1 / 29

ForeScout Technologies

ForeScout Technologies. Ayelet Steinitz , Product Manager April , 2003. The Problem. Constant New Threats and Vulnerabilities Current Solutions Not Sufficient Reactive Solutions Incur False Positives Reactive Solutions Miss Unknown Attacks Do not allow for automatic action

horace
Download Presentation

ForeScout Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ForeScout Technologies Ayelet Steinitz, Product ManagerApril, 2003

  2. The Problem • Constant New Threats and Vulnerabilities • Current Solutions Not Sufficient • Reactive Solutions Incur False Positives • Reactive Solutions Miss Unknown Attacks • Do not allow for automatic action • Inherent Window of Vulnerability • High Maintenance and TCO

  3. A New Approach to Network Security

  4. Knowledge: Mandatory Requirement • Knowledge is needed 100% of the time • Social Engineering • Password Snare • Networking • Public Domain • Email Server • Web Server • Reconnaissance • 20 types • Precedes Majority of Attacks

  5. Knowledge: Mandatory Requirement • Knowledge is needed 100% of the time • Social Engineering • Password Snare • Networking • Public Domain • Email Server • Web Server • Reconnaissance • 20 types • Precedes Majority of Attacks

  6. Typical Attack Process Attacker Internet Router Firewall Enterprise Most network attacks are preceded by reconnaissance activity to determine available services and network resources.

  7. Typical Attack Process Attacker Internet Router Firewall Enterprise The network sends information about available hosts and services in response to the reconnaissance.

  8. Typical Attack Process Attacker Internet Router Firewall Enterprise With this information, the attacker utilizes existing or new exploits to break into the network.

  9. ActiveScout Intrusion Prevention Scout Site Manager Attacker Internet Router Firewall Enterprise ActiveScout identifies all reconnaissance used by a potential attacker.

  10. ActiveScout Intrusion Prevention Scout Site Manager Attacker Internet Router Firewall Enterprise ActiveScout watches the network’s response, and sends its own unique information to the potential attacker. This unique information, or ‘mark’, is not distinguishable from the network’s legitimate response.

  11. ActiveScout Intrusion Prevention Scout Site Manager Attacker Internet Router Firewall Enterprise When the attacker uses the mark to launch an exploit, ActiveScout accurately identifies it and can actively block the attacker.

  12. The ActiveScout Difference #1 #2 Difference Difference Blocks Unknown Attacks 100% Accurate(no false positives,confidence to block) #3 #4 Difference Difference Minimal Cost Of Prevention InstantaneousPrevention

  13. The ActiveScout Difference #1 #2 Difference Difference Blocks Unknown Attacks 100% Accurate(no false positives,confidence to block) #3 #4 Difference Difference Minimal Cost Of Prevention InstantaneousPrevention

  14. Spida spreads Spida detected Protection offered Window of Vulnerability Time to Protection – Days/Weeks/Months/Never? Time to Prevention Without ActiveScout New Vulnerabilities New vulnerabilities(hundreds/month) Exploit is known to security community Protection available Time

  15. Spida spreads Spida detected Protection offered Time to Protection – Immediate Window of Vulnerability – Zero Instantaneous Prevention With ActiveScout New Vulnerabilities New vulnerabilities(hundreds/month) Exploit is known to security community Protection available Time

  16. State of Security Today Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

  17. State of Security Today Firewall Firewall Provides robuststaticprevention according to predefined policies Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

  18. Instantaneous Prevention ActiveScout Prevents intrusions from known and unknown threats in front of the firewall Firewall Firewall Provides robuststaticprevention according to predefined policies Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus) ActiveScout

  19. The ActiveScout Difference #1 #2 Difference Difference Blocks Unknown Attacks 100% Accurate(no false positives,confidence to block) #3 #4 Difference Difference Minimal Cost Of Prevention InstantaneousPrevention

  20. ActiveScout Minimal Cost of Prevention ActiveScout Legacy Systems Action

  21. The ActiveScout Difference False Alarm Rate Time to Prevention Cost of Prevention Days, Months, Years 30%-60% $$$$$$$ $ 0% 0% Conventional Systems Conventional Systems Conventional Systems ActiveScout ActiveScout ActiveScout

  22. ForeScout’s Intrusion Prevention Solutions • ActiveScout Site Solution • Precisely identifies and then blocks attackers at a single internet access point with zero false alarms. • ActiveScout Enterprise Solution • Precisely identifies and then blocks attackers with zero false alarms across a large enterprise. • Enterprise Manager • Provides centralized management of all Scouts deployed • Enterprise Heads-Up • Thwarts the rapid spread of attacks from one internet access point to the next.

  23. ActiveScout Site Solution • Intrusion Prevention for Each Internet Access Point Scout Site Manager Router Enterprise Firewall Internet .

  24. ActiveScout Enterprise Solution • Protects an entire enterprise • Centralized viewing of all attack activity around the world • Centralized management of groups of Scouts • Ability to push new software updates to remote Scouts

  25. ActiveScout Enterprise Solution Scout Site Manager Scout Enterprise Manager Internet Management Server Intrusion Prevention for Multiple Internet Access Points

  26. Enterprise Heads-Up • Enterprise deployments only • Immediate sharing of threat information across multiple Scouts to assure proactive prevention across the enterprise • Provides the fastest way to protect from new attacks traversing the internet

  27. Enterprise Heads-Up Step 1. Attacker detected by New York Scout New York San Francisco Step 2. Attack information immediately sent to Management Server Step 3. San Francisco Scout ready to block attacker Management Server

  28. Summary • Accurate Identification • Zero False Positives • Block Known and Unknown Attacks • Instantaneous Prevention • Minimal Cost of Prevention

  29. Ayelet Steinitz Product Manager, ActiveScout Tel. (650)358-5586 asteinitz@forescout.com ForeScout Technologies, Inc. 2755 Campus Drive, Suite 115 San Mateo, CA 94403 (650) 358-5580 www.forescout.com

More Related