• No results found

The ForeScout Difference

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The ForeScout Difference"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

The ForeScout Difference

Mobile Device Management (MDM) can help IT security managers secure mobile devices and the sensitive corporate data that is frequently stored on such devices. However, ForeScout MDM Enterprise delivers a complete security solution for the following reasons:

1. MDM systems can only see and manage devices that have already been enrolled in the MDM system.

2. MDM systems typically do not control access to the network.

3. MDM systems are often operated as another management silo, with another set of reports.

Through a simple plug-in module, ForeScout MDM Enterprise integrates with ForeScout CounterACT, our flagship network access control and security automation product. Once integrated, you will obtain many valuable synergies:

• Automated real-time detection of mobile devices the moment they try to connect to your network, including unmanaged and unknown devices.

• Improved security by blocking unauthorized users and devices from the network.

• Unified compliance reporting for all endpoint devices — PCs, smartphones, and tablets.

• Automated installation of MDM agents by directing unmanaged devices to an installation web page.

• Unified network access control policy enforcement options.

• Allow compliant and managed devices onto the network.

• Limit network access based on device type, ownership, time of day, and compliance.

• Block non-compliant, or certain types of devices, from your network completely.

• Guest registration for personal mobile devices that are not owned by employees. Once a guest has registered and been approved, ForeScout CounterACT can restrict the user’s access to just the Internet.

• Continuous protection. If malware on a mobile device tries to propagate or interrogate your network, ForeScout CounterACT will block the threat, and remove the device from your network.

NAC Alone MDM Alone NAC + MDM

Visibility Basic OS info on

all devices Full info on

managed only Complete Network Access

Control Complete No Complete

Mobile Device

Compliance Very limited Complete Complete

Agent Deployment Network based Pre-registration Both Figure 7: NAC + MDM = Complete security.

(2)

ForeScout MDM Enterprise

Figure 8: ForeScout MDM integration scope and coverage.

Device Support

• iOS version 4.3 and higher • Android version 2.2 and higher

• BlackBerry Enterprise Server (BES) version 5.0 and higher

• Windows Phone 7.5 and 8 devices when integrated with Exchange ActiveSync and Lotus Traveler

ForeScout Technologies, Inc.

900 E. Hamilton Ave., Suite 300 Campbell, CA 95008 U.S.A.

T 1-866-377-8771 (US) T 1-408-213-3191 (Intl.) F 1-408-213-2283 (Intl.) www.forescout.com

. . . .

Take the ForeScout Challenge

Let us know which ForeScout solution is right for you, and we’ll arrange a free on-site evaluation.

. . .

About ForeScout

ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks.

The company’s CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based mitigation of security issues. ForeScout’s open ControlFabric™ technology allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout’s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at www.forescout.com.

(3)

ForeScout MDM Enterprise

ForeScout MDM Enterprise™ is the fastest and most comprehensive way to configure devices for enterprise access and secure corporate data on smartphones and tablets — all from a single screen. ForeScout MDM Enterprise is an easy to use platform that includes all of the essential functionality for end-to-end management of iOS, Android, Windows Phone, and BlackBerry devices.

ForeScout MDM Enterprise is powered by MaaS360®, a powerful cloud-based technology used by over 3000 organizations around the world to secure over 1 million mobile devices, and named

“Leader” in the Gartner Magic Quadrant for MDM Software and “Winner” of the 2013 SIIA CODiE Award for Best Mobile Device Application for Enterprises.

. . . .

Total Endpoint Policy Management

With the explosion of handheld mobile devices, we are all hurtling toward a “post PC” world in which employees will be carrying various mobile devices, some owned by them, some owned by the company. This new paradigm of computing is challenging our existing paradigms of network security, data security, and device security.

Wouldn’t it be nice if, instead of implementing new security silos that are limited to mobile devices, you could extend your PC and network security systems to encompass mobile devices?

With a single unified security management and reporting system, you would be confident that your network is secure regardless of what type of device a user may be carrying — a PC, a Mac, a smartphone or tablet. You would minimize costs and administrative overhead.

That future is today.

ForeScout MDM Enterprise

ForeScout MDM Enterprise, powered by MaaS360, includes all of the essential functionality that you need for end-to-end management of iOS, Android, Windows Phone, and Blackberry devices.

And what’s better is that it integrates with ForeScout CounterACT™, our flagship network security and policy automation system, to give you unified visibility and control over everything on your network.

ForeScout MDM Enterprise is a cloud-based solution, so deployment is quick and easy. In just a few clicks, IT can start enrolling devices and managing the entire mobile device lifecycle, from enrollment to security, monitoring, application management and support. Together with ForeScout CounterACT, ForeScout MDM Enterprise provides a whole new level of centralized visibility and control for actionable insights into your entire computing landscape.

