Capability Domains met by Forescout Technologies Inc

Monitoring Managed Devices

Forescout eyeSight + eyeControl can monitor managed devices in real time through heterogenous integrations with existing enterprise products to deploy enforcement policies. Forescout leverages RBAC access and 2-factor authentication methodologies.

By controlling access against the person, device, and its attributes, customers realize true access control for the life of the asset's connection. Forescout helps protect many access methods including VPN, WLC, MDM, Integrations. Forescout helps enforce the connection requirements of users from the point of connection, to when the user logs off.

Privilege Access Management

Forescout CounterACT supports RBAC, SmartCard/PIV and Kerberos to assist in separation of duties and least privilege access across users, systems, and applications. Forescout eyeSight can warn users via web browsers, email, or pop-ups when they attempt to perform a non-compliant action.

This greatly assists with training of new or existing organizational policies and helps restrict administrative functions to be performed by only those that have appropriate access to do so. Forescout allows customers to track and control access to resources based on number of failed access attempts. Forescout automates the monitoring and control of wireless access connection requirements. This includes but is not limited to ensuring they have antivirus installed/running, patch level requirements, time of day etc.

Wireless Access Monitoring

Forescout eyeSight + eyeControl automates the monitoring and control of wireless access connection requirements. This includes but is not limited to ensuring they have antivirus installed/running, patch level requirements, time of day, or AP type (e.g. Accounting AP vs Guest AP).

This allows organizations to have a strong set of controls by which connecting users must adhere to and comply with in order to connect to the network wirelessly. Forescout monitors and controls access including VPN, WLC and MDM integrations.

It helps ensure connections are configured for compliant communications, for example ensuring the encryption stack service is up and running and that VPN agents are installed and patched. Forescout can identify and remediate rogue access points and quarantine mis-configured devices.

Public Access Monitoring

Forescout monitors and controls the flow of Federal Contract information by utilizing policies to control the individual and machine that are authorized to perform actions including posting information on a publicly accessible information system.

Forescout can identify different connection types (user, admin, guest, non-compliant) and take appropriate actions to mitigate any risks. This ensures only approved individuals on approved assets may make content changes. Forescout can map networks into logical segments allowing for controlled communications across the environment.

Reducing Risk

Forescout eyeSight + eyeControl allows organizations to provide granular separation of duties across users, devices, and applications, reducing the risk of malevolent or destructive activity. This allows organizations to augment existing IT investments attempting to enforce least privilege across their organization. Forescout eyeSight provides an additional level of control enforcing least privilege across users, systems, and applications.

Forescout eyeSight + eyeControl can warn users via web browsers, email, or pop-ups when they attempt to perform a non-compliant action. This greatly assists with training of new or existing organizational policies. Using custom or predefined policies, Forescout can detect or block unauthorized USB mass storage devices—such as memory sticks, external storage devices, smart phones and cameras—that are connected to Windows endpoints.

It can also automatically notify Windows endpoint users that USB connections are not allowed. Forescout eyeSight + eyeControl lets you set counters via policy which can be leveraged to track and control access to resources based on number of failed access attempts.

Remote Access Monitoring

Forescout eyeSight monitors and controls remote access including VPN, WLC and MDM integrations. Forescout eyeSight helps organizations ensure connections are appropriate and configured for compliant communications. Forescout eyeControl can take remediation action to address connection issues including pop-up messages, alerts to operations, or quarantine the device to name a few. This helps ensure remote connections are compliant and secure at all times.

Forescout eyeSight + eyeControl helps organizations track down and eliminate or remediate any rogue or mis-configured access points. Restricting the number of AP's and ensuring they are managed appropriately helps ensure remote connections are compliant and secure. Forescout eyeSight + eyeControl provides the ability to have users log into a portal prior to logging on wirelessly to a network. This enforces organization usage policies and helps with tracking.

Forescout eyeSight can validate VPN agents are installed and up to date with the latest security patches. Forescout eyeControl can help control access to systems from remote networks that might be otherwise permitted if the user were connected locally to the production network. ForeScout CounterACT will identify mobile devices, determine the specific type of mobile device, perform an inspection of authorized mobile devices and verify compliance of authorized mobile devices.

Forescout eyeSight + eyeControl supports the ability to terminate sessions based on a number of criteria including but not limited to, requesting device (CPE vs BYOD), location on the network (remove vs. local), or time of day to name a few. This allows customers to have a tight level of granular control on controlling access to sessions by approved and unapproved personnel.