Dynamic endpoint protection by McAfee and ForeScout
ForeScout Technologies and McAfee, part of Intel Security, have partnered to provide a new and enhanced interoperability between ForeScout CounterACT and McAfee solutions.
The integration will combine the abilities of ForeScout products, McAfee products and the McAfee Data Exchange Layer (DXL) to enable customers to protect infrastructure while supporting initiatives such as bring your own device (BYOD). ForeScout CounterACT will leverage the McAfee Threat Intelligence Exchange (TIE) to make enforcement and remediation decisions based on relevant security information shared between endpoints, gateways and other security products. This rapid information dissemination is part of a more proactive, integrated approach to fortifying a security posture.
ForeScout’s pervasive network security platform, CounterACT, enables IT organizations to efficiently address network visibility, access control, endpoint compliance and threat management challenges in today’s increasingly complex enterprise networks. McAfee TIE solutions combining ForeScout CounterACT and other McAfee products include:
McAfee Threat Intelligence Exchange (TIE) and Data Exchange Layer (DXL) Interoperability – ForeScout will demonstrate CounterACT interoperability with McAfee TIE by leveraging McAfee DXL and how CounterACT can onboard a BYOD laptop and verify the hashes of running processes against the McAfee TIE’s file reputation repository. CounterACT can then apply appropriate access policy and remediation actions based on whether or not any malicious files are detected. This interoperability showcases how organizations can extend their security controls to BYOD laptops that may not be running McAfee endpoint protection agents.
McAfee ePolicy Orchestrator (ePO) Software Integration – Updated to support McAfee ePO 5.1.1, CounterACT integrates bi-directionally, consuming information about endpoint properties and notifying McAfee ePO of changes. Both systems can then take action. For example, CounterACT detects devices as they connect to the network, validates that the device and user are authorized, and then assesses the device security posture, including whether or not the McAfee ePO host agent is installed, running and up-to-date. When non-compliance is identified, CounterACT can inform McAfee ePO to take action, or CounterACT can attempt to remediate the violation directly. In addition, ForeScout will showcase how CounterACT can take quarantine actions based on malware or other violations detected by McAfee ePO software, including new malware detections identified using McAfee TIE.
McAfee Vulnerability Manager (MVM) integration – The new integration between ForeScout and MVM harnesses CounterACT’s real-time network visibility and automated controls for more comprehensive, efficient and timely vulnerability assessment and risk mitigation. CounterACT informs McAfee MVM as soon as a device connects to the network, thereby enabling real-time vulnerability scanning of endpoints, including transient devices that may be missed by periodic polling. CounterACT then leverages the real-time MVM scan information for policy-based access control and remediation, such as quarantining or remediating vulnerable systems. This integration supports MVM version 7.5 and above.
Interoperability for McAfee ePO versions 4.6 and 5.1 or higher is available to customers who are licensed and have maintenance for the ForeScout ePO Integration Module. Interoperability with MVM is available to those customers who have licensed the ForeScout Vulnerability Assessment Integration Module. McAfee TIE and DXL interoperability is planned for commercial availability in 2015.