ForeScout To Launch FireEye Connector For APT Detection


ForeScout Technologies is rolling out a new connector for users of the FireEye antimalware platform in an integration point the firm said adds real-time threat detection and containment capabilities to its CounterACT product.

Cupertino, Calif.-based ForeScout is expected to make the announcement Tuesday. The firm said the joint integration provides visibility into targeted attacks and zero-day threats, which often use custom malware and obfuscation techniques to evade detection from traditional security software. The integrated platforms are expected to be demonstrated this week during the InfoSec Europe conference in London.

FireEye said the goal of the integrated product is to reduce the time it takes to identify suspicious activity from a system and remediate the issue before data is stolen. CounterACT identifies devices on the network, checks their state of compliance with security policies and controls access to corporate systems. The platform also integrates with some security information event management (SIEM) systems and mobile device management platforms.

[Related: DOS Attacks Grab Headlines, But Stealthy Threats Are The Real Story]

The integrated products help address advanced threats, an issue of growing concern with some organizations, said Judi Buckardt, president and CEO of Konsultek, an information security solution provider based in the Chicago area. Buckardt said organizations are looking to go beyond traditional security technologies to identify custom malware and contain threats before they results in data loss.

"Our customers are looking for solutions to keep them ahead of the game, and this combination could help put them a step ahead," Buckardt said. "We've had many success stories of things being caught and stopped with ForeScout."

ForeScout's agentless platform also supports integration with Symantec and McAfee products. The latest plug-in uses the FireEye APIs to integrate the threat intelligence metadata into CounterACT. ForeScout also provides a policy template for FireEye. The template addresses the severity of the endpoint threat and the action or actions that should be taken, from merely alerting to quarantining and isolating a system from the rest of the network.

FireEye uses its core engine to identify attacks and block outbound malware activity. It can prevent data from being uploaded to a remote server and notify CounterACT to quarantine the endpoint. ForeScout said FireEye compliments its ActiveResponse technology to block malicious behavior.

The market for ForeScout and other network access control technologies is seeing a resurgence, according to Eric Ogren, principal analyst at Stow, Mass.-based security consultancy The Ogren Group. Ogren projects the market to increase at a 22 percent CAGR through 2017, with Cisco, ForeScout and Juniper representing more than 70 percent market share. Security and compliance concerns around employee-owned mobile devices is creating interest in NAC, Ogren said.

"There's a lot of interest with BYOD trending and a number of MDM vendors putting NAC integration back into the limelight," Ogren told CRN. "The mobility angle is less to do about sensing configurations and software issues and more about where to send people at the network switch."

PUBLISHED APRIL 22, 2013