© 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout...
-
Upload
ayanna-bunnell -
Category
Documents
-
view
224 -
download
2
Transcript of © 2013 ForeScout Technologies, Page 1 Scott Gordon (CISSP-ISSMP) Vice President – ForeScout...
© 2013 ForeScout Technologies, Page 1
Scott Gordon (CISSP-ISSMP)Vice President – ForeScout Technologies
Considerations To Secure Enterprise Mobility / BYOD
March, 2013
© 2013 ForeScout Technologies, Page 2
About ForeScout
ForeScout is the leading global
provider of real-time
network security
solutions for Global
2000 enterprises and
government
organizations.
Innovative Technologies• Real-time visibility and control
• Leader ranking by Gartner, Forrester and Frost & Sullivan…
Global Deployments• Financial, healthcare, education,
manufacturing and government…
• Enterprise implementations(> 250k endpoints)
At a Glance• Founded in 2000 —
HQ in Cupertino, CA
• Dominant independent vendor of Network Access Control (NAC)
#2 market share, behind Cisco
• BYOD, endpoint compliance and cloud fueling growth
*Magic Quadrant for Network Access Control, December 2012, Gartner Inc.
**Forrester Wave Network Access Control, Q2-2011, Forrester Research
***Analysis of the NAC Market,February 2012, Frost & Sullivan
© 2013 ForeScout Technologies, Page 3
Enterprise mobility is the use of wireless, mobile and consumer devices, as well as mobile and cloud-based applications to enable access to corporate resources.
Bring Your Own Device (BYOD) strategy is the extent that an IT organization prohibits, tolerates, supports or embraces the use of personal mobile devices at work and the controls to enforce such policy.
Framing Enterprise Mobility andIT Consumerization / BYOD
Risks
• Data lossLost phone or laptopUnauthorized accessCompromised systemUnknown data protection
• MalwarePhishing, access, mobile/app
• ComplianceRogue devices, unauthorized apps, inconsistent policy
Challenge
• Proliferation of mobile devices on corporate networks impacts security
• Consumers are setting the rules with personal and mobile device and application use
• IT teams need visibility and control; user, device, application, data and network
© 2013 ForeScout Technologies, Page 4
Market Research – Mobile Security Product Requirements
Generally, virtually all respondents rate all of these MDM features as being “important” or “essential” (90% or higher). Essential features of “network access control” and “unified policy management” are unavailable from MDM solutions.
Generally, virtually all respondents rate all of these MDM features as being “important” or “essential” (90% or higher). Essential features of “network access control” and “unified policy management” are unavailable from MDM solutions.
Boston Research Group, ForeScout Sponsored Mobile Security Study, 2012
Network Access Control
SecurityPosture Security
Management SoftwareManagement Unified Policy
ManagementInventory
Management
© 2013 ForeScout Technologies, Page 5
1. Form a committee
2. Gather data
3. Identify use cases
4. Formulate policies– Which corporate applications?– Which users?– How will data be secured?– Who will be responsible for BYOD support?– What happens if the device is lost or stolen?– How will the endpoint device be updated?– Acceptable use policies?
Framework: Securing BYOD Implementation
© 2013 ForeScout Technologies, Page 6
5. Decide how to enforce policies – Network controls?– Device controls?– Data controls?– App controls?
6. Build a project plan – Device enrollment– Remote device management?– Cloud storage?– Wipe devices when employees are terminated?
