ForeScout Technologies Inc., a provider of network security solutions for Global 2000 enterprises and government organizations, has partnered with McAfee, part of Intel Security, to provide a new and enhanced interoperability between ForeScout CounterACT and McAfee solutions.
The integrations will combine the abilities of ForeScout products, McAfee products, and the McAfee Data Exchange Layer (DXL) to enable customers to protect infrastructure while supporting initiatives such as bring your own device (BYOD). ForeScout CounterACT will leverage the McAfee Threat Intelligence Exchange (TIE) to make enforcement and remediation decisions based on security information shared between endpoints, gateways, and other security products.
CounterACT enables IT organizations to address network visibility, access control, endpoint compliance, and threat management challenges in today’s enterprise networks. McAfee TIE solutions combining ForeScout CounterACT and other McAfee products include:
- McAfee Threat Intelligence Exchange (TIE) and Data Exchange Layer (DXL) Interoperability – CounterACT can onboard a BYOD laptop and verify the hashes of running processes against the McAfee TIE’s file reputation repository. CounterACT can then apply appropriate access policy and remediation actions based on whether or not any malicious files are detected.
- McAfee ePolicy Orchestrator (ePO) Software Integration – Updated to support McAfee ePO 5.1.1, CounterACT integrates bi-directionally, consuming information about endpoint properties and notifying McAfee ePO of changes. Both systems can then take action. For example, CounterACT detects devices as they connect to the network, validates that the device and user are authorized, and then assesses the device security posture, including whether or not the McAfee ePO host agent is installed, running, and up-to-date. When non-compliance is identified, CounterACT can inform McAfee ePO to take action, or CounterACT can attempt to remediate the violation directly.
- McAfee Vulnerability Manager (MVM) Integration – CounterACT informs McAfee MVM as soon as a device connects to the network, enabling real-time vulnerability scanning of endpoints, including transient devices that may be missed by periodic polling. CounterACT then leverages the MVM scan information for policy-based access control and remediation, such as quarantining or remediating vulnerable systems. This integration supports MVM version 7.5 and above.
“We are pleased to be partnering with ForeScout to help enable adaptive endpoint protection,” says Ed Barry, vice president of global technology alliances at McAfee, part of Intel Security. “The real-time capabilities that CounterACT brings to McAfee ePO software, MVM, and TIE by leveraging both the ControlFabric architecture and McAfee DXL gives joint customers the ability to monitor their corporate and BYOD endpoints in real time for indicators of compromise (IOCs) and non-compliance, ultimately providing them with actionable intelligence to help increase overall security posture.”
Interoperability for McAfee ePO versions 4.6 and 5.1 or higher is available to customers who are licensed and have maintenance for the ForeScout ePO Integration Module. Interoperability with MVM is available to those customers who have licensed the ForeScout Vulnerability Assessment Integration Module. McAfee TIE and DXL interoperability is planned for commercial availability in 2015.