The integration between ForeScout Technologies' CounterACT security platform and McAfee Enterprise Security Manager (ESM) has been extended and provides enterprises with situational awareness of network access and endpoint compliance issues, while reducing log and threat management processes.
The platform lets users see and control everything connected to their networks, regardless of device or user and employs multi-factor system fingerprinting technologies, such as software installation, running services, processes, open ports and network activity and does not require an agent on the endpoint.
Policy enforcement capabilities allow administrators to set rules that can find and fix endpoint configuration and security issues with little or no intervention, or automatically quarantine or remove devices in compliance violation or exhibiting malicious behavior. All platform activity is recorded and sent to the ESM to fulfill reporting and auditing requirements.
The combination of endpoint classification, policy assessment, remediation and notification capabilities offers commercial enterprises and government agencies the means to progress continuous monitoring and mitigation programs.
The ESM is built for “big security data,” and its ability to collect, store, and perform complex processing provides a platform to address both current and evolving needs of security information and event management (SIEM).
With this integration, the solution captures, retains, and analyzes network access violations, endpoint compliance problems, and mobile security issues identified by the ForeScout platform. The network access control log integration enables security professionals to further streamline incident response, forensics, and compliance processes.
Security Information and Event Management (SIEM)
“Although many SIEM deployments have been funded to address regulatory compliance reporting requirements, the rise in successful targeted attacks has caused a growing number of organizations to use SIEM for threat management to improve security monitoring and early breach detection,” states a recent Gartner report. “There is a danger of SIEM products, which are already complex, becoming too complex as vendors extend capabilities. Vendors who are able to provide deployment simplicity as they add function will be the most successful in the market.”
Organizations can reduce log management system administration by using CounterACT to check for the presence and activity of a logging application or service on an endpoint and install, reactivate, enforce or change a logging application or service on an endpoint, based on pre-defined configuration policies.
“By supporting interoperability between McAfee’s ESM SIEM and ForeScout CounterACT, we can give our mutual customers an effective way to extend situational awareness and to enforce access, mobile and endpoint compliance controls for all users and devices,” says Ed Barry, vice president of the Security Innovation Alliance (SIA), McAfee. “The joint solution will enable more rapid remediation of enterprise-wide threats that can originate from non-compliant endpoints.”