Security | News

ForeScout Network Access Control Extends McAfee Security Visibility

• By Dian Schaffhauser
• 10/03/12

Security firm ForeScout Technologies has expanded its functionality to work with security products from McAfee. The latest integration allows customers to use ForeScout's CounterACT, the company's network access control product, with McAfee's Enterprise Security Manager (ESM), a set of programs for doing enterprise-wide security information and event management (SIEM).

About a year ago ForeScout announced that it had integrated CounterACT with McAfee's ePolicy Orchestrator, which gave customers a way to see endpoints the moment they tried to connect to the network, and the ability to control those devices for compliance.

The purpose of the new integration is to provide organizations with a way to monitor device activities identified by CounterACT in McAfee's ESM, including network access violations, endpoint compliance problems, and mobile security issues.

The pursuit of simplicity in managing security threats is an idea that has been backed up by IT analyst firm Gartner. "Although many SIEM deployments have been funded to address regulatory compliance reporting requirements, the rise in successful targeted attacks has caused a growing number of organizations to use SIEM for threat management to improve security monitoring and early breach detection," stated the May 2012 Gartner report, "Magic Quadrant for Security Information and Event Management." "There is a danger of SIEM products (which are already complex) becoming too complex as vendors extend capabilities. Vendors that are able to provide deployment simplicity as they add function will be the most successful in the market."

ForeScout CounterACT provides the means for the security administrator to see and control devices connected to the network without an agent running on the endpoint device. IT can use it to set and enforce network usage policy rules, such as identifying and quarantining devices that don't comply with security rules or that exhibit malicious behavior. It's available as a physical appliance or as software that can run in a virtual server environment.

"By supporting interoperability between [the two products], we can give our mutual customers an effective way to extend situational awareness and to enforce access, mobile, and endpoint compliance controls for all users and devices," said Ed Barry, a McAfee vice president. "The joint solution will enable more rapid remediation of enterprise-wide threats that can originate from non-compliant endpoints."