forescout security for k-16 sector - exclusive networks...agenda 2 1. k-16 education technology...

ForeScout Security for K-16 Sector

Agenda

2

1. K-16 Education Technology Trends

2. The Emergence of IoT and BYOD in the Education Landscape

3. Cyberattacks in the Education Space

4. Challenges with the Traditional Security Landscape

5. ForeScout Solution

6. Summary

Agenda





6. Summary


K-16 Education Trends

4

Goals

• Improve student achievement and outcomes

• Teach 21st century skills Enhance Student Engagement –Digital Learning

• Digital content

• Online assessments

• Blended and online learning

Drive Technology Infrastructure Readiness

• Increased BYOD usage

• IoT devices entering through facilities upgrades and wearables (iwatch, fitbits)

Reference acronym glossary at the end of presentation

Goals

Enhance

Drive

The Classroom is a Different Place Today

5Reference acronym glossary at the end of presentation

Source: “Learning Counsel 2015 National Digital Curriculum Strategy Survey.”

48%

Of teachers use digital curriculum

and content ¼ – ½ of the time

24%

Have students turn to digital resources > ½ of the time

44%

Of students take instruction online

Devices, Students and the Cybersecurity Team

6

Texas School Districts website

40K-80K devices

40K students

4 cybersecurity staff


,

School districts have a

mix of traditional,

BYOD and IoT devices

A sample mix from a school district in Texas

https://nces.ed.gov/ccd/districtsearch/district_list.asp?Search=1&details=1&InstName=&DistrictID=&Address=&City=&State=48&Zip=&Miles=&County=&PhoneAreaCode=&Phone=&DistrictType=1&DistrictType=2&DistrictType=3&DistrictType=4&DistrictType=5&DistrictType=6&DistrictType=7&DistrictType=8&NumOfStudents=40000&NumOfStudentsRange=more&NumOfSchools=&NumOfSchoolsRange=more

IT Security Pain Point: Big Network Without a Big Budget

7

Source: Based on ForeScout customer engagement experience

A small security team needs to manage a big Enterprise size network but

without the corresponding staff strength

X-Factor, the ratio of number of devices to number of employees in an

Enterprise, is typically 3.5X

X-Factor in Educational institutions can be as high as 10X to 20X

Agenda





6. Summary


BYOD Devices are Increasing on Campus

BYOD includes chrome books,

smart phones, tablets, laptops,

iwatches, fitbits and gaming

consoles among others

Facilities Upgrades are Bringing in IoTDevices

10

DISASTROUSCause irreversible damage

DISRUPTIVE

Disrupt corporate andoperational processes.

DAMAGINGEnable information stealing

Illegal remote monitorig

Tampering with temperature controls

Spying via video and microphone

Accessing classified information

Obtaining user credentials

Source: ForeScout IoT Enterprise Risk ReportReference acronym glossary at the end of presentation

Extracting Wi-Fi credentials to carry out further attacks

Snooping on calls

Many IoT and

BYOD devices

lack basic

security

features


IoT and BYOD Devices are Vulnerable

11

Many IoT and

BYOD devices

cannot be

patched

Many IoT and

BYOD devices

run on outdated

or unsupported

software

Many IoT and

BYOD devices

cannot host an

agent

IP-Connected Security Systems

An Example of IoT Device Risks

12

Many use proprietary radio

frequency technology that lack

authentication and encryption.

Attackers can form radio signals

to send false triggers and

access system controls.

User compute capability to ex-filtrate

large amounts of datas.

Disable camera to allow physical

break in.

Hijack camera to spy on employees

usage of computers, passwords,

applications, designs.

DISASTROUS


Use as launching point for DDoS

attacks.

