A New Wrinkle in Security Intelligence: The Power of Orchestration

Reposted from ForeScout’s Blog | By 

 

The human brain is an incredibly complex system that functions miraculously well when all of its components are working together as one unit. However, when something goes wrong and connections break down, as when a stroke occurs, the brain is no longer fully operational and basic functions cease.

Sad to say, but in some ways IT security systems are like the human brain after the damage has been done. Look at just about any organization’s security infrastructure these days, and it’s easy to see real stumbling blocks to communication and efficient threat mitigation. In virtually every case, precious intelligence goes to waste because components of the system are cut off from one another. In fact, pathways have never existed. Isolated security products correlate data and events, pinpoint vulnerabilities, detect malware—and yet are incapable of sharing what they find with other security solutions that could take action if only they had been informed. As Cool Hand Luke said, “What we’ve got here is a failure to communicate.”

The limitations are obvious. When proper intelligence gathering isn’t followed up by effective information sharing and automated, near-real-time response, gaps in security are big enough to drive the cyber-equivalent of an 18-wheeler through an organization’s defenses. Cybercriminals have all the time they need to steal assets and damage property. In addition, instead of rapid system response to remediate issues, human intervention is constantly required.

Today’s sophisticated, targeted attacks, coupled with increasing network complexity, can present incredibly difficult challenges. Nobody can afford to have an incident response system that isn’t using all of its intelligence and powers of communication.

Orchestration to the Rescue
Your security vendors’ products are all vying to supplement the “brain”—your incident response team—with information. However, this overabundance of data often overloads the brain, creating analysis paralysis and delayed response. That’s where ForeScout comes in. We partner with third-party vendors to make their solutions and ours smarter by sharing information in real-time and automating workflows and processes among security tools—making cybersecurity vastly more effective.

With an assist from ForeScout Extended Modules and ForeScout ControlFabric® ArchitectureForeScout CounterACT® provides unprecedented interoperability, integration and multivendor security orchestration functionality. This enables CounterACT and other key security infrastructure components to share insights about corporate-owned, Bring Your Own Device (BYOD), Internet of Things (IoT) and rogue devices while automating workflows and security processes.

Now, I’m not saying this ability to orchestrate