Forescout Technologies Inc., a global provider of automated cybersecurity, has introduced Forescout XDR, to help enterprises better detect, investigate and respond to the broadest range of advanced threats, across the extended enterprise.
A typical SOC is inundated with 450 alerts per hour, and analysts waste valuable time trying to correlate low-fidelity alerts and chasing down false positives, often at the expense of focusing on legitimate attacks. Until now, the field of view of a security operations center (SOC) for threat detection and response has excluded critical devices that are increasingly common attack points, including operational technology (OT), security systems, industrial control systems (ICS), building management systems (BMS), and IoT and medical devices. Additionally, the technology stack that SecOps teams have had to rely on has made it difficult to respond to these threats quickly.
“The true value of an XDR solution lies in its ability to ingest telemetry and data from across the enterprise: cloud, campus, remote and data center environments, and all managed and unmanaged connected devices. After all, that’s what the X in XDR is all about,” says Justin Foster, CTO, Forescout. “Traditional XDR products either lack this capability, or only leverage data from the vendor’s own EDR or some other security tools. This significantly limits the flexibility, scalability and efficiency that an XDR solution must provide.”
Through the advanced application of data science and automation, Forescout XDR generates a high-fidelity alert that truly warrants analyst research, out of every 50 million records ingested per hour. Because Forescout XDR is vendor and EDR agnostic, this ingest includes data from more than 170 security, infrastructure, application, cloud/SaaS, and enrichment sources, and dozens of vendors. And with more than 70 threat intelligence feeds and 1,500 verified detection rules and models, and built-in data aggregation, Forescout XDR clients can be up and running in a matter of hours, actively detecting, investigating, and responding to threats.
“Forescout XDR, with the breadth and richness of its capabilities, particularly its dashboards and reports, provides an out-of-the-box solution for SOC challenges we spend 18-24 months trying to address,” says Samer Mansour, CISO, Panasonic Corporation of North America. “It was easy to implement and fully operational in a matter of weeks. And with its tight integration with Forescout’s network security and visibility solutions, and our broader security technology stack, it gives us the ability to exercise much more control over our IT and OT environments, and further elevate our security. general”.
Next, integration with Forescout’s network access control solution helps ensure that customers can:
- Reduce the attack surface, and the risk of an attack in the first place, by preventing compromised or non-compliant devices from connecting to your networks. XDR’s proactive approach further elevates the efficiency and performance of a modern SOC.
- Automate responsive workflows that can immediately touch all connected managed and unmanaged devices, across the enterprise. This reduces the blast radius of an attack in real time, allowing appropriate mitigation or remediation measures to be completed.
Because Forescout XDR has a multi-tenant architecture and supports local data storage, while being able to provide an aggregated global view of threats and SOC performance, it is ideal for large enterprises, multinationals, organizations with regional SOCs, and services. managed security. providers (MSSPs).
SaaS licensing is based on the total number of endpoints in the company. As such, customers have the flexibility to leverage the data sources needed to fully support the use cases important to them and help ensure better detection, without worrying about rising or fluctuating costs associated with storing records on the cloud.
Comment on this article below or via Twitter: @IoTNow_EITHER @jcIoTnow