7. Evaluate solutions– Ease of implementation?– Cost?– Security?– Usability?
Framework: Securing BYOD Implementation
© 2013 ForeScout Technologies, Page 7
1. Form a committee
2. Gather data
3. Identify use cases
4. Formulate policies
5. Decide how to enforce policies
6. Build a project plan
7. Evaluate solutions
8. Implement solutions – Network controls?– Device controls?– Data controls?– App controls?
Framework: Securing BYOD Implementation
© 2013 ForeScout Technologies, Page 8
1. Form a committee
2. Gather data
3. Identify use cases
4. Formulate policies
5. Decide how to enforce policies
6. Build a project plan
7. Evaluate solutions
8. Implement solutions
Framework: Securing BYOD Implementation
© 2013 ForeScout Technologies, Page 9
Enterprise Mobility Control CharacteristicsNAC is Fundamental to Secure BYOD/CYOD
CHARACTERISTICSAPPROACH
Block all personal devices• Very secure!• Career limiting…
Manage all personal devices (MDM)• Good security at the device level• Phones/tables… not Win & Macs• Separate management console
Restrict the data (VDI)• Strong data protection• Varying user experience• Not for the road warrior
Control apps (MEAM, MAW)• Secure the app and data• Must be used with other controls
Control the network (NAC)• Foundational, simple, real-time coverage• Network-centric visibility and control
© 2013 ForeScout Technologies, Page 10
CounterACT: Continuous Monitoring & Remediation Proven Platform for Real-time Visibility and Automated Control
Port-based Enforcement [With or without 802.1x]
Natively or with 3rd party Integration
SIEM, MDMIdentity, HBSS
CompleteVisibility
EnforcementRemediation
SystemIntegration
Endpoint Authenticate
& Inspect
Device Discovery, Profiling [HW/SW USER LOC ...]
Multi-factor, Complete,Clientless Interrogation
Continuous
Monitoring
© 2013 ForeScout Technologies, Page 11
CounterACT: Continuous Monitoring & Remediation See Grant Fix Protect
Real-time Network Asset Intelligence
• Device type owner, login, location
• Applications, security profile
Email CRMWeb
Guest
User
Sales
Policy-based Controls
• Grant access, register guests
• Limit or deny access
Automated Enforcement
• Remediate OS, configuration, security agents
• Start/stop applications, disable peripherals
• Block worms, zero-day attacks, unwanted apps
• Phased-in, manual or fully automated
X
© 2013 ForeScout Technologies, Page 12
What is Mobile Device Management
The Essentials
•Device enrollment
•OTA configuration
•Security policy management
•Real-time reporting•Remote lock, wipe, selective wipe•Self-service portal•Enterprise App portal
Advanced Management
•Email access controls•Application management•Document management•Certificate management•Profile lock-down•Corporate directory integration•Geo sensing•PII Protection
Event-based Security & Compliance
Device Enrollment,
Acceptable Use
Corp App Storefront
MDM Actions
© 2013 ForeScout Technologies, Page 13
NAC+MDM Synergies: 1+1=3Unify visibility, compliance and access control
NAC focus is network
MDM focus is mobile device
MDM Alone NAC Alone NAC+MDM
Visibility Full info on managed only.
Basic OS info on all devices
Complete
Access Control For managed and email only
Partial (Missing endpoint info)
Complete
Deployment Pre-reg agent Network-based, Automated
Complete
Enforcement Polling rate On network access Complete
Network control No Yes Complete
Root detection On profile check On network access Complete
© 2013 ForeScout Technologies, Page 14
ForeScout CounterACT
© 2013 ForeScout Technologies, Page 15
Unified Visibility and ControlSecurity operators gain greater visibility and control
© 2013 ForeScout Technologies, Page 16
• Easy to use and deploy with Low TCOHybrid 802.1X/Agentless approach; works within existing/legacy environment
Easy, centralized administration; high availability, scalable, non-disruptive
• Real-time situational awarenessAll users, devices, applications - infrastructure agnostic
Wired, wireless, managed, rogue, VMs, PC, mobile, embedded
• Flexible, Integrated Mobile SecurityValue of NAC with MDM device security
ForeScout: broadest integration with leading MDM vendors
• Rapid results and time-to-valueExtensible templates and controls with robust
SIEM, HBSS, CMDB, MDM and directory integration
ForeScout CounterACT Advantages
© 2013 ForeScout Technologies, Page 17
Thank You** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
***Frost & Sullivan chart from 2012 market study Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Base year 2011, n-20
*This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service ]depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.