Page 1 of 2
The hardware appliance will soon be a thing of the past, courtesy of virtualization. What used to be fixed-purpose applications deployed in black boxes and running a proprietary operating system or a curtained-off version of Windows or Linux are now available as virtual appliances for VMware and the like.
In the most recent example, Cupertino-based ForeScout Technologies on Moday announced that its CounterACT 6.3.4 network access control solution is now available as a virtual appliance to run under VMware ESX 3.5 and 4.x. CounterACT identifies all devices on or attempting to connect to a network and assesses their security posture according to a set of policies established by IT administrators.
Click image for full-sized view.
ForeScout's virtual appliances are identical in functionality to its physical counterparts, the company says, and the two can co-exist and be controlled by ForeScout's enterprise management tool. The solution can control and manage a total of 200,000 physical and virtual devices, the latter of which can be running under Citrix XenServer or Microsoft Hyper-V (or, of course VMware).
If you're recommending only perimeter solutions and not offering your customers a network access control product for inside the firewall, you might be leaving them vulnerable to attacks from within, where networks are most vulnerable. To address the multitudes of mobile devices coming in and out of the range of company networks these days, ForeScout in March updated CounterACT to more closely understand and work with devices running Android, Apple's iOS, (iPhones and iPads), BlackberryOS and Windows Mobile.
Such devices can now be picked up in real time and be forced to comply with policies in exchange for network access. CounterACT also collects information such as device maker, model and OS version, and now also finds out about apps and services running on devices and can do more to monitor user activities and prevent mischief.
For our tests, ForeScout created a CounterACT 6.3.4 instance using CloudShare, a Web-based VMware deployment system. Through a browser, we were able to step through CounterACT's features and functions and evaluate its effectiveness, extensive reporting capabilities and ease of use.
Upon start-up, CounterACT immediately begins to take an inventory of the devices on the network. PCs, Macs, printers, switches, routers, mobile devices and nodes of all shapes and sizes are gathered up, organized and reported to the CounterACT Console application.
Administrators can select (in the left-hand pane) from a number of views, each of which will display the inventory accordingly. Shown is the a display by network function, which lists computers running Linux, Windows and Mac OS X first, followed by hand-held devices, Unix machines, printers, servers and so on. Double-clicking any item brings up further details, including switch port, make, model, IP address, software version, users of the device or other applicable data.
The elegantly simple solution -- which uses no agents -- instead leverages collected data to prevent malfeasance with techniques that include HTTP redirection, virtual firewall implementation and VLAN quarantine. "To provide all the features of CounterACT, you would need about a dozen products from Juniper or Cisco," claimed Jack Marsal, the company's director of marketing in a confidential phone interview prior to the announcement.
