1 / 15

Fore Scout Technologies Inc.

Fore Scout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout. ActiveScout Solution. ActiveScout solution provides: Preemptive identification of potential attackers Accurate identification of potential attackers to reduce false positives to zero

brock
Télécharger la présentation

Fore Scout Technologies Inc.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout

  2. ActiveScout Solution • ActiveScout solution provides: • Preemptive identification of potential attackers • Accurate identification of potential attackers to reduce false positives to zero • Automatic action to block attackers in real time • Minimal installation and daily operational costs

  3. Evolution of Perimeter Protection Firewall Provides robust staticsecurity according to predefined policies

  4. Evolution of Perimeter Protection IDSSends alerts when attack is recognized and already through the firewall

  5. Evolution of Perimeter Protection Frontline Network Defense ActiveScoutProvides accuratedetection and blockage of known and unknownattacks beforethey reach the network

  6. Attacker Router Typical Attack Process without ActiveScout Port Scan launched Internet Firewall The majority of network attacks are preceded by reconnaissance activity. In this example, a port scan is used. These recon techniques seldom change. IDS Enterprise

  7. Attacker Router Typical Attack Process without ActiveScout Network responds with legitimate, available services Internet IDS Firewall The network sends information about hosts and services in response to the recon. This information may be used to subsequently exploit the network. Enterprise

  8. Attacker Exploit is launched Router Typical Attack Process without ActiveScout Internet IDS Firewall Utilizing the network information received, the attacker uses existing or new exploits to attack network hosts and services and effectively breaks into the network. Enterprise

  9. Attacker Port Scan launched Router ActiveScout Frontline Network Defense ActiveScout Console ActiveScout Internet Firewall The attacker uses reconnaissance techniques, a port scan in this example, to discover potentially vulnerable network resources. IDS Enterprise

  10. Attacker Router Internet ActiveScoutFrontline Network Defense ActiveScout Console ActiveScout ActiveScout respondswith virtual services Network responds withavailable services IDS Firewall ActiveScout identifies recon activity and watches for the network to respond. It then generates marked traffic that is sent back to the potential attacker. This traffic is not distinguishable from legitimate network traffic. Enterprise

  11. Attacker Exploit is launched ( ) ( • ) Router Internet ActiveScoutFrontline Network Defense ActiveScout Console ActiveScout IDS Firewall When the attacker next uses the marked information to launch an exploit, ActiveScout with ActiveResponse technology then identifies the marked traffic. The attack is accurately identified and optionally blocked by ActiveScout or the firewall if desired. Enterprise

  12. ActiveResponse Technology • Patented technology that: • Identifies all reconnaissance activity • Replies to the recon attempt with an authentic-looking response, created on the fly and registered within ActiveScout • Identifies potential attacks based on this ‘marked information’ and optionally blocks them, regardless of attack method • Result: Accurately identifies attackers and then prevents them from implementing new and/or existing attacks against the network.

  13. ActiveScout Solution • Distinguishes real attacks from the noise • Scarce security resources are focused on the real crises and do not waste time on false positives • Identifies ‘low and slow’ attacks • Provides Closed Loop Perimeter Protection • After identifying an attacker ActiveScout can optionally: • Automatically block attackers • Have the firewall automatically block • Update all ActiveScouts when an attacker has been identified to provide automatic perimeter lockdown

  14. ActiveScout Management • “At-a-glance” attack situation display • Map identifies attacker location • Shows both current & historical data for trend analysis • Generates historical management reports • Enterprise Console consolidates information from multiple ActiveScouts

  15. Summary • The ActiveScout solution utilizes patented ActiveResponse technology to provide Frontline Network Defense that • Eliminates false positives • Prevents Unkown attacks • Reduces OpEx through automation • Provides Enterprise wide protection

More Related