The 2012 Verizon Data Breach Investigations Report¹ showed that data breaches are on the rise – but 97 percent of the incidents could have been avoided with simple security controls. The Bring Your Own Device, or BYOD, culture of today’s business is yet another security curveball organizations have to deal with. Most employees use their personal PCs, smartphones or tablets to do work outside of the office, many carry flash memory drives for the sake of convenience, and most even keep company data on their personal computers for convenience. Now, these devices are on your network. So, what to do? We talked with Gord Boyce, CEO of ForeScout, about IT consumerization and other accessibility challenges businesses are facing today.
IT Security Journal: A report came out late last year that told us data breaches are on the rise. In a way, it’s surprising because a variety of security technology exists. Where’s the gap in IT security?
Gord Boyce (GB): I think there are three challenges that security organizations must address. The first challenge is that IT departments don’t have a complete view of what’s
exactly on their network at any given time. This affects operations and compliance. Two trends make this problem worse: virtualization and the consumerization of IT. The second challenge is how to securely enable Bring Your Own Device or BYOD. Employees want to use their own PCs, tablets and smartphones at work and these securerobe devices are on corporate networks, so IT organizations are playing catch up. The last challenge is all about a tougher economy and increasing threats. IT organizations must optimize resources, yet advance defenses. This requires automation that can allow IT to be more proactive, efficient and responsive.
ITSJ: The perimeter is blurring and the Network Access Control (NAC) business is on the upswing. ForeScout stands out. What is CounterACT and how is your approach to NAC different?
GB: Business wants to take advantage of any means of access to corporate resources and IT needs to ensure resource and data protection. CounterACT is our security appliance that provides real-time visibility and control of all devices on your network. Customers use CounterACT to apply network access and endpoint compliance policy enterprise-wide, which can allow, limit or block access to network resources based on user, device and network attributes. The system also provides guest management, asset inventory and assessment, mobile security and remediation capabilities.
How CounterACT is different is a great question. I can sum it up in three words: easy, intelligent and powerful. Easy. We work with what the customer has; in other words, we
work with the customer’s existing infrastructure. Easy in that our product is very easy to deploy, use and see immediate results. Right away, you are discovering systems, applying policies from templates and resolving issues. Intelligent in how we integrate into the network and provide immediate endpoint visibility and oversight without requiring
agents. If you can see it, you can manage it. Intelligent in that all our functionality is integrated to simplify administration. Powerful. The variety of uses is broad and impactful across the IT organization. Our approach is extremely intuitive, flexible, extensive and scalable, which sets us apart from the competition.
ITSJ: Give us an example of what your customers are seeing and doing.
GB: It used to be that customers were looking for employee and guest device access management. Conventional NAC. Now we are seeing customers who require
endpoint visibility – namely to get intelligence on all network assets and to ensure proper configuration and security policies are in place. Continuous compliance. Other customers are looking to get ahead of personal and corporate mobile device management. Our product is flexible enough to address all these objectives. I get a kick out of hearing about all the interesting applications and value that our product is able to offer our customers: everything from monitoring embedded healthcare systems and surveillance devices, to resolving host-based security system compliance issues, to stopping Xboxes from consuming network bandwidth. CounterACT is that flexible a platform. CounterACT certainly solves a customer’s initial security gap or compliance requisite. But our platform does lend itself to being used for a broader range of applications than often what was the original initiative. My favorite, most recent quote from one of our customers is: “CounterACT is becoming a verb… people will say: ‘You need to know about xyz system? CounterACT it!’” That’s pretty cool.
ITSJ: Enterprise, Governance Risk and Compliance (eGRC) is a popular topic these days, but the interest seems to be in both active defenses and compliance. How does ForeScout support eGRC?
GB: Security automation is a huge opportunity for us. Take endpoint visibility and compliance. Organizations use a variety of tools, many homegrown, to track down an
issue with an endpoint. Trying to tie together the system, network address, location, etc. – that consumes precious time and resources. A virtual machine that has migrated to a
different host – that is a real frustration for many customers. Our product offers that real- time endpoint, network and security intelligence – and can provide that information to the IT organization and other management systems. This automation well supports security operations and compliance.
For example, take a look at the investment in host-based security systems. Most IT departments deploy a varied set of security agents such as DLP and anti-malware. Yet, we can see that upwards of 30 percent of those endpoints or security agents have issues – they can be misconfigured, unpatched, inactive, out-of-date, infected or removed. Do the math with companies that have thousands of endpoints, and that presents rather serious security exposures and compliance risks. And those are just the endpoints that are visible and managed. That does not account for what devices and applications, which are often below the radar.
[With CounterACT], IT organizations can identify, record and assess any device connecting to their network in real-time. Not only can customers see when there is a security issue, but the system can attempt to remediate that problem. Customers see their security gaps and issues go down, but they realize improved compliance posture.
securerobe 