Transcript
PALO ALTO NETWORKS: Technology Partner Solution Brief
ForeScout CounterACT Integration with Palo Alto Networks WildFire Platform Technology Segment: Authentication and Access Control
The Palo Alto Networks® Technology
SOLUTION OVERVIEW
Partner Program includes a select
ForeScout has partnered with Palo Alto Networks to deliver a unique and powerful solution for real-time monitoring and mitigation of enterprise risk associated with non-compliant and/or compromised endpoints. With this joint solution, you can rapidly identify, verify and quarantine APTs, botnets and propagating malware in distributed and “bring your own device” (BYOD) environments. As a result, you can reduce breaches, data loss and reputation risk while preempting costly investigation and remediation tasks.
group of partners that deliver solutions or products that interoperate with the next-generation firewall. HIGHLIGHTS Real-time Visibility Obtain real-time intelligence about the endpoints on your network, including unauthorized devices and BYOD endpoints owned by employees, guests and contractors.
■
Advanced Threat Protection Palo Alto Networks WildFire platform supplements ForeScout’s ActiveResponse to help you detect and block APTs and zero-day attacks that traditional security controls miss.
■
Rapid Response to Security Breaches Respond immediately to compromised devices on your network and prevent threat propagation. Quarantine infected endpoints and initiate other risk mitigation actions.
■
Endpoint Security Assurance Reduce enterprise risk by ensuring that endpoints have up-to-date security defenses. Continuously monitor and mitigate security gaps on endpoints connecting to your network.
■
ForeScout CounterACT and Palo Alto Networks WildFire™ work together to leverage the best-of-breed capabilities of each solution. The joint solution provides real-time visibility and compliance management of devices on your network, effective response to APTs and zero-day threats, and automation to efficiently and accurately mitigate APTs. ForeScout CounterACT is a pervasive network security platform that delivers visibility and automated control for devices, users, systems and applications that are connected to your network—wired or wireless, managed or unmanaged, PC or mobile. CounterACT monitors traffic on your network and uses patented ActiveResponse™ technologies to detect zero-day malware propagation internal to your network. ActiveResponse works without signatures and has proven to be effective against many zero-day threats such as Conficker, Zeus, and Stuxnet. Palo Alto Networks Wildfire platform offers an end-to-end approach to detecting modern cyber attacks and APTs that rely on stealth, persistence and the skilled avoidance of traditional security defenses throughout the lifecycle of the attack. The WildFire platform leverages a malware analysis environment in which new and unknown malware and exploits can run and be identified conclusively. Once an attack is detected, WildFire informs CounterACT of the affected systems and indicators of compromise (IOCs). When CounterACT learns about an infected system, it automatically takes whatever actions are defined by policy, including: • Quarantine the endpoint • Send endpoint configuration and security posture information • Trigger a third party system to initiate a vulnerability assessment scan • Trigger a third party endpoint remediation system • Notify the end-user and/or administrator via email or SMS
PALO ALTO NETWORKS: Technology Partner Solution Brief
About ForeScout ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks. The company’s CounterACT appliance dynamically identifies and assesses network users, endpoints and applications to provide visibility, intelligence and policy-based mitigation of security issues. ForeScout’s open ControlFabric technology allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout’s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at www.forescout.com.
In addition to taking action on the infected endpoint, CounterACT also retains the IOC information received from WildFire. Based on your policy, CounterACT can take additional actions including: • Scan other endpoints that are connecting or are connected to your network for the presence of the same infection. Additional endpoints on your network may have been compromised while on public networks or via infection pathways not monitored by WildFire.
About Palo Alto Networks We are leading a new era in security by protecting thousands of enterprise, government, and service provider networks from cyber threats with our game-changing security platform that natively brings together all key network security functions, including a next-generation firewall, URL filtering, IDS/IPS, and advanced threat protection. Because these functions are purposely built into the platform from the ground up and they natively share important information across the respective disciplines, we ensure better security than legacy firewalls, UTMs, or point threat detection products. With our platform, organizations can safely enable the use of all applications critical to running their business, maintain complete visibility and control, confidently pursue new technology initiatives, and protect the organization from the most basic to the most sophisticated cyber attacks—known and unknown. Learn more at www.paloaltonetworks.com.
• If CounterACT detects additional endpoints that have been compromised, it can quarantine them to prevent malware propagation and/or take additional actions as listed previously. CounterACT physical or virtual appliances deploy out-of-band, thereby adding no latency or potential for network failure CounterACT interoperates with your existing network infrastructure and is vendor-agnostic. It provides real-time visibility of devices and users as they connect to your network, without the need for agents.
4401 Great America Parkway Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788 Support: +1.866.898.9087 www.paloaltonetworks.com
Copyright ©2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_TPSB_WF_ForeSource_041715