Agenda



3. Cyberattacks in the Educational Space



6. Summary

Per Capita Cost of Data Breach in USA

14IBM Ponemon report: Cost of a data breach

$177Media

$220Education

$264Financial

$301Life Science

Educational info includes staff payroll and HR info, licensed digital educational content, budget info, student behaviour records, student medical records, student grades, research work and personnel information


https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03094usen/SEL03094USEN.PDF

Security Challenges

15

A breach can disrupt

learningThis opens up

vulnerabilities

Hackers have a

financial incentive to

steal information

Schools are

worried about

insider attacks

Increased online learning

Guests have access to same school network

Curious students launch cyberattacks on school networks

Sensitive staff and student information


Assessments, education apps, digital contentStudents access restricted content

To change grades, watch

commercial copyrighted content

for free, watch unsafe content

Cybersecurity in the Education Sector


Source: 2016 Verizon Internet Data Breach Report;

Huffington Post

254 reported security

incidents in the education

sector according to

Verizon’s 2016 Internet

Data Breach Report

http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf

http://www.huffingtonpost.com/entry/americas-schools-have-a-big-cybersecurity-problem_us_57bf0366e4b06384eb3e770b

IoT University Breach in the News


Source: Network World

http://www.networkworld.com/article/3168763/security/university-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.html

Well Known Cyber Breaches in Education

18Huffington Post

300K records breached in University of Maryland

300K records breached at North Dakota University

200K records breached at Butler University

146K records breached at Indiana University

4.5M records breached in UCLA Health system

http://www.huffingtonpost.com/entry/americas-schools-have-a-big-cybersecurity-problem_us_57bf0366e4b06384eb3e770b

Agenda





6. Summary


Many New Devices will be Vulnerable to Attacks

Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods

20

Source: Gartner, BI Intelligence, Verizon, ForeScout

Managed

Devices

Unmanaged

Devices

2010 2012 2014 2016 2018 2020

By 2020: 20+ BillionUnmanagedConnected Devices66%

of all networks will have an

IoT security breach by 2018


Pre- vs. Post-Connect Access Control Solutions

21

Pre-Connect

Post-Connect

Hybrid Complete

Validates the device and user(s)

remain compliant after the

connection is granted then verfied

immediately and throughout the

“lifecycle” of the connection

One Solution provides pre-and post-connect protection

One solution provides pre-

connect and another provides

post-connect protection

Validates the device and user(s)

are compliant with organizational

policies and standards at the

time access is granted to a

production network


Of the listed solutions, Pre-Connect Solutions provide the weakest protection for your organization

Reason #1 – Lack of Effective Scope

Why 802.1X Access Control Solutions Fail


Agent and or 802.1X

Supplicant

Undiscovered /

Rogue or Mac

Authentication

Bypass

Undiscovered/ Unsupported Devices

Discovered/ Supported Device

Reason #2 – Bypassing Access


• Similar to a bouncer outside of a club entrance 802.1X

– Verifies the identity of the user

– Validates the identity of the connecting host

• Once validated, devices are allowed onto the network

• Considering IoT alone, 802.1X at best provides access control, with gaps in coverage that are expected to grow in size and frequency


Similar to the bouncer at the door, 802.1X must rely on others to maintain

secure and expected behavior once access has been granted

Reason #3 – Little or No Post-Connect Protection



Behavioral Control

Cyber Hygiene Management

Device Populations Unprotected via M.A.B.

Limited asset visibility and Situational Awareness

Protection and advanced detection often require agents

Network Access Control

Agenda





6. Summary

3. Cyberattakcs in the Education Space

Many IoT Devices Are Vulnerable

26

ForeScout’s agentless solution helps overcome these limitations


Many IoT and

BYOD devices

lack basic

security

features

Many BYOD

and IoT

devices cannot

be patched

Many BYOD

and IoT devices

run on outdated

or unsupported

software

Many BYOD and

IoT devices

cannot host an

agent

See

27

CONTINUOUS

AGENTLESS

Not VisibleVisible

See withIoT

Manageable with an

Agent

Non-

Traditional/IoT

Computing Devices

Network Devices

Applications

Antivirus out-of-date

Broken agent

Vulnerability


Who are you?

Who owns the device?

What type of device?

Where/how are you

connecting?

What is the device

hygiene?

