On January 5th, 2017 ForeScout announced its new Splunk integration for faster response.
ForeScout whose CounterACT® technology powers Konsultek’s KNACMAN Managed service has rapidly evolved into one of the top IoT security firms in the world. ForeScout’s CounterACT is the preeminent solution for endpoint verification and the integration with Splunk Enterprise and Splunk ES takes it to a whole new level.
Taming the IoT
The number of “Things” integrating into the Internet is expanding at a geometric rate. Printers, rounters, medical devices, automobiles, refrigerators… the list is nearly endless. This also means that the number of potentially untracked and unguarded entry points for cybercriminals is growing at an exponential rate and that is why this integration is so powerful.
The ForeScout-Splunk integration “enables customers to leverage high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritization.”
“ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk’s Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organizations better combat advanced attacks through a unified defense.”
The Advantages to the End User
Customers gain improved correlation and incident prioritization based on ForeScout data such as:
- Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT;
- Device profiling and classification information;
- Device security posture and compliance gaps, and
- Network authentication, access and location information.
Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:
- Enable Splunk software to delegate alert mitigation actions in real-time;
- Take network actions to quarantine, isolate or limit access of IP-connected devices;
- Initiate remediation and threat mitigation actions on a broader range of devices, and
- Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions.
Want to Learn More?
Thought so! We’ll be holding a Tech Tuesday webinar to spotlight this integration in the next few weeks. In the meantime, feel free to call us to discuss how this integration and what it can mean to your organization.