CounterACT Edge Protects Mediengruppe Pressedruck Against Targeted and Zero-day Attacks
July 2012 by ForeScout
ForeScout Technologies, Inc., a provider of automated security control solutions for Fortune 1000 enterprises and government organisations, today announced that Mediengruppe Pressedruck, a leading publisher and information provider in Germany, has selected ForeScout’s automated threat prevention solution, CounterACT Edge, to protect its network from attacks and sophisticated malware, including Flame and Stuxnet. CounterACT Edge delivers behaviour-based intrusion prevention without requiring signatures and constant tuning.
Based on ForeScout’s patented ActiveResponse™ technology, CounterACT Edge can reliably identify and actively preempt propagating malware, zero-day threats and targeted attacks. The field-proven, behaviour-based approach incorporates an automated virtual intranet generation (like a honey-pot), marker defence system and malware-monitoring system to detect the malicious intent of new and targeted attack patterns at an early stage, before they impact operations.
"ForeScout’s CounterACT Edge allows us to manage the risk of zero-day and targeted attacks on our network without incurring headcount, maintenance and expertise overhead of traditional intrusion systems," said Andreas Neutatz, Network Manager of Mediengruppe Pressedruck. “The appliance was the only one we assessed that would provide us with the level of advanced threat protection with the least affect on IT resources. In addition, CounterACT Edge’s clear interface and automated functionality made our choice that much simpler. In comparison, the two other intrusion prevention systems (IPS) we evaluated were cumbersome to set up and maintenance would have required too much administrative effort.”
Pressedruck’s installation of CounterACT Edge took only one hour to complete, without requiring network changes or interruption of service. The Edge appliance sits out-of-band, outside the corporate firewall so it acts as an advanced perimeter defence in conjunction with a firewall/IPS. As CounterACT Edge automatically discovers the real network, its ActiveResponse technology generates and maintains a virtual, auto-defended intranet used for active defences rather than for research and forensics.
Oded Comay, co-founder and CTO at ForeScout, commented, “Solely relying on signatures and reputation lists are not enough to preempt targeted or zero-day attacks. To be proactive, organisations need to reduce their vulnerability footprint and leverage automated behaviour-based defences. With minimal administration, ForeScout’s ActiveResponse technology continues to protect our customers throughout Europe, and worldwide – thwarting intrusions and numerous Conficker, Zeus and Flame derivations."
Since initial deployment, the ForeScout appliance monitors Mediengruppe Pressedruck’s network across 70 servers in two data centres, including their databases, content and mail infrastructure. CounterACT Edge has detected and stopped over 4,000 Internet attacks each week for the company while providing a report of the attacks. More recently, the company was relieved to have zero-day defences against the Flame zero-day malware. Flame (also known as sKyWIper) is a complex new malware that looks for vulnerable services on a network and uses some of the same propagation techniques used by Stuxnet.