Many IoT devices are invisible to the traditional security systems

Control

28

Restrict

Comply

Notify

Less Privileged

Access

Guest

Network

Corporate

Network

Quarantine

Data Center

AUTOMATED

POLICY-DRIVEN


Orchestrate

Reference Acronym Glossary at the end of presentation29

MAXIMIZE EXISITING

INVESTMENTS

BREAK DOWN SILOS

Share Contextual

Insights

Automate

Workflows

Automate

Response Actions

VENDOR OPTIONS

*As of April 2017

ATD SIEMEMM EDR/EPP NGFW VAITSM

11

2

3

4

5

Access Privilege and Auto-Remediation Capabilities

30Reference acronym glossary at end of presentation

See corporate, BYOD, IoT, rogue devices.

2

3

4

5

Corporate DevicesBYOD Devices Rogue DevicesIoT Devices

Firewall SIEM ATD VA Endpoint Patch EMM

Internet

Detect transient devices and trigger real-time vulnerability scans

Automate enrollment for guests and BYOD including mobile devices

Trigger update and patches on managed endpoints

Rapidly respond to incidents, without human intervention

Control network access based on user, device, policy

66

Why ForeScout?

31

ForeScout listed

as

representative

vendor in

Gartner IoT

Market Guide

IDC Paper: https://www.forescout.com/idc-business-value/

Faster

Time To

Value

10

24% more devices discovered

18% more devices in compliance

42% reduction in network-related breaches

38% reduction in device-related breaches

24%

18%

42%

38%

Security Benefits of a ForeScout Solution

IDC interviewed 7 ForeScout customers, and on an average, benefits were

Business Benefits of a ForeScout Solution

$2M average savings

392% ROI over 5 years

13 months to break even



IDC interviewed 7 ForeScout customers, and on an average, benefits were

Average benefits

for an organization

with 43K devices

A Customer Success Story: Secure Heterogeneous Environments; Integrate Two Networks

34

1

Implementing 802.1X became very cost-prohibitive and complex2

M&A brought in a hybrid IT environment with mix of 802.1X, non-

802.1X, various device hygiene, device types and applications

3

ForeScout immediately brought in higher value and ROI, turning a

3 year complex integration project into a 2 year success story.

ForeScout’s agentless approach and ability to plug into the

network out of band reduced integration effort

A Customer Success Story: Example of Containment of an Attack

35

1

Location of the system had to be determined quickly to contain

the problem2

Alert received in the endpoint security system of a computer

infected with ransomware

3

Before ForeScout, it took 30 mins or longer to locate a device and disable it,

now it is done in real time. ForeScout also cut down on staff time as the team

only had to re-image one device compared to multiple if the virus had spread.

ForeScout determined the system location and removed it from the

network in real time

A Customer Success Story: Example of Fast Remediation

36

1

Report shows assets on network that are not reporting to Asset

Management system2

Weekly threat report is generated to show risk level

ForeScout helps IT team remediate by locating and registering

these devices3

ForeScout reduced time to remediate by 83% (3 hours to 30 mins).

Scale

1M+ Devices in a single

deployment

Engineering

3x Increase

in ForeScout R&D

Customers

2500+ In over

70 countries

Service

87 NPS Net Promoter

Score

ForeScout Accolades

37

Gartner IoT Security Market Guide

Gartner, 2016

JP Morgan Chase Hall of Fame Innovation Award for Transformative

Security TechnologyJPMC, 2016

Cloud100 World’s Best Cloud CompaniesForbes, 2016, 2017

Deloitte’s Fastest Growing Companies in North America

Deloitte, 2016

20 Fastest Growing Security Companies

The Silicon Valley Review, 2016

Gartner NAC Market Guide

Gartner, 2016

Excellence Award for Threat Solutions

Gartner, 2016

Computer Reseller News Top Security Company

CRN, 2016

Inc. 5000 Fastest Growing Companies

Inc. 5000, 2016

9 Hot Cybersecurity Startups

Nanalyze, 2016

Agenda





6. Summary


Do you know how many

devices are in your

network?

Request a ForeScout

POC to find out.

Summary

39

ForeScout’s agentless approach has helped companies discover on an average 24% more devices

on their networks – IDC Report.

BYOD and IoT devices are entering Educational institutions in a

big way.

Many BYOD and IoT devices lack basic security features and

are invisible to traditional security systems, posing bigger

security risk!

