AddThis Social Bookmark Button

CounterACT 7.0 – NAC and BYOD Tool Gets Even Better

CounterACT 7.0 – NAC and BYOD Tool Gets Even Better

First Look Review by Mark Brownstein

Last year, I took a long look at ForeScout CounterACT, a Network Access Control platform, and I was impressed. Now, with Version 7.0, I’m even more impressed. If I had responsibility for securing a medium-sized or even global enterprise network, CounterACT would be among the tools that I would strongly consider to be a must-have.

802.1x is one of only a few standards for device and user authentication, but it can be sheer drudgery to configure and manage in large, heterogeneous environments. The new version of CounterACT adds a wide range of 802.1x features, including an OpenRADIUS Server that is built into the product. The prior version of CounterACT only offered a proxy-mode, which was easy to set up, but by providing both proxy and built-in RADIUS approaches, there are more authentication options. For those who don’t have RADIUS, when you implement CounterACT, you will – and for those who do have RADIUS, CounterACT will give you a secondary RADIUS Server for high availability.

CounterACT makes Network Access Control (NAC) even more flexible and easier to manage than it was in the previous version. CounterACT offers alternative authentication methods for parts of your network that might not be ready for 802.1x or for systems that can’t support an 802.1x supplicant (agent software). You get the benefits of NAC right away while you migrate to 802.1x or merge different organizations or locations. For many, avoiding or reducing reliance on agents is the better alternative to 802.1x. Either way, CounterACT 7 covers it with extensive roles-based and device-based authorization and broad enforcement routes. Scalability also gets a boost from an updated Enterprise Manager that now manages up to 250 CounterACT appliances as one and a new CounterACT appliance that supports 10,000 devices.

CounterACT 6 came with a bunch of cookie-cutter templates plus a powerful policy engine if you wanted to get fancy – all presented in an elegant GUI. Version 7 adds usability features. Perhaps the visually most striking and readily handy feature is the new Tactical Map. This slick dashboard map (yes, actually using Google maps) shows, at a glance, the status of all connected devices. The administrator can drill down by location, logical group or issue type to quickly determine the status of any device. The map makes it even easier to manage and monitor one or multiple sites and thousands of endpoints. This extends the previous release that had presented list views with device status and action options.

 

Above: ForeScout CounterACT 7: Dashboard Tactical Map

While version 6 provided a real-time inventory of devices and many other endpoint details, version 7.0 offers more hardware information and the query function is made even more accessible. The search console appears to respond faster and now provides extremely diverse search options, with the ability to search based on single or multiple values, against data on all hosts, or by device selected, using one or more filters. For example, you can search for threats in a particular network segment, and can drill down to specific threats on specific devices. Alternatively, your interest may be in specific applications, patches, or compliance issues within organizational units. CounterACT makes searches easy and powerful – and the results can be exported.

Any discovered endpoint attribute is searchable and can be used in a NAC policy. For example, you can inspect and validate X.509 certificates to assure that all network connections are made only to devices with valid certificates. This helps protect the network from attacks by rogue systems using spoofed, expired, or incorrect certificates, as an added level of protection. Beyond search, reporting was also improved with an easier way to generate and manage reports.

“Bring your own device” (BYOD) security is of ever-increasing importance to organizations. Fortunately, CounterACT’s mobile capabilities are excellent. CounterACT can detect different mobile devices and apply any number of NAC policies, including guest management. CounterACT’s optional plug-in and mobile app (ForeScout Mobile) offers deeper inspection of iOS or Android devices. It can do an inventory and can enforce root detection, password strength, encryption, email and unwanted app policy – device violations can result in blocked or limited network access.

With ForeScout Mobile, you can go one step further and actually control some configuration of the device similar to that of a mobile device management (MDM) system. For example, with iOS devices, you can limit corporate WiFi access points, control corporate email access or even turn the camera off when connected to the corporate WiFi network. CounterACT doesn’t take ownership of the device, however. At the end of the day, the user can easily restore the previous device configuration. This plug-in also works with other MDMs – so you can see MDM-managed handhelds along with unmanaged and CounterACT-managed mobile devices on the same console.

On the whole, CounterACT offers a lot of useful features in a flexible package. With CounterACT 7.0, ForeScout has taken a solid access and endpoint security platform to greater heights – especially for IT managers who need to see and manage BYOD devices on their network.

Click here to read a review of ForeScout's CounterACT 6.4.

For more information, visit www.forescout.com/ITSJ2.

Mark Brownstein is a writer and editor, and has written for many leading technology publications. He has served as L.A. Bureau Chief at InfoWorld, Technology Editor at Network World, Senior Technology Editor at Network Magazine, and Executive Editor at Computer Technology Review. A networking and storage technologist and product reviewer, Mark has authored seven books and is a consultant. He can be reached at mark@brownstein.com.

 

ForeScout Upping the Ante for IT Organizations Considering BYOD

Tuesday, 08 May 2012 14:52

by Kim Borg

The research coverage speaks for itself. In response to news of ForeScout bringing mobile device management to network access control, 451 Research industry analyst Chris Hazelton wrote: "As IT needs to react to the mobile invasion, we see strong synergies between NAC and MDM to control the movement of corporate data across smartphones and Tablets. The goal is to provide a single console for IT to view network usage across desktop, smartphone and tablets. As companies face an invasion of employee-owned mobile devices, the ability to view who, and with what type of device, is connecting to enterprise data becomes increasingly important."

ForeScout, which provides an automated security control platform [see CounterACT review by CTR], is well known for its leadership position in the network access control (NAC) market. Since last year, it has been building up its arsenal to enable IT organizations to attain the same level of visibility and control with personal and managed mobile devices that security operators have with endpoints such as PC workstations, notebooks, servers and virtual machines leveraging NAC.