• Secure All Mobile Devices: ForeScout MDM Enterprise supports all major smartphone and tablet platforms including iOS, Android, Windows Phone, and BlackBerry — in both Exchange and Lotus Notes environments.

• Embrace BYOD: ForeScout MDM Enterprise provides workflows to discover, enroll, manage and report on personally owned devices as part of your mobile device operations.

• Experience Simple Device Enrollment and Approval: ForeScout MDM Enterprise provides auto-quarantine for Exchange, and alerts IT personnel to approve all new devices. Additionally it provides for easy user self-enrollment via web, email or SMS.

Highlights

Features

•Automated real-time detection of mobile devices

•Seamless enrollment & installation of MDM agents on unmanaged devices •Policy-based blocking of unauthorized

devices

•Identify corporate vs. personal devices •Identify unauthorized or non-compliant

devices

•Identify mobile devices without password protection

•Identify mobile devices that are missing required apps, for example, management or security apps

•Send messages to mobile users

•Work with ForeScout CounterACT to block or limit network access based on who, what, when, where, and how secure the device is

•Unified network access policy management and reporting of all endpoint devices on the network regardless of user, device ownership, device type, connection method, or location

•Identify and block malicious activity Benefits

•Improved visibility across all mobile devices connected to your network •Enhanced security against non-compliant

devices

•Operational efficiency with automated enrollment

(4)

ForeScout MDM Enterprise

How ForeScout MDM Enterprise Works

With an intuitive interface and easy to use workflows, ForeScout MDM Enterprise enables you to support the entire mobility lifecycle — from enrollment to configuration management, compliance, security, app and document management, along with help desk support.

Provision: ForeScout MDM Enterprise streamlines the configuration and device enrollment process using SMS, email or a custom URL to make life simple for IT and mobile employees. Device enrollment takes just minutes. When combined with ForeScout CounterACT, provisioning is highly automated for any new device that accesses the network. Users can be authenticated over the network using Active Directory/LDAP, using a one-time passcode, or with SAML.

Integrate: With ForeScout MDM Enterprise Cloud Extender, you can securely integrate with all major email, calendar and contacts platforms including Exchange, Lotus Notes, and Microsoft Office 365, plus Active Directory and any required Certificate Authorities.

Manage: OTA configuration management provides simple delivery and maintenance of corporate device profiles, including Wi-Fi and VPN settings. Create custom groups for granular management.

Define role-based administrative portal access rights. Decommission devices by removing corporate data and MDM control (see Figure 1).

Secure: ForeScout MDM Enterprise provides dynamic, end-to-end security and compliance management. Enforcement of passcode policies and strong encryption keys protects sensitive business and personal data on mobile devices. Through real-time compliance management, ForeScout MDM Enterprise can detect when users opt out of your MDM program, install prohibited applications, jailbreak/root their mobile devices, or initiate SIM changes. Take automated actions such as messaging the user, blocking email, wiping corporate data from the device, or removing it from the network.

Monitor: ForeScout MDM Enterprise provides integrated reporting and analytics to provide a high level view into your mobile device landscape across your enterprise with detailed hardware and software inventory reports, plus configuration and vulnerability details. Mobility Intelligence™

dashboards deliver an interactive, graphical summary of your mobile device operations and compliance.

Support: ForeScout MDM Enterprise provides robust help desk capabilities for support procedures such as locating a device with GPS, resetting a user’s passcode, and sending a direct message to a device. ForeScout MDM Enterprise also provides an end-user support portal that allows users to do basic self-management of their device, such as wiping or resetting the password on a lost device.

Application Management: ForeScout MDM Enterprise lets you have your own centrally managed Application Catalog of approved or recommended public applications and in-house developed applications. Within the catalog users can instantly view apps available to them, install apps, and be alerted to update apps. IT administrators can set policies for blacklisted, whitelisted and required apps (see Figure 2).

Expense Management: ForeScout MDM Enterprise enables organizations to set corporate-wide expense policies, and to proactively monitor and track mobile data and application usage. This lets you optimize your mobile spend and shift the accountability to business units and/or individual employees.

“Enterprises must be prepared to

manage and secure a wide range of

devices, some of which they don’t own.

Multiplatform MDM tools are one way

to achieve this.”

Gartner, “Top 10 Mobile Technologies for 2012 and 2013”, 14 February 2012, Nick Jones

“No matter what [BYOD] strategy is

selected, the ability to detect when

unmanaged devices are in use for

business purposes will be required —

and that requires NAC.”

Gartner, “NAC Strategies for Supporting BYOD Environments”, 22 December 2011, Lawrence Orans and John Pescatore

(5)

Figure 2: Enterprise allows you to centrally manage applications.

Figure 3: Distribute documents securely to mobile devices.

