John Hagerty – EMEA Sales Director

Automated Security Control

• Founded in 2000

• HQ Cupertino California, R&D Tel Aviv Israel

• 44% year-over-year growth

– Leading independent vendor of Network Access Control

– #2 market share behind Cisco

• Global deployments

– Multiple vertical industries

– Very large deployments (>200,000 endpoints)

• Global Support – ‗Follow the sun‘

ForeScout Overview

ForeScout is a leading provider of automated security

control solutions for Fortune 1000 enterprises and

government organizations.

Gartner Leader - December 2011

―Magic Quadrant for Network Access Control‖,

December 8, 2011; Lawrence Orans and

John Pescatore; Gartner, Inc.

• A consistent record of growing faster than the

NAC market, and proven ability to win large deals

• The highest visibility among pure-play NAC

vendors, particularly in the government and

financial sectors

• Strong marks for scalability, with some of the

largest active deployments of all vendors

• Clientless approach that eases the support for a

wide variety of endpoints, particularly in BYOD

environments

• Users continue to cite ease of deployment and

flexible enforcement methods as a primary

selection criteria

Customers and Their Requirements

The Challenge: Balance Access Agility With Security

• Employees, Guests,

Contractors

• Smartphones and

personal devices

• Wireless, wired,

VPN

• Data loss

• Zero-day attacks

and malware

• Endpoint integrity

• Regulations and

compliance

Security

Access

Agility

Requires real-time,

comprehensive

visibility

Requires real-time,

automated controls

Large Customers in Each Product Segment

• Total purchases: $9.8M - Network Access Control (NAC) Customer

• Primary use: Block unauthorized users (per DISA requirement)

• Secondary use: Enforce policies (no USB memory sticks, etc.)

• Total purchases: $3.8M - Threat Protection, Endpoint Compliance, and NAC Customer

• Primary use: Segment network (federated organization)

• Secondary use: Block attacks, remediate endpoints, register guests

• Total purchases: $1.2M - Mobile Security Customer

• Primary use: Protecting and managing mobile consumer device

• Total purchases: $4.6M - Endpoint Compliance Customer

• Primary use: Manage endpoint compliance

• Secondary use: Block unauthorized users

• Total purchases: $2.4M - Endpoint Compliance Mobile Security Customer

• Primary use: Visibility, compliance reporting and automated endpoint remediation

• Secondary use: Mobile security, enabling‖ Bring Your Own Computer to Work‖

CounterACT – How It Works

Visible Not Visible

Limited Visibility Means Security Gaps

ForeScout Comprehensive Visibility

Endpoints

Network Devices

Applications

Corporate Resources

Antivirus out of date

Firewall installed but turned off

Encryption agent not installed

Protection Possible No Protection Possible

Users

Non-Corporate

ForeScout Provides Visibility and Control

.

ForeScout Automated Security

Control Platform Interoperable

Scalable Agentless

Knowledgebase

Mobile

Control

Network

Access Control

Endpoint

Compliance

• Block intrusions

and worms

• Detect infected

machines

Threat

Control • Find and fix

security gaps

• Enforce policies

• Track violations

• Register guests

• Limit access

• Block unauthorized

users and rogue

devices

• Detect and report

on mobile devices

• Restrict access

How It Works

ForeScout

CounterACT

• Out of band

• Clientless

• One appliance

Deploy at the Core

( ( ( ( ( ( (

See Grant Fix Protect

• What type of device?

• Who owns it?

• Who is logged in?

• What applications?

ForeScout

CounterACT

See Grant Fix Protect

• Grant access

• Register guests

• Block access

• Restrict access

( ( ( ( ( ( (

ForeScout

CounterACT

See Grant Fix Protect

Email CRM Web

Guest

Employee

Guest

Sales

See Grant Fix Protect

• Remediate OS

• Fix security agents

• Fix configuration

• Start/stop applications

• Disable peripheral

ForeScout

CounterACT

Blocked Admission and Advised What is Out of Compliance

See Grant Fix Protect

• Detect unexpected behavior

• Block insider attack

• Block worms

• Block intrusions

ForeScout

CounterACT

See Grant Fix Protect

MOVE & DISABLE RESTRICT ACCESS ALERT & REMEDIATE

Deploy a Virtual Firewall around an infected

or non-compliant device

Reassign the device into a VLAN with

restricted access

Update access lists (ACLs) on switches,

firewalls and routers to restrict access

Automatically move device to a pre-

configured guest network

Open trouble ticket

Send email notification

SNMP Traps

Syslog

HTTP browser hijack

Auditable end-user acknowledgement

Self-remediation

Integrate with SMS, WSUS, SCCM,

Lumension, BigFix

Reassign device from production VLAN to

quarantine VLAN

Block access with 802.1X

Alter login credentials to block access

Block access with device authentication

Turn off switch port (802.1X or SNMP)

Terminate unauthorized applications

Disable peripheral device

ForeScout & the IT-GRC Framework

Switches & Routers

Network Devices

Endpoints

IT Network Services

Smart Phones & Tablets

Firewall & VPN

Endpoint Protection

Wireless

Mobile / BYOD / MDM

• Lot‘s of players in MDM market – See Gartner

• Customers want to the cost savings

• Users want the flexibility

• Customers requirements today are predominantly straight

forward :

– Protect the network in an ‗open‘ environment

– Posture checking

– Password requirements

– Malware concerns

– Remote wipe / control

What does the market want today ?

―Enterprises must be prepared to manage and secure a

wide range of devices, some of which they don't own.

Multiplatform MDM tools are one way to achieve this.‖

―No matter what [BYOD] strategy is selected, the ability to

detect when unmanaged devices are in use for business

purposes will be required — and that requires NAC.‖

Gartner Recommendations

Gartner, ―NAC Strategies for Supporting BYOD Environments‖,

22 December 2011, Lawrence Orans and John Pescatore

Gartner, ―Top 10 Mobile Technologies for 2012 and 2013‖, 14

February 2012, Nick Jones

ForeScout Solution Options

ForeScout CounterACT

ForeScout CounterACT

+ ForeScout Mobile

ForeScout CounterACT

+ ForeScout Mobile

+ MDM (3rd party)

MDM (3rd party)

Operational Management • Provisioning • Cost management • Inventory

Network Security • Access control • Block threats • Stability

Device Security • Password • Remote wipe • Configuration enforcement • Detect rooted / jailbroken • Containerization

Unified security management

User impact Transparent Lightweight Varies Varies

Price $ $$ $$$* $$$$

*Assumes that a portion of the mobile devices are enrolled in a 3rd party MDM

system and the rest are managed by ForeScout Mobile Security Module.

ForeScout MDM

• Fast deployment

– Simple provisioning processes

– Intuitive user interface

• Effortless scalability

– Instantly turn up devices, users, apps

– Start small and easily expand up

• Automatic upgrades

– Continuous updates available instantly

– No ongoing maintenance

• Unmatched affordability

– Zero infrastructure needed

– All inclusive subscription price model

Agility of the cloud for the pace of change in mobility

Unified Visibility

Why ForeScout

We Win Awards ! Secure Computing November 2012

Slide 27

The Holy Grail

• Easy to deploy

– Clientless

– No infrastructure changes

– Everything in a single appliance

• Rapid time to value

– Complete visibility in hours or days

• 100% coverage (no blind spots)

– Users, devices, systems, VMs, apps

• Extensive range of automated controls

– Transparent, gentle, or aggressive

• Works with every network without costly upgrades

Why Customers Choose ForeScout

Primary Contacts

• John Hagerty – EMEA Sales Director

jhagerty@forescout.com +44 7739 732805

• Richard Cassidy – Senior EMEA SE

rcassidy@forescout.com +44 7834 336426

• Nikki Gagie – EMEA Inside Sales and Marketing

ngagie@forescout.com +44 1256 843633

Contacts

Thank You