BiB083 – Forescout – Visibility For Segmentation
The Everything Feed - All Packet Pushers Pods - A podcast by Packet Pushers
Categories:
Forescout is a Network Access Control company that has been successful in the large US companies. Its not a company that has come to my attention in the last 10 years so I’m fresh to the whole thing. Its large vendor, 1200 staff with 400 engineers and 3500 customers.
Key features
– Agentless, non-disriptve to endpoints, uses network as a source of truth
– Flows, taps, packets capture, sensors, device polling: WMI, SSH:,
– Claims of 20 different method or techniques of data collection leading to 100% visibility
– Allows consumption of encrypted data and data analysis can get signal out of that
– Real time discovery leading to continuous posture assessment
– Operates at scale, they claim up to 2M endpoints/devices
– NAC
– Discovering unknown devices.
– Trace data flows in the network, e.g. who is using telnet, identify the source, track it down and prevent that somehow.
– NAC is not access through authentication but enforcement in network but using the existing control points in your networks aka firewalls, routers, switches etc. Control is the keyword.
– This constant monitoring delivers visibility into constant compliance and for audits, you can show current state but also easily prove that you have future issues managed.
– By analysing the data, they can find out of date systems.
– The need to collect data is key to this type of solution and this means you must have control of the network and the ability to deploy taps, flow agents and collectors, span pots and so forth. This is much easier than attempting to deploy endpoint agents on the current software we have.
– This process can support existing segmentation technologies and its usefulness.
They have a newer product called eyeControl which will deploy configuration changes to the network for certain cases. This seems to be in the early stages and now that SDN is accepted I suspect customers will expect this functionality.
What I felt was missing
Authentication – a key part of µset is identity.
Action as Configuration – this is visibility only derived from analytics. . Its doesn’t configure the control points. Once you have derived a conclusion from the data, you need to act manually. This isn’t a bad thing, SDN across multiple vendors is not a solved problem, and often at odds with your existing IT functions.
But you kind of what automation or orchestration to do the thing. So get out your preferred solution for that.
Forescout believes that they can address this over time.
Over the last five years, we have seen Cisco and Aruba bundle their NAC products into the campus portfolio which is changing that market. NAC is one method of segmentation, and perhaps a part of a microsegmentation strategy.
What stands out is that Forescout is different type of campus microsegmentation from Cisco’s SD-Access or Aruba’s Clearpass NAC.
1. Uses existing technology and requires no upgrades, although it might work better with some.
2. Doesn’t change the user experience or the end points in the network
3. Provides information so your existing processes can handle the change.
If that works for you, then it might be worth a closer look.
Forescout Company Introduction with Pedro Abreu
https://youtu.be/t7ViKHhMolo
Forescout Transforming Network Segmentation
https://youtu.be/yLGbeD2pahs