Review: Monitoring IT, OT and IoT devices with ForeScout

ForeScout is one of a very few programs that can help to track and manage operational technology and IoT devices alongside of information technology. Everything from lighting controllers to HVAC units can be discovered and managed.

smart city - IoT internet of things - wireless network

Looked at very simplistically, most cybersecurity programs are simply trying to keep malicious programs from negatively affecting network assets. But to accomplish that, it helps to know exactly what those assets are, and how they might be vulnerable to different lines of attack. That is the key value that the ForeScout platform brings to cybersecurity. By accurately identifying every facet of connected devices, it can provide a big force multiplier for any existing security plan. And that visibility extends to both the internet of things (IoT) and information technology’s more blue-collar sibling, operational technology (OT).

ForeScout has been around for a long time, though they only recently pivoted and positioned their technology directly into the cybersecurity realm. Historically, most administrators probably recognize ForeScout as the makers of network access control (NAC) software. A secondary benefit to the ForeScout NAC platform was always a deep visibility into the devices that were being access controlled. Today, that is the main focus of the ForeScout cybersecurity platform.

The idea is that without good visibility, any cybersecurity program is going to have a difficult time dealing with permissions and weeding out legitimate threats from common false positives. ForeScout focuses on visibility first, and from that is able to natively provide asset management and compliance. By applying a security policy engine and partnering with other vendors, ForeScout can additionally provide network access control, network segmentation and a speedy or even automatic incident response capability.

Policy Control Graph John Breeden II/IDG

A helpful addition to the main interface, ForeScout provides a graphical view showing how created policies will trigger, and what kinds of devices will be affected.

ForeScout is installed in two main parts, an enterprise manager that houses the main user interface, and a scalable appliance that collects information about the various endpoints and devices being monitored. The appliances can be physical or virtual, and are designed to be installed dynamically however is most convenient for customers. For example, one could be placed at every branch office, or within a main data center, or whatever provides the most access to network resources. There is no limit on how many appliances the enterprise manager can track, and no agents ever need to be installed on endpoints.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)