While the company’s flagship network security product, CounterACT, can identify and set basic policy for both managed and unmanaged mobile devices, the company delivered native mobile security capabilities for iOS and Android following the RSA show this past spring. As a complement to its NAC appliance, ForeScout’s Mobile Security Module adds lightweight and useful mobile device level security at an aggressive price. We interviewed a retailer prospect, who put this product on his most wanted list, saying “it was powerful enough, would have immediate value, conveniently works right within CounterACT, and it meets our budget.” The company also announced the means to integrate with leading mobile device management (MDM) products via an Integration Mobile.

Now ForeScout is upping its mobile security game by entering the MDM market, which Gartner predicts will grow by 21 percent over the next year to the tune of $1.9 billion. By partnering with Fiberlink and customizing the award-winning Maas360 solution, ForeScout is able to bring to market a mature, cloud-based MDM in the form of ForeScout MDM. The joint announcement claims that this is the first integrated NAC and MDM solution that “provides the level of management, visibility and control needed across all mobile devices, users, networks, applications and data.”

Indeed, ForeScout, the fastest growing NAC vendor in the space and among the top three players in the NAC market, appears to be more than just onto the next trend.

Following ForeScout’s Mobile announcement, Cisco announced similar plans to open its NAC product line to support third party MDM players. Other, smaller NAC vendors have also received a boost from BYOD. For example, Enterasys announced support for mobile devices while Bradford Networks announced some integration with Hewlett-Packard’s MDM.

“Companies can’t ignore BYOD, but are well aware of the risks and need for greater security measures. We want to provide customers the most flexibility to advance their mobile security capabilities wherever they sit with BYOD adoption. By offering NAC, native mobile security and MDM approaches, users can choose the right level of security at the right cost relative to the device, user, application and level of risk. It’s a ‘right-sized’ mobile security strategy that is resonating within the market and supported by all the leading market research firms,” said Scott Gordon, vice president of marketing at ForeScout.

The approach is certainly resonating with analysts such as Hazelton, who said: “The integration with MDM, and appropriating some of the capabilities of MDM, mean ForeScout can be used to deliver management and security to a set of employees that don't need or warrant full device management capabilities, such as mobile application provisioning and control. The ability to integrate MDM and NAC will allow different roles within IT to choose between using ForeScout's console or that of the incumbent MDM vendor. This meets IT's need for both simplicity and reduction in the need for training. We got a sneak peak at ForeScout's partner list among MDM vendors, and we like what we see so far.”

IT organizations are indeed hot for BYOD and mobile security, whatever the technology incarnation. Through its own innovation and by partnering with a variety of infrastructure vendors such as Maas360, ForeScout has been able to successfully win over large accounts against larger networking vendor incumbents and seems well positioned to offer a compelling package for BYOD for the mid-tier and Fortune 500.

Spectra T50e from Spectra Logic -- It's Just a Better Tape Library

Spectra T50e from Spectra Logic -- It's Just a Better Tape Library

By combining field-proven reliability with cutting-edge storage innovation, the Spectra© T50e LTO tape library offers enterprise-caliber management and functionality in an affordable, compact, 4U rackmount system. Supporting the latest fifth generation of LTO technology (LTO-5), Spectra T50e offers up to 150 TB of compressed storage and a compressed transfer rate of up to 4TB per hour with four half-height drives. T50e easily stands out in front on competing libraries in its class with more innovative features including:

  • Free integrated encryption key management
  • Media, drive, and library health monitoring
  • Partitioning to help manage different operations
  • "Phone Home" capabilities
  • User replaceable parts


Learn more about why Spectra T50e is just a better library. Spectra T50e Overview Video



 

Vision Solutions EchoStream™ for AIX®

Vision Solutions EchoStream™ for AIX®

EchoStream™ for AIX® from Vision Solutions is a true continuous data protection solution that delivers nearly instantaneous recovery of your applications and data at the push of a button. Unlike traditional backup solutions, EchoStream enables you to recover data from any point in time, easily and immediately, with continuous data protection (CDP) capabilities. Should your business encounters accidental or malicious data corruption you can reverse the damage and continue onward. Use it to make your data more secure, and as a cost-effective business continuity and disaster recovery strategy.


EchoStream for AIX:

* Provides the definitive solution for recovery from data corruption issues, with the widest range of available recovery points.
* Ensures faster recovery with excellent recovery point granularity—to any point in time. Choose a recovery point based on where a failure occurred.
* Flexible technology allows rapid data or server recovery for any database, file system or application environment.
* Supports heterogeneous storage and addresses both logical and physical

Download Free White Paper

Product Review: RASILIENT's RASTOR Storage Solution

RASILIENT Systems designs and manufacturers the RASTOR line of standards-based, open architecture, storage solutions that integrate custom-tuned Linux software. While embedded hardware solutions can often be a generation behind in memory and bus technologies, the RASTOR 7500 utilizes easily extensible software for tasks that range from RAID level processing to iSCSI traffic aggregation.

RASILIENT’s RASTOR storage arrays rely on software to provide RAID redundancy, provision virtual disk volumes, and manage iSCSI connectivity. For enterprise-class networking, the RASILIENT software balances iSCSI traffic load and failover using multiple NICs, while simplifying client management by presenting a single IP address.

RASILIENT's load balancing software works at the iSCSI network layer using an iSCSI protocol redirect feature, which was created to handle target devices that were busy or undergoing maintenance. This technique is compatible with Microsoft's MPIO implementation on client initiators, for which RASILIENT also provides support so that clients can establish multiple connections for failover redundancy.

Read more...
Sign Up for Breaking News and Top Stories in the CTR+ Newsletter (enter email below)

IT Security Journal