Walter Doria

Technical Director – Exclusive Networks

How to bind Network Admission Controlwith

Advanced Threat Protection

FireEye and ForeScout – The Partnership

ForeScout is a Cyber Security Coalition Partner

integrations with many FireEye products

NX, TAP, EX, HX

40+ Joint customers

Executive sponsorship at highest levels

Commitment to build the best integrations and strategically approach the market

FireEye and ForeScoutTwo Sets of Eyes Provide a More Complete Picture

Makes the invisible visible

Provides the full context of all devices in the network

Enables policy-based access and controls

Ownership of the entire threat lifecycle and kill chain

Experts in forensics and investigative tools

WITHIN VMs

ACROSS VMs

CROSS ENTERPRISE

DETONATE2 MILLION

OBJECTS

PER HOUR

ANALYZE

Detection and Prevention - Technology

CORRELATE

FireEye Intelligence — A Global Defense Community

4,000 CUSTOMERS IN 67 COUNTRIES

10M+ VIRTUAL MACHINES5M+ ENDPOINTS

REAL-TIME INFORMATION SHARING

RISK AND CONTEXT TO PRIORITIZE RESPONSE

TACTICAL AND STRATEGIC INTELLIGENCE WITH ATTRIBUTIONTHAT IS APPLICABLE AND ACTIONABLE TO YOUR ORGANIZATION

DYNAMICTHREAT

INTELLIGENCE

What It does.

How It is different.

ForeScout Basics

CONTINUOUS

AGENTLESS

Not VisibleVisible

See withIoT

Managed Unmanaged

Computing Devices

Network Devices

Applications

Antivirus out-of-date

Broken agent

Vulnerability

SEE

CONTROL

AUTOMATED

POLICY-DRIVEN

INFORMADJUSTALERT SEGMENT

Users EndpointsNetwork Existing IT

ORCHESTRATE

AUTOMATE WORKFLOWS

SHARE CONTEXT

ControlFabric Open APIs

IBM

ForeScout & FireEye

How Do They Fit Into Your Network

Detection and Incident Response

• ForeScout + NX, EX, HX,TAP

HX Managed DevicesBYOD Devices Rogue DevicesIoT Devices

NX / EX HX MTP

ForeScoutCounterACT™

Internet

Network

!

1

2

3

4

5

6

NX or EX discovers a new day zero threat and informs ForeScout and HX of the IOCs

HX Managed Devices – HX finds devices with IOCs and manually quarantines; if automated containment is needed, HX turns over to ForeScout for automated containment

Non-HX Managed Devices – ForeScout finds devices with IOCs, identified by FireEye, and stops malware, automatically and in real time.

ForeScout limits access to the network for any infected devices

ForeScout feeds additional contextual info (including network, user, location, compliance) of the compromised devices to TAP ,enabling an organization to prioritize threats and assess risk

Scenariocorporate user downloads a malicious file

Malware proliferation is stopped

As devices declared clean, ForeScout allows devices back on the network.

TAP

Full Endpoint Protection

• ForeScout + HX and MTP

HX / Managed DevicesBYOD Devices IoT Devices

NX / EX HX MTP

ForeScoutCounterACT™

Internet

Network

1

2

3

4

5

ForeScout discovers ALL devices on the network – managed or unmanaged.

Managed Endpoints – ForeScout validates the HX agent is installed, fully functional and up to date; if needed, ForeScout restarts/ reinstalls HX, or triggers HX server to reinstall it

BYOD – ForeScout inspects device security against corp policy; if compliant, device is granted access; if not, it is blocked or assigned to guest network.

Mobile Corp Devices – ForeScout validates if the MTP agent is installed. If needed, ForeScout triggers installation of the MTP agent; MTP then scans all applications for malware and if compromised, ForeScout limits or blocks access

IoT Devices – ForeScout classifies IoT devices and dynamically assigns them to a dedicated network; it monitors device traffic, and limits abnormal behavior, while providing contextual information about the device

ScenarioForeScout and HX/ MTP protect all Endpoints in a corporation

TAP

MTP / Mobile Devices

Firewall SIEM ATD VA Endpoint Patch EMM

… is breaking down the silos

The Real Value

Combined Value Proposition

• Visibility• Compliance• Network/Access

Control• Guest/BYOD

Management• Continuous

monitoring• Orchestration

• Threat Detection• Threat Response• Email Protection• Threat Analytics• Forensics• Incident Response• Mobile Security

• Complete threat and security posture visibility

• Automated, policy –based incident response

• Security automation and 3rd party orchestration

VIDEO

> A host connects to the Network via a Wifi Device

> CounterACT which monitor the network is aware of this host and knows where it is

> An infected object is downloaded by the client and analysed by FireEye which is in the middle

> As per FireEye decision, the object is classified as malicious

> FireEye informs CounterACT about the security event

> CounterACT block the infected client by asking the Wifi to rewoke its authentication

> The benefit of the integration of these three security platform explain the CARM concept

> Cyber Attack Remediation and Mitigation

> The attack has happened and the host was infected

> The network reacts to the malicious event

> The impact has been minimized