ForeScout Technologies has announced a new partnership with McAfee, part of Intel Security, to provide a new and enhanced interoperability between ForeScout CounterACT™ and McAfee solutions. The integrations combine the abilities of ForeScout products, McAfee products and the McAfee Data Exchange Layer (DXL) to enable customers to protect infrastructure while supporting initiatives such as bring your own device (BYOD). ForeScout CounterACT will leverage the McAfee Threat Intelligence Exchange (TIE) to make enforcement and remediation decisions based on relevant security information shared between endpoints, gateways and other security products. This rapid information dissemination is part of a more proactive, integrated approach to fortifying a security posture.

McAfee MVM integration graphic“Given the dynamic nature of next-generation threats, organisations can no longer rely on isolated security solutions,” said Christopher Kissel, industry analyst, Network Security, at Frost & Sullivan. “To ensure the most comprehensive levels of protection, an integrated approach that speeds response is necessary to address advanced threats and close potential endpoint compliance gaps.”

ForeScout’s pervasive network security platform, CounterACT, enables IT organisations to efficiently address network visibility, access control, endpoint compliance and threat management challenges in today’s increasingly complex enterprise networks. McAfee TIE solutions combining ForeScout CounterACT and other McAfee products were showcased at the recent McAfee FOCUS 14 event in Las Vegas including:

  • McAfee Threat Intelligence Exchange (TIE) and Data Exchange Layer (DXL) Interoperability – ForeScout demonstrated CounterACT interoperability with McAfee TIE by leveraging McAfee DXL and how CounterACT can onboard a BYOD laptop and verify the hashes of running processes against the McAfee TIE’s file reputation repository. CounterACT can then apply appropriate access policy and remediation actions based on whether or not any malicious files are detected. This interoperability showcases how organisations can extend their security controls to BYOD laptops that may not be running McAfee endpoint protection agents.
  • McAfee ePolicy Orchestrator (ePO) Software Integration – Updated to support McAfee ePO 5.1.1, CounterACT integrates bi-directionally, consuming information about endpoint properties and notifying McAfee ePO of changes. Both systems can then take action. For example, CounterACT detects devices as they connect to the network, validates that the device and user are authorised, and then assesses the device security posture, including whether or not the McAfee ePO host agent is installed, running and up-to-date. When non-compliance is identified, CounterACT can inform McAfee ePO to take action, or CounterACT can attempt to remediate the violation directly. In addition, ForeScout showcased how CounterACT can take quarantine actions based on malware or other violations detected by McAfee ePO software, including new malware detections identified using McAfee TIE.
  • McAfee Vulnerability Manager (MVM) integration – The new integration between ForeScout and MVM harnesses CounterACT’s real-time network visibility and automated controls for more comprehensive, efficient and timely vulnerability assessment and risk mitigation. CounterACT informs McAfee MVM as soon as a device connects to the network, thereby enabling real-time vulnerability scanning of endpoints, including transient devices that may be missed by periodic polling. CounterACT then leverages the real-time MVM scan information for policy-based access control and remediation, such as quarantining or remediating vulnerable systems. This integration supports MVM version 7.5 and above.

MVM“We are pleased to be partnering with ForeScout to help enable adaptive endpoint protection,” said Ed Barry, vice president of Global Technology Alliances at McAfee, part of Intel Security. “The real-time capabilities that CounterACT brings to McAfee ePO software, MVM and TIE by leveraging both the ControlFabric™ architecture and McAfee DXL gives joint customers the ability to monitor their corporate and BYOD endpoints in real time for indicators of compromise (IOCs) and non-compliance, ultimately providing them with actionable intelligence to help increase overall security posture.”

“The growing breadth and sheer velocity of malware, advanced persistent threats (APTs) and zero-day exploits necessitates a more forward-looking approach to threat management,” said Wallace Sann, federal CTO at ForeScout. “By combining the functionality of CounterACT with McAfee solutions, mutual customers can detect, contain and remediate potential exposures more efficiently and effectively.”

Interoperability for McAfee ePO versions 4.6 and 5.1 or higher is available to customers who are licensed and have maintenance for the ForeScout ePO Integration Module. Interoperability with MVM is available to those customers who have licensed the ForeScout Vulnerability Assessment Integration Module. McAfee TIE and DXL interoperability is planned for commercial availability in 2015.

Related Articles