Figure 5: Mobile Application Security let’s you integrate full security management.

Figure 6: Set secure browser policies for users.

(6)

ForeScout MDM Enterprise

Document Management: ForeScout MDM Enterprise lets you distribute business documents to users of mobile devices while providing total manageability and control. Each document can have its own security policy, including required authentication, share restriction and time-based expiration, and be distributed to all users, selected groups, or individual devices. Documents are distributed to the ForeScout MDM Enterprise Document Catalog on mobile devices, which is an encrypted document container that provides complete security, including data loss prevention controls and protection from unauthorized distribution. Integrate with content in SharePoint or Box, or leverage the MaaS360 Doc Cloud, a globally optimized distribution network which reduces network load and increases scalability and performance (see Figure 3).

Secure Mail: ForeScout MDM Enterprise delivers a secure office productivity app with email, calendar and contacts to allow employees to securely collaborate with colleagues while preserving the mobile experience on their personal devices. This addresses key concerns of data loss risks.

Through authentication and authorization, only approved, valid users can access sensitive emails and data. With policies for data leak prevention, you can restrict sharing by users, forwarding of attachments and copying and pasting of email text. Devices that are lost, stolen or compromised can be selectively wiped to remove the secure email container, all attachments and profiles (see Figure 4).

Mobile Application Security: Using our simple application wrapper or Software Development Kit (SDK), you can secure in-house applications with a mobile application container. You can integrate full security management including enforcing authentication and data leak prevention controls, such as restricting copy, paste, and cloud data backups. Device compliance checks can be enforced prior to launching a secured application and real-time alerts can be sent to the administrator when compliance violations occur. Provision app-level tunnels for secure access to corporate data without needing a device VPN (see Figure 5).

Secure Document Sharing: ForeScout MDM Enterprise not only enables users to view content, but create, edit and save content securely on-the-go, all in an encrypted container. The secure office productivity app works with all common file types including Word, Excel, PowerPoint, and text formats. Users can seamlessly access and share content via Secure Mail, MaaS360 Doc Cloud and corporate file shares (e.g., SharePoint, Box).

Secure Browser: ForeScout MDM Enterprise includes a Secure Browser app which reduces the vulnerability your mobile devices have to risky websites that may contain malware, violate HR policies, or simply waste your users’ precious time. The Secure Browser blocks known malware and malicious websites using a scanning engine and reputation database. IT administrators can specify categories of web content that are blocked, for example social networking sites, download sites, and explicit sites. Send custom text or HTML notifications to users when they try to access a prohibited URL. Redirect users to a specific URL when policies are violated. Alert administrators in real time when users try to access forbidden sites. Optionally disable native or third party browsers.

Setup secure access to corporate intranet sites and enterprise networks with no VPN required (see Figure 6).

Combine NAC and mobile device

management (MDM) to enforce policies

in a BYOD environment. Personally

owned devices that are not managed

by MDM agents should be limited to

Internet access only, or placed in a

limited access zone where they can

access a subset of applications and

network resources as per user/group

role.

Recommendation from the Gartner Case Study

References

Download now ( PDF - 6 Page - 2.53 MB )

Related documents

1/18/2013. Topics for Discussion. Learning Objectives. The Affordable Care Act (ACA) and School Psychology. Minnesota School Psychologists Association

(22) MENTAL HEALTH SERVICE PROFESSIONAL- The term `mental health service professional' means an individual with a graduate or postgraduate degree from an accredited institution

Technical Note. ForeScout MDM Data Security

For example, if a device is discovered to be lost or non-compliant (perhaps jailbroken), ForeScout MDM can automatically wipe all email and associated attachments, restrict or

IT Resource Management vs. User Empowerment

An MDM solution is intended to provide centralized security and management of mobile devices in order to protect corporate data stored on the devices, and data that these devices

Technical Note. ForeScout CounterACT Rogue Device Detection

ForeScout CounterACT manages rogue devices by using multiple technologies to learn about everything on your network with continuous endpoint visibility, automated actions (as noted

ForeScout Technology Mobile Security Software

In our opinion the integration of CounterACT NAC, its Mobile add-on modules and FS MDM, had demonstrated to be a valid and effective end- to-end Security solution,

ForeScout CounterACT Endpoint Compliance

CounterACT uses administrative credentials to query corporate-owned devices, which means that CounterACT does not require an endpoint agent to glean the information.. To glean

Mobile Device Management:

Mobile Device Management (MDM) software provides IT organizations with security-relevant capabilities that support the integration of mobile devices into enterprise

ForeScout CounterACT. Continuous Monitoring and Mitigation

ForeScout CounterACT, along with ControlFabric, provides you continuous monitoring and mitigation capabilities, a means to enforce network and endpoint controls, and a mechanism