comply-to-connect - afcea...forescout technologies since 2015 about forescout: about me:...
TRANSCRIPT
COMPLY-TO-CONNECTFOR
TOTAL ASSET VISIBILITY
Army Signal Conference
AFCEA International
Dean Hullings | Senior Solutions Strategist - DoD
13 Mar 19
FORESCOUT PROPRIETARY
2
A Little Background…
• 26 years in the Air Force as a Communications/Cyber Officer
• Retired June 2014 from Air Force Space Command
• Last AF position: Division Chief, Cyber Requirements
• Public Sector Team at Forescout Technologies since 2015
www.forescout.com
About Forescout: About Me:
• Industry: Enterprise Security
• Solution: Device Visibility and Control
• Founded: 2000
• Employees: 1,100+
• Locations: HQ in San Jose, CA
PubSec in McLean, VA
Global Sales/Support
• CEO: Michael DeCesare
• Publicly Traded: FSCT
3
The Problem -- Capability …
• Hardware asset visibility
• Software asset visibility
• Configuration management
• Understanding device compliance
• Realtime Situational Awareness
• Automated Response
• Inaccurate/incomplete inventory APMS
• Manual data maintenance processes
• Data sharing across existing tools
• Stifled innovation
• Realtime Situational Awareness
• Automated Admin Workflows
Gaps in Effectiveness: Gaps in Efficiency:
Campus Data Center Cloud Operational TechnologyIoT
Increased Attack Surface | Increased Adversary Threats | Increased CIO Responsibilities
What’s On Your Network? What Do Existing Tools Tell You?
The Solution -- Comply-to-Connect
• Enables …
– Total Asset Visibility
– Realtime Situational Awareness
– Realtime authorization, cyber hygiene assessment
– Continuous Monitoring of security policy enforcement
– Automation of manual processes through orchestration of 3rd-party toolsets
• Grounded in …
– NIST 800-53 / 800-171 / 800-82
– SANS-Center for Internet Security Standards
– USCYBERCOM Endpoint Security Requirements
– DISA STIGs
– COCOM Operational Demands (“8-Star” memo)
A Comprehensive Framework of Tools and Technologies
5
C2C Foundation is Visibility
What We Do How We Do ItDEVICE
VISIBILITY
DISCOVER all devices at time of connection
Physical Virtual
CLASSIFY every device & categorize appropriately
HuddleCamHD Red Hat Linux
on VMware vSphere
Managed
HP Elite Tablet
on Windows 10
BYODIoT
ASSESS device posture byUserAgentOS App
!
No device agents needed
Intelligently uses passive & active techniques
Agentless
Heterogeneous
Integrate >70 network & security technologies
Extend beyond campus to DC, cloud & OT
Intelligent
Device Cloud ~1000 customers contributing/7M devices
Comprehensive device taxonomy across IT & OT
Continuous
Real-time, so no need to schedule scans
Policy engine constantly evaluates device state to policy
What’s On Your Network?
6
Total Asset Visibility
• Endpoint Attributes
– MAC/IP Address
– NIC Vendor
– Hostname/Device Type
– Make/Model/Device ID/Serial #
– User Directory Information
– VLAN Information
• Network Attributes
– Switch Port, Switch Port Action, Description, Location
– Switch IP Address
– Switch Vendor
• O/S Attributes– O/S Type (e.g. Windows, macOS, Linux)
– O/S Version (e.g. Windows 10 Build 1709, 1803, etc.)
– O/S Patch Level
– Registry and Configuration (e.g. TPM, Credential Guard)
• Applications / Services / Processes– Endpoint Agent Health Status
– Authorized Applications Installed/Version/Patch
– Rogue Applications Installed
– P2P/IM Clients Installed/Running
– Firewall status
Hardware Asset Management Software Asset Management
DEVICE
VISIBILITY
More than 1,000 Attributes Collected on Networked Devices
7
Shared InformationAcross the Army Ecosystem
FORESCOUT PROPRIETARY
DEVICE
VISIBILITY
• makes APMS data accurate, complete, and real-time
• makes BDP data real-time• identifies, isolates, remediates
rogue devices and behavior automatically
• provides centralized roll-up• automates breach containment• reduces manual effort• increases effectiveness and
efficiency of entire ecosystem• much, much more …
C2C Visibility …
ArmyBDP
8
Comply-to-Connect Provides Total Asset Visibility
• Real-time Visibility
– Risk Management Optimization
– Posture vs Threat Analysis
– Automated / Immediate Incident Response
– SA at All Levels of Command
• Continuous Monitoring
– Compliance / Cyber Readiness 356
– Zero-Trust Environment
– Insider Threat Isolation/Control
• Access Control
– Device Category Segmentation
– User Group Segmentation
Enables so much more …
