forescout counteract integration with citrix xenmobile mdm ... · factors obtained from xenmobile...
TRANSCRIPT
ForeScout and Citrix | Solution Brief
ForeScout CounterACT Integration with Citrix XenMobile MDM Edition
citrix.com/ready
ForeScout and Citrix | Solution Brief
Improve Mobile Security and Unify Compliance ManagementForeScout has integrated its automated security control platform for network access control (NAC) and endpoint compliance with Citrix XenMobile™ MDM. With this joint solution, IT organizations obtain better security, compliance and control for all endpoints on an enterprise network.
ChallengesMobile Device Management systems are gaining rapid adoption among enterprises that wish to better manage the plethora of smartphones and tablets that are being used in corporate environments. MDM systems can help IT security managers secure the sensitive corporate data that is frequently stored on such devices. However, MDM systems by themselves do not address the following challenges:
• MDM systems can only see devices that have already been enrolled in the system. This leaves IT managers blind to unmanaged devices on the network.
• MDM systems primarily work with components and settings on the mobile endpoint and do not have visibility into the network. This means that they can’t limit where the user goes within the network.
• MDM systems typically do not manage all the personal devices that employees might want to use on the corporate network. For example, employee-owned Windows, Mac and Linux computers are typically outside the scope of MDM.
• MDM systems are often operated as a separate IT management silo, with a separate set of management screens, policies and reports.
Similarly, NAC is commonly used to control access to enterprise networks. This helps prevent data loss by preventing unsecured, unmanaged devices from having access to corporate data. But if your goal is to get corporate data onto the mobile device to empower your employees, NAC by itself is an insufficient security control. You also need to protect the data on the device itself with controls such as Mobile Device Management (MDM) and Mobile Application Management (MAM) that are provided by XenMobile MDM.
Analysts such as Gartner recommend that organizations consider using network access control (NAC) as a foundation for any BYOD security strategy, combined with technologies such as MDM and MAM to secure data on BYOD devices*.
The ForeScout-Citrix Joint SolutionForeScout CounterACT™ integrates with Citrix XenMobile MDM to address these challenges and complete the mobile security puzzle. Through this integration, you can leverage your existing XenMobile MDM system within the broader context of unified security control that ForeScout CounterACT provides.
ForeScout CounterACT is an appliance (either physical or virtual) that installs on premises, typically at the core of your network. From that location, the appliance monitors network traffic and integrates with your existing switches and wirelessaccess points. ForeScout CounterACT can detect devices the moment they try to connect to your network and can allow, block, limit, or redirect such devices depending on the security policies you choose to enforce.
* Gartner Magic Quadrant for Network Access Control, 3 December 2012, Lawrence Orans and John Pescatore.
Highlights• Improved Visibility
Gain real-time visibility of
all mobile devices that
are connected to your
network, including devices
that are not enrolled in
XenMobile MDM.
• Enhanced Security
Block unauthorized and
non-compliant devices
from your network.
Re-assess the security and
compliance status of each
mobile device the moment
it tries to access your
network.
• Operational Eficiency
Provide a seamless
enrollment process for
mobile devices to enroll in
XenMobile MDM the
moment they connect to
your network.
• Easier management and reporting
Unify network access
control policies and
compliance reporting for
all endpoints on your
network - personal
computers, servers and
handheld devices.
2
citrix.com/ready
“Enterprises must be prepared
to manage and secure a wide
range of devices, some which
they don’t own. Multiplatform
MDM tools are one way to
achieve this.”
Gartner, “Top 10 Mobile
Technologies for 2012 and
2013”, 14 February 2012,
Nick Jones
“No matter what {BYOD}
strategy is selected, the ability
to detect when unmanaged
devices are in use for
business purposes will be
required - and that requires
NAC.”
Gartner, “NAC Strategies for
Supporting BYOD
Environments”, 22 December
2011, Lawrence Orans
and John Pescatore
ForeScout and Citrix | Solution Brief
ForeScout CounterACT communicates bi-directionally with XenMobile and can query XenMobile MDM for device attributes - “Is this device enrolled? Is this device compliant?” This information can be used by CounterACT as a basis fordeciding whether to allow the device onto the network.
When used in conjunction with XenMobile MDM, ForeScout CounterACT provides:
• Automatedreal-timedetection of mobile devices the moment they connect to your network, regardless of the type of device, and regardless of whether it has been enrolled in XenMobile MDM.
• Seamlessenrollment and installation of XenMobile MDM agents on unmanaged devices by initially placing them in a limited access network, directing them to an installation web page, and then allowing access once the device has passed all required compliance checks.
• Just-in-timecompliancechecks triggered by CounterACT the moment a device connects to the network. Through the bi-directional integration, CounterACT tells XenMobile MDM to immediately re-assess the device, and CounterACT then bases its network access decision on the result of that assessment.
• Policy-basedblocking of unauthorized users and devices from the network, as well as enforcing any limits you want on authorized devices. ForeScout CounterACT can base network access control decisions on many different factors obtained from XenMobile MDM, including the type of device, operating system, ownership (corporate vs. BYOD), compliance status, enrollment in XenMobile MDM, and many other factors.
• Unifiednetworkaccesspolicymanagementandcompliancereporting for all endpoint devices - PCs, Macs, smartphones, tablets and others.
• Guestaccessfor personal mobile devices can be enabled by setting up a guest network and using ForeScout CounterACT’s built-in guest registration system. Once a guest has been approved, CounterACT can dynamically enforce your security policies, such as restricting the user’s access to just the Internet.
• Continuousprotectionfrominfected, compromised, jailbroken or rooted devices. If malware on a mobile device tries to propagate or interrogate your network, ForeScout CounterACT will detect the malicious behavior, block the threat, and quarantine the device.
3
citrix.com/ready
ForeScout and Citrix | Solution Brief
Fig 1. ForeScout CounterACT retrieves detailed mobile device information from XenMobile MDM, tracks mobile device compliance posture, and triggers network enforcement as required.
Corporate HeadquartersFort Lauderdale, FL, USA
India Development CenterBangalore, India
Latin America HeadquartersCoral Gables, FL, USA
Silicon Valley HeadquartersSanta Clara, CA, USA
Online Division HeadquartersSanta Barbara, CA, USA
UK Development CenterChalfont, United Kingdom
EMEA HeadquartersSchaffhausen, Switzerland
Pacific HeadquartersHong Kong, China
About Citrix ReadyCitrix Ready identifies recommended solutions that are trusted to enhance the Citrix Delivery Center infrastructure. All products featuredin Citrix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industryleading alliances and partner eco-system, Citrix Ready showcases select trusted solutions designed to meet a variety of business needs.Through the online catalog and Citrix Ready branding program, you can easily find and build a trusted infrastructure. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability.Learn more at www.citrix.com/ready.
About ForeScoutForeScout Technologies is a leading provider of automated security control solutions for Global 1000 enterprises and government organizations. ForeScout’s automated solutions for network access control, mobile security, threat prevention and endpoint compliance empower organizations to gain access agility while preempting risks and eliminating remediation costs. ForeScout CounterACT has been chosen by over 1400 of the world’s most secure enterprises and military installations for global deployments spanning 37 countries. The company delivers its solutions through its network of authorized partners worldwide. Learn more at http://www.forescout.com
©2013 ForeScout Technologies, Inc. All rights reserved. ForeScout Technologies, the ForeScout logo and CounterACT are trademarks ofForeScout Technologies, Inc. All other trademarks are the property of their respective owners. FS-SB022013
©2013 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Receiver™, HDX™, CloudGateway™, XenDesktop®, XenApp™, NetScaler® and XenVault™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.
4
citrix.com/ready