FORESCOUT + FIREEYEJOINT SOLUTIONWALLACE SANNFEDERAL CTO & REGIONAL VP OF SYSTEMS ENGINEERING, FORESCOUT

IT SECURITY CHALLENGES

76 Million Households affected

Hackers took over a remote server the bank failed to properly update

21m government employees identities stolenOPM did not maintain a comprehensive inventory of servers, databases and network devices

11m customers’ medical and financial data stolen

Premera’s network security procedures were inadequate

Cyber attack could cost as much as $100 million

Disabled the antivirus in the target machines without detection

80m customer records stolen

“Suspicious” administrator activity went unnoticed for months

“44 percent of known breaches came from vulnerabilities that are 2 to 4 years old”HP Cyber Risk Report 2015

Attackers exploit vulnerable endpoints, easily move across big flat networks

53 million email addresses and 56 million credit cards

Attackers used stolen vendor credential to access critical systems

The Home Depot

ManagedDevices

UnmanagedDevices

IT SECURITY CHALLENGES

Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods

Source: Gartner, BI Intelligence, Verizon, ForeScout

2010 2012 2014 2016 2018 2020

By 2020: 20+ BillionUnmanagedConnected Devices

Dec 2014: “Within two years, 90% of all IT networks will have an IoT-based security breach”

Number of unmanaged devices is exploding

IT SECURITY CHALLENGES

Security products are silos.

Human beings are needed to compensate for lack of automation.

SecOps teams are overwhelmed and cannot respond in timely fashion.

FIREWALL SIEM ATD VA ENDPOINT PATCH EMM

IBMIBM

“70 to 90 percent of all malicious incidents could have been prevented or found sooner if existing logs and alerts had been monitored”Verizon Data Breach Investigations Report

“Average time to contain a cyber attack is 31 days”Ponemon Institute “2014 Global Report on the Cost of Cyber Crime”

Fragmented security lets attackers in

JOINT SOLUTION

+1. Reveal unknown risks on your network

2. Enforce policy to reduce risks and shrink attack surface

3. Detect and block advanced threats

4. Rapidly respond to security breaches

Not VisibleVisible

Visible withIoT

1. SEE UNKNOWN RISKS ON YOUR NETWORK

Managed Unmanaged

DIRECTORIES

PATCH

SIEM

ATD

VA

EMM

OTHER

Computing Devices

Network Devices

Applications

Antivirus out-of-date

Broken agent

Vulnerability

Continuous

Agentless

Users EndpointsNetwork Existing IT

2. CONTROL ENVIRONMENT TO REDUCE RISKS

Automated

Policy-driven

3. DETECT AND BLOCK ADVANCED THREATS

4. RAPIDLY RESPOND TO SECURITY BREACHWhen FireEye detects advanced threats

• First infection may have already occurred (patient zero)

Pre-infected endpoints could connect to the network• Infected on public networks, infection pathways such as USB drives etc.

Internal propagation can start from infected endpoints

Unless deployed inline, endpoints can connect to C&C servers

ForeScout works with FireEye to rapidly respond to prevent threat propagation and data exfiltration

• Network – quarantine infected systems

• Endpoint – confirm and kill malicious processes

4. RAPIDLY RESPOND TO SECURITY BREACH

1

2

3

Endpoint

5

4

Attack

Alert

Block

Scan

4. RAPIDLY RESPOND TO SECURITY BREACH

Quarantine System

Automate Mitigation Actions

Scan Other Systems

IOC detected by FireEye

+1. Gain real-time visibility2. Expanded intelligence 3. Reduce endpoint risks and attack surface4. Detect and block advanced threats5. Expedite response to security breaches

Network – quarantine device Endpoint – confirm and kill malicious processes

JOINT INTEGRATION BENEFITS

QUESTIONS

THANK YOU