\u201cIn 2013, we estimated that the NAC market was 350 million dollars, which was an increase of about 55-percent over 2012,\u201d says Lawrence Orans, Research Vice President, Gartner, Inc. According to Orans, Gartner expects that growth to slow in 2014, with an estimated increase of 45-percent over 2013 numbers. Burgeoning enterprise BYOD concerns have been the major drivers in that growth, says Orans. NAC vendor ForeScout is integrating its capabilities with those of Invincea in order to further abate those concerns.[Containerization and mobile threats]\u00a0A new BYOD protection approach combines ForeScout\u2019s CounterACT NAC technology with Invincea\u2019s FreeSpace containerization technology in order to better protect corporate data. In this partnership, ForeScout offers what it describes as a control fabric for security and an architecture- and process- based approach to protecting BYOD, based on industry standards rather than isolated proprietary technologies. The control fabric works in tandem with network junctions such as firewalls and switches, where it collects data and controls \/ initiates the network\u2019s response to attacks and infections.Invincea\u2019s security analytics increase the value and effectiveness of the partnership. \u201cOur security analytics have a lot of value,\u201d explains Dr. Ghosh. Invincea\u2019s analytics inform about enterprise adversaries through out-of-band analysis of attacks and IP addresses that are the sources of the attacks. This is a big deal in financial services companies because their threat analysts use this data to do discovery about the threats.\u00a0Here, CSO examines what the ForeScout \/ Invincea integration accomplishes that neither technology can do alone.NAC and containerizationInvincea\u2019s FreeSpace containerization technology runs apps, browsers, and office software in a virtual container, protecting the device and the enterprise against infection. Invincea is behavior-based rather than a signature based tool; it is not limited by using known malware signatures to identify infection. It detects malware and attacks based on suspicious behavior. \u201cWe detect when new malware runs in the container, terminate it, and report it to our IMS service,\u201d says Dr. Ghosh. The Invincea Management Service (IMS) responds to threat reports and manages configurations for different users and devices.ForeScout\u2019s foundational contribution is a module \/ plug-in for Invincea to ensure that Invincea\u2019s containerization technology is running. \u201cIn some cases, users would stop Invincea or would not install or run it on their devices,\u201d says Gil Friedrich, Vice President of Technology, ForeScout. ForeScout\u2019s CounterACT checks devices to ensure the user has installed and is running Invincea. It automatically starts Invincea if it is not running.[Is mobile anti-virus even necessary?]\u00a0\u00a0The Invincea \/ ForeScout integration enforces the installation of the Invincea user agent so that the web gateway can block and \/ or redirect users who are not using Invincea, says Dr. Ghosh. And if the FreeSpace technology alerts CounterACT that there is something wrong with the device, CounterACT quarantines the device for remediation. \u201cThis represents what enterprises and IT shops wanted all along: best of breed products working together. This is a step in that direction,\u201d says Dr. Ghosh.The integration enables the two vendors to discover traces of infections that malware has left behind. If a running process has a certain value, it means that an infection occurred. \u201cWhen we collect that forensics data, we can use ForeScout to search other machines for similar clues to infection, both BYOD and managed devices, including smartphones, tablets, laptops, desktops, and workstations,\u201d says Dr. Ghosh. CounterACT can then use its integration with enterprise firewalls to block server addresses that Invincea uncovers as the source of the attacks.What\u2019s so next generation about CounterACT?Previous iterations of NAC allowed enterprises to determine when someone was trying to access the network and to authenticate them and do basic compliance testing. NAC vendors like ForeScout are becoming warehouses of context, meaning that they have visibility into what devices are on the network, each device\u2019s configuration, and its operating system, the patch level of the endpoint, and whether the anti-virus is up to date, says Orans. \u201cThey have access to this contextual information in addition to the IP address,\u201d says Orans.CounterACT\u2019s Control Fabric is what makes it a warehouse of context, by collecting that data from network infrastructure and applications such as Active Directory. CounterACT counts on this context as it provides the functionality to continuously ensure that the device remains healthy and authenticated, because it could be healthy at first and then it could download something bad. \u201cWe can intervene. Our solution also manages all the network infrastructure to alert the enterprise when a device receives access, enabling the company to control and manage the endpoints and their access,\u201d says Friedrich.[How security is using IAM to manage BYOD]\u00a0Using a policy engine, ForeScout automates anything IT \/ security would like to achieve, including fine grained determinations about required or permissible endpoint network behavior. By identifying the user, CounterACT further enables the enterprise to enforce policies around BYOD use. If employees are using it inappropriately, for example, the enterprise can educate or reprimand the employee, or limit their capabilities on the network.Security integrations broader than ForeScout and InvinceaForeScout has enabled partner integrations with CounterACT prior to Invincea. LogRhythm, FireEye, McAfee, and certain MDM vendors are all partners. Through its Control Fabric Partnership Program, ForeScout makes APIs public and opens the ForeScout system so the enterprise customer, reseller, or VAR can integrate into ForeScout\u2019s solutions. Standardization on open technologies makes partnership with ForeScout attractive.\u201cWhen we opened up or API, we standardized on technologies such as REST and SNMP SysLog to ensure that our APIs are using a layer everyone can access (it is not proprietary),\u201d says Friedrich. This way even small businesses can integrate with ForeScout.[How MDM works -- or doesn't work -- for SMBs]\u00a0\u201cSeveral other NAC vendors are using a similar concept,\u201d says Orans. Cisco has\u00a0something called PX Grid, which it uses to share information between their NAC system and their partners. Aruba also has several security partners that they integrate and share information with. \u201cForeScout has done a good job with this but it\u2019s not unique. It\u2019s the trend in the NAC market,\u201d Orans says.