Efficient visibility can be enhanced with good analytics.
Jan Hof, international marketing director at Forescout, said that everything is behind the firewall and the challenge was to be more efficient, and while virtualisation and cloud have taken off, they are hard to control so provide more challenges. “Companies are replacing legacy systems and how they implement next generation security infrastructure, there is a real need for real-time visibility and that will happen every year,” he said.
“We can all look deeper for a problem but if we share and work together we can do that. Gartner has recommended that rather than a layer control, there should be a layer of monitoring and visibility and you want visibility for applications so you can still run and contain them, we say that this saves costs as you do not need to integrate in new technology, as if you cannot see you cannot secure,” he said.
This week saw LogRhythm and ForeScout announce a partnership am to enhance continuous intelligence, big data analytics and threat mitigation. The platform interoperability will afford joint customers the means to gain continuous operational and security intelligence, enhanced predictive and preventative controls, and policy-based remediation to optimise security and compliance management.
The planned interoperability between each company’s solutions will leverage LogRhythm’s SmartResponse technology and ForeScout’s ControlFabric architecture. These open integration technologies will enable CounterACT and LogRhythm to exchange contextual information with each other, as well as expose CounterACT’s real-time control and automated remediation features to LogRhythm SmartResponse functions.
Jan said that security incident and event management (SIEM) can do great analytics but does not do control so cannot mitigate threats, and that 15-30 per cent of agents are not running properly. “This creates inadequate visibility, collaboration and mitigation and you can make sure only managed devices can connect to meet your security policy,” he said. “You need real-time visibility and combine it with coordinated control to share and take recommendations from SIEM.”
Scott Gordon, chief marketing officer at Forescout, said: “This is where the value of Control Fabric is as you need visibility to wrap it up and where Gartner call it an adaptive security architecture, we call it continuous mitigation. Jan said that the benefit to users is added information for LogRhythm for better value, while for Forescout users this offers analysis and fine granular control. “It can ensure log systems are active, and make intelligence actionable.”