ForeScout and FireEye Team for Real-Time Mitigation of Advanced Persistent Threats
April 2013 by Marc Jacob
ForeScout Technologies, Inc. and FireEye®, Inc. announced an integrated approach to dynamically mitigate advanced persistent threats (APTs) and zero-day attacks. By combining the ForeScout CounterACT platform with the FireEye threat protection platform, enterprises can rapidly identify, verify and quarantine APTs, botnets and propagating malware affecting systems in distributed and “bring your own device” (BYOD) environments. As a result, companies can reduce breaches, data leakage and reputation risks while preempting costly investigation and remediation tasks.
The ForeScout - FireEye solution will be demonstrated during the InfoSec Europe exhibition at Earls Court, London from April 23 – 25, 2013 on stand J10.
According to FireEye’s 2H2012 Advanced Threat Report, on average, a malware event occurs at a single organisation once every three minutes, and the number of infections per company has nearly quadrupled since last year. This activity can include the receipt of a malicious email, a user clicking a link on an infected website, or an infected machine making a callback to a command and control server. In many cases, the malware is so new or has morphed to such an extent that conventional signature-based protection is unavailable, which is called a “zero-day attack.” Worse yet, the host-based defences that should be on every system connecting to a corporate network are in many cases outdated, corrupt or non-existent. By the time an organisation discovers an insecure system or an advanced threat, the damage is already done, and the cost to investigate issues and remediate systems is high. Companies can dramatically reduce their vulnerability footprint and avoid unplanned operating expenditures by assuring endpoint compliance, identifying advanced threats and isolating affected systems and malware connectivity.
The FireEye platform creates a cross-enterprise threat protection fabric using a next-generation threat detection engine, dynamic threat intelligence and interoperability with a broad ecosystem of technology alliance partners to secure all major threat vectors and enable rapid detection, validation and response to cyberattacks. Partner integrations, such as that with ForeScout, can utilise FireEye APIs and standards-based Threat Intelligence Metadata to address the network visibility, endpoint validation and enforcement options needed by today’s organisations to automate key cybersecurity workflows.
ForeScout CounterACT is a real-time security platform that delivers complete visibility and automated control for all devices, users, systems and applications attempting to connect to an enterprise network - wired or wireless, managed or unmanaged, PC or mobile. Working together, FireEye MPS (malware protection system) identifies attacks and blocks any outbound malware activity while simultaneously informing CounterACT of the affected system and threat severity. In turn, CounterACT applies an enforcement policy, which may include: quarantining the endpoint; blocking or limiting specific communications between the endpoint and other systems; reporting rich details about the endpoint; notifying the end-user and/or administrator; and triggering system remediation.
Together ForeScout CounterACT and the FireEye platforms offer enterprises:
· Automated breach response in real time - Take decisive and automated actions for any compromised devices on your network. When FireEye MPS determines that an endpoint may have been compromised, it can prevent data exfiltration and notify ForeScout CounterACT to quarantine the endpoint and optionally initiate remediation based on device type, location, severity and other policy elements.
· Real-time visibility - Readily gain operating and security details of all devices on your network, including unauthorised devices, BYOD devices, those with configuration violations and those that have been breached.
· Endpoint security assurance - Reduce enterprise risk by ensuring that endpoints have complete, updated and active defences according to policy. ForeScout CounterACT works without requiring agents to provide find and fix security gaps on both systems you own and those you do not.
· Flexible, policy enforcement - FireEye MPS leverages ForeScout CounterACT’s mechanisms to enforce security policies using ACL, Firewall, WLAN and VLAN assignment and unique ForeScout Virtual Firewall technology to isolate all or specified endpoint communications.
· Layered defense for advanced threats - FireEye MPS real-time protection stops APTs regardless of whether they are incoming, propagating or actively exfiltrating data. As part of a layered defence, FireEye MSP complements ForeScout’s ActiveResponse™ technology within ForeScout CounterACT that blocks attack behaviour.