Many organizations underestimate number of BYOD and IoT

devices in their networks thereby opening up vulnerabilities.


Questions?

Acronym Glossary

AAA Authentication, Authorization and Accounting

ACL Access Control List

ACS Access Control Server [Cisco]

AD Active Directory

ANSI American National Standards Institute

API Application Programming Interface

ARP Address Resolution Protocol

ATD Advanced Threat Detection

ATP Advanced Threat Prevention

AUP Acceptable Use Policy

AV Antivirus

AWS Amazon Web Services

BYOD Bring Your Own Device

C&C Command and Control

CA Certificate Authority

CAM Content Addressable Memory

CASB Cloud Access Security Broker

CCE Common Configuration Enumeration

CDP Cisco Discovery Protocol

CEF Cisco Express Forwarding

CIS Center for Internet Security, Inc.

CIUP Cumulative Infrastructure Update Pack

CLI Command Line Interface

CMDB Configuration Management Database

CoA Change of Authorization

CPPM ClearPass Policy Manager

CPU Central Processing Unit

CSC Critical Security Controls

CSV Comma Seperated Value

CUP Cumulative Update Pack

CVE Common Vulnerabilities and Exposures

DB Database

DDoS Distributed Denial of Service

DHCP Dynamic Host Configuration Protocol

DLP Data Loss Prevention

DNS Domain Name Server

EDR Endpoint Detection and Response

EM Enterprise Manager

EMM Enterprise Mobility Management

ePO ePolicy Orchestrator

EPP Endpoint Protection Platform

FERC Federal Energy Regulatory Commission

FIPS Federal Information Processing standards

FQDN Fully Qualified Domain Name

FTP File Transfer Protocol

FW Firewall

GCP Google Cloud Platform

GPO Group Policy Object

GUI Graphical User Interface

HA High Availability

HBSS Host Based Security System

HIP Host Information Policy [Palo Alto Networks]

HIPAA Health Insurance Portability & Accountability Act

HITECHHealth Information Technology for Economic and

Clinical Health

HITRUST Health Information Trust Alliance

HPS Host Property Scanner

HR Human Resources

HTML Hypertext Markup Language

HTTP Hypertext Transfer Protocol

IaaS Infrastructure as a Service

ICMP Internet Control Message Protocol

ID Identification

IDaaS Identity as a Service

iDRAC Integrated Dell Remote Access Controller

IM Instant Messaging

IMAP Internet Message Access Protocol

IOC Indicator of Compromise

iOS iPhone Operating System [Apple]

IoT Internet of Things

IP Internet Protocol

IPMI Intelligent Platform Management Interface

IPS Intrusion Protection System

ISE Identity Services Engine [Cisco]

IT Information Technology

ITAM Information Technology Access Management

ITSM Information Technology Service Management

LAN Local area Network

LDAP Lightweight Directory Access Protocol

LLDP Link Layer Discovery Protocol

MAB Mac Authentication Bypass

MAC Media Access Control

MAPI Messaging Application Programming Interface

MDM Mobile Device Management

MTP Mobile Threat Prevention [FireEye]

MTTD Mean Time to Detection

MTTR Mean Time to Resolution

NA Not Applicable

NAC Network Access Control

NAT Network Address Translation

NBT NetBIOS over TCP/IP

NERC North American Electric Reliability Corp.

NetBIOS Network Basic Input/Output System

NGFW Next-Generation Firewall

NIC Network Interface Card

NIST National Institute of Standards and Technology

Nmap Network Mapper

NOC Network Operations Center

OS Operating System

OT Operational Technology

OU Organizational Unit

OVAL Open Vulnerability and Assessment Language

P2P Peer-to-Peer

PAM Privileged Access Management

PAN OS 7.x Palo Alto Networks Operating System 7.x

PC Personal Computer

PCI Payment Card Industry

PKI Public Key Infrastructure

PoE Power over Ethernet

POP3 Post Office Protocol

pxGrid Platform Exchange Grid [Cisco]

RADIUS Remote Authentication Dial-In User Service

RAP Roving Analysis Port

RDP Remote Desktop Protocol

Reauth Reauthorization

RI Remote Inspection

RM Recovery Manager

RMM Remote Monitoring and Management

RO Read Only

ROI Return on Investment

RPC Remote Procedure Call

RRP Remote Registry Protocol

RTU Remote Terminal Unit

RW Read/Write

SaaS Software as a Service 41

Acronym Glossary

SANSSystem Administration, Networking and Security

Institute

SCADA Supervisory Control and Data Acquisition

SCAP Security Compliance Automation Protocol

SCCM System Center Configuration Manager

SDN Software Defined Network

SEL System Event Log

SGT Security Group Tags [Cisco]

SGT Security Group Tags [Cisco]

SIEM Security Information and Event Management

SMS Short Message Service

SNMP Simple Network Management Protocol

SOC Security Operations Center

SOX Sarbanes-Oxley

SPAN Switch Port Analyzer

SQL Structured Query Language

SSH Secure Shell

SSID Service Set Identifier

SSL Secure Sockets Layer

SSO Single Sign On

STIG Security Technical Implementation Guide

SYSLOG System Log

TACACS Terminal Access Controller Access Control System

TAM Threat Assessment Manager [FireEye]

TAP Threat Analytics Platform [FireEye]

TCO Total Cost of Ownership

TCP Transmission Control Protocol

TIP Threat Intelligence Platform

TLS Transport Layer Security

UBA User Behavior Analytics

UDP User Datagram Protocol

URL Universal Resource Locator

USB Universal Serial Bus

VA Vulnerability Assessment

vCT Virtual CounterACT

VDI Virtual Desktop Infrastructure

vFW Virtual Firewall

VGA Video Graphics Array

VLAN Virtual Local Area Network

VM Virtual Machine

VoIP Voice over IP

VPN Virtual Private Network

WAF Web Application Firewall

WAN Wide Area Network

WAP Wireless Application Protocol

WMI Windows Management Instrumentation

WSUS Windows System Update Services

XCCDFThe Extensible Configuration Checklist Description

Format

XML Extensible Markup Language

42

• College spans 850 acres, 64 buildings

• ForeScout empowers schools to automate tasks, improving staff operational efficiency and effectiveness. For example, Tampa Bay-based Hillsborough Community College recently implemented ForeScout technology to better protect its networks. Doing so reduced the need for the college to reimage infected computers. IT staff now reimages only 1.5 systems per month compared to 20 to 25 each month before the college implemented ForeScout.

• “It takes a support tech five to six hours to reimage the system and restore the user’s documents, files and applications,” says Ken Compres, Hillsborough’s senior network security and integration engineer/chief security officer. “Moreover, the user is unproductive during that time, so you are literally wasting 12 hours per incident. That’s a 240- to 300-hour productivity gain per month.”

• CounterACT lets customers automate visitor enrollment while enforcing policy compliance. This is particularly important in college environments where students use multiple device types on any given day that vary wildly in terms of compliance levels.

• When a user attempts to log on via one of the college’s wireless access points, the access point queries CounterACT for 802.1X authentication. The college also allows

43

• “One of our systems became infected with CryptoLocker ransomware. As soon as it tried to communicate with the command and control server to begin propagating the ransomware across the network, FireEye saw this and immediately informed CounterACT, which blocked communications by dropping the infected system’s port. CounterACT alerted me—it was amazing to watch the scenario unfold. Upon losing their connection, the user tried to connect to four different ports. CounterACT immediately blocked them all. This malware could have encrypted all of our data files accessible to this user—including network shares and documents—across our network. In the end, we had to only reimage one system.”

• In a more recent example, a Hillsborough user downloaded a malicious payload via email. “It was a zero-day payload that our antivirus software missed. Immediately, we started seeing a higher-than-normal volume of email being sent from that user’s mailbox. The integration we have with ForeScout and FireEye quickly determined the system was attempting malicious attacks against other network resources and allowed us to stop the system before it caused any damage.” And without FireEye integration? As Compresexplains, “That same attack hit a neighboring county and brought down a critical departmental email server for two days.”

44

forescout security for k-16 sector - exclusive networks...agenda 2 1. k-16 education technology...

Documents