1.6M global sensors 75TB data received per day 150M+ deployed endpoints 35% worldwide traffic 13B web requests 3 to 5 minute updates 5,500+ IPS signatures produced 8M+ rules per day 200+ parameters tracked 70+ publications produced
35
ForeScout’s Portfolio
Architectural View
36
ForeScout’s Threat Prevention
IPS Functionality Integrated In Claims they are inspecting behaviors as well as controlling access IPS capability is purely anomaly detection Reacts to the host that's exhibiting malicious behavior immediately How It Works Tracks & controls 4 types of threats Specifically: malicious hosts, ARP spoofing, impersonation & dual homed Worm slow down mechanism: keeps infected host in a static TCP dialog Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly Strengthened By Virtual FW offering for zone-based segmentation As well as their integration with ArcSight for SIEM Providing a relatively rounded view without requiring various boxes
37
ForeScout’s Mobile Security: Part 1
Mobile Security Module Add-On Comes at an additive cost Required for tracking & controlling mobile devices Required for BYOD on-boarding, besides ‘MDM lite’ features Additional Details View info about connected mobile devices This is insight is leveraged to prevent unauthorized connections Offers 2 plug-ins: 1 is for iOS, the other is for Android Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly Under The Covers Devices supported: iOS, Android, Blackberry, Windows Mobile, Symbian, etc. Device classifications: active/passive banners, active/passive fingerprinting Additional classifications: HTTP user agent, open ports (Apple devices only)
38
ForeScout’s Mobile Security: Part 2
Mobile Integration Module Or Branded MDM Mobile Integration Module Optional module for 3rd party MDM integration Supported solutions: FiberLink MaaS360, MobileIron, roadmap for others CounterACT console can: collect & remediate based on info from the MDM tool Branded MDM Powered by FiberLink’s cloud-based MaaS360 platform Perspective, FiberLink is a leader in Gartner’s MQ for MDM Sold & supported by Forescout Innovator Long list of industry firsts. Cisco innovates, we don't follow Additionally, we acquire technology based on customer need and where it makes sense (e.g. IronPort, ScanSafe, Perfigo, MeetingHouse, etc.) Switch Security First vendor to provide full firewall functionality via a modular form factor - FWSM/ASA-SM for Catalyst 6500 First vendor to provide full intrusion detection and prevention functionality via a modular form factor - IDSM for Catalyst 6500 Pioneered Security Group Access (SGA) tagging which is the foundation of TrustSec First vendor to implement end-to-end MACSec (802.1AE) Pioneered dynamic ARP inspection, IP source guard, DHCP snooping, NBAR, WFQ and the list goes on Router Security Virtually every security capability we have introduced to our routing platforms (ISR, ASR, 7X00) has been an industry first First to 'cloud enable' router platforms to seamlessly add security capabilities without needing to use platform resources Developed the NetFlow industry standard, which can be used for early detection of network attacks Integrated Appliances First vendor with a multi-processing, modular hardware architecture First vendor with dedicated, hardware-modules. Offering true IPS and Content Security inspection without crippling firewall performance First vendor to bring context awareness to firewalling First to market a solution-based approach to virtual environment firewalling: Nexus 1000v, VSG & ASA 1000v Remote Access First vendor to offer IPsec IKEv2 and SSL VPN from a single secure mobility client First vendor to offer SSL VPN support on production Android devices, e.g. Cius and Samsung First vendor to offer SSL VPN support on Nokia Symbian devices First vendor to ship a MACSec supplicant - AnyConnect Intrusion Detection And Prevention First vendor to integrate 'real' IPS functionality on their firewalls - AIP module for ASA First vendor to integrate IPS functionality into routers - both in software or through hardware First vendor to integrate IPS functionality into switching - IDSM module for the the Catalyst 6500 First vendor to offer threat outbreak filters First vendor to offer reputation based filters First vendor to offer reputation-based IPS as part of the heuristic inspection Developed SenderBase, the world's first and largest reputation database, which made reputation an industry requirement First vendor to offer IPS virtualized Content Security (Both Web And Messaging) First vendor to develop a proprietary operating system for its appliances Pioneered reputation filtering First vendor to enable granular control over web application platforms, such as Facebook First in-the-cloud solution to scan all Web requests for malicious content (ScanSafe) SearchAhead was the first solution to dynamically categorize search engine results to prevent users inadvertently accessing unwanted material (ScanSafe) Anywhere+ was the first roaming solution that enabled consistent policy regardless of where and how a user accessed the Internet (ScanSafe) Web Intelligence Reporting was the first SaaS based reporting solution to offer complete, flexible, bi-directional visibility (ScanSafe) Network Admission Control First vendor to have switches assist in arbitrary device classification using DPI as part of a comprehensive security solution - IOS sensor First vendor to have a device profile feed First vendor to have a way to tunnel wired and wireless users to the internet - CAPWAP, simplifying guest roll-out First vendor to have an onboarding method to get net new devices provisioned (supplicant, certificates) that spans wired and wireless smoothly Under The Covers Of Their Branded MDM Cloud-based provisioning & device management Over the air configuration control & policy deployment As well as monitoring, reporting & de-provisioning features
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.