Solution Brief
Organizational Challenges
•Protect the security of intellectual
property and other sensitive data
•Enhance network security without
impeding employees’ ability to
improve their productivity
•Comply with regulatory mandates
pertaining to your company or
industry
•Facilitate streamlined network access
and information sharing for trusted
contractors and customers
•Gain continuous monitoring and
mitigation capabilities that leverage
existing investments
Technical Challenges
•Discover personally owned and
rogue devices as well as other
endpoints connected to your
network in addition to corporateowned devices
•Control access to confidential data
•Prevent infected or non-compliant
devices from spreading malware
across the network
•Keep targeted attacks from stealing
data or forcing network downtime
•Measure effectiveness of security
controls and demonstrate
compliance with regulations
Mobile and BYOD
Detect, profile and control mobile devices with
ForeScout
Mobility and Bring Your Own Device (BYOD) are
clearly the wave of the future. Few organizations have
a choice in the matter, as today’s employees work
everywhere and don’t go anywhere without their
smartphones, tablets and other personally owned
devices. But regardless of who owns the mobile
devices accessing your network, every single one
is a potential point of entry for hackers and thieves.
ForeScout Technologies, Inc. helps IT professionals
to secure networks and the devices that employees
are using every day. What’s more, ForeScout achieves
this efficiently and cost-effectively without slowing
down network users or IT administrators.
The Challenge
Here are a few facts about mobile devices that reinforce the need for comprehensive
mobile security solutions:
• More than 2,000 unsafe or malicious apps are installed on users’ BYOD devices in
the average enterprise.1
•75 percent of mobile applications will fail basic security tests.2
• 5.2 million smartphones were lost or stolen in the U.S. in 2014.3
Traditional Mobile Device Management (MDM) systems alone aren’t capable of deterring
today’s sophisticated and relentless attacks on networks. Their only defenses are security
policy profiling, application management and data containerization. What’s missing?
• MDM systems only see and manage enrolled devices, leaving IT managers blind to
personal and unmanaged devices on the network.
•Access to applications is controlled, but access to the network is wide open. Thus,
compromised devices are free to attack the network, and sensitive data on the
network is completely vulnerable.
•Traditional profiling is polling-based, so a device is only as benign and compliant as
it was during the last check.
• Little or no integration: MDM systems generally have their own sets of management
screens, policies and reports. This siloing causes policies to be inconsistently
applied across IT management systems and groups.
As mobile devices proliferate, additional intelligence must be applied in order to eliminate
intrusions, protect sensitive information and mitigate exposure to mobile threats. IT
security managers need the ability to control where mobile devices are allowed on the
network, based on the device type, operating system, owner of the device and user login
credentials of the device. Also, they need to be able to secure devices upon network
resource request and take the most appropriate violation response, which may include
limiting access to Internet-only. Lastly, they need mobile device management—and all
network access control monitoring and mechanisms—to work together on a continuous,
24/7 basis.
1
Solution Brief
The ForeScout Solution
The foundation of CounterACT
intelligence and functionality
can be summed up in three
words: See, Control and
Orchestrate.
So, how do you manage mobility and BYOD trends in ways that are secure and
reliable while staying out of the way of employees, partners and customers?
ForeScout CounterACT™ can help you manage myriad devices, not to mention
mobility and BYOD trends. It continuously scans the network and monitors the
activity of the wide range of devices attempting to access your network, as well
as those already logged on. That includes unknown devices such as unmanaged,
personally owned devices as well as rogue devices. And unlike systems that simply
flag violations and send alerts to IT and security staff, ForeScout CounterACT
lets you automate and enforce policy-based network access control, endpoint
compliance and mobile device security.
The foundation of CounterACT intelligence and functionality can be summed up in
three words:
See CounterACT offers the unique ability to discover devices the instant they
connect to your network, without requiring software agents or previous device
knowledge. It profiles and classifies devices, users, applications and operating
systems while continuously monitoring managed devices, personally owned
devices and other endpoints.
Control CounterACT can allow, deny or limit network access based on device
posture and security policies. By assessing and remediating malicious or highrisk endpoints, it mitigates the threat of data breaches and malware attacks
that would otherwise put your organization at risk. In addition, by continuously
monitoring devices on your network and controlling them in accordance with
your security policies, CounterACT dramatically streamlines your ability to
demonstrate compliance with industry mandates and regulations.
Orchestrate CounterACT integrates with more than 70 network, security,
mobility and IT management products* via ForeScout ControlFabric™
Architecture. This ability to share real-time security intelligence across systems
and enforce a unified network security policy reduces vulnerability windows
by automating system-wide threat response. What’s more, it lets you gain
higher return on investment from your existing security tools while saving time
through workflow automation.
Learn more at
www.ForeScout.com
For enterprises in more than 60 countries*, ForeScout is providing the agentless,
scalable and cost-effective solution that meets the highest standards for security, ease
of use and deployment, low end-user impact and interoperability with existing MDM
systems.
Seeing Is Believing
ForeScout CounterACT is sold as either a virtual or physical appliance that deploys
within your existing network, typically requiring no changes to your network
configuration. The CounterACT appliance physically installs out-of-band, avoiding
latency or issues related to the potential for network failure. It can be centrally
administered to dynamically manage tens or hundreds of thousands of endpoints from
one console.
ForeScout Technologies, Inc.
900 E. Hamilton Avenue #300
Campbell, CA 95008 USA
Toll-Free (US) 1.866.377.8771
Tel (Intl) 1.408.213.3191
Support 1.708.237.6591
Fax 1.408.371.2284
1 Veracode analytical data, March 2015 https://www.veracode.com/average-large-enterprise-has-more-2000-unsafe-mobile-apps-installedemployee-devices
2 Gartner Research, Sept 2014 http://www.scmagazine.com/gartner-75-percent-of-mobile-apps-will-fail-security-tests-through-endof-2015/article/372424/
3 Consumer Reports National Research Center, June 2015 http://www.consumerreports.org/cro/news/2015/06/smartphone-thefts-on-thedecline/index.html
*As of October 2015
Copyright © 2015. All rights reserved. Privacy policy. ForeScout Technologies, Inc. is a privately held Delaware
corporation. ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are
trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective
owners. Version 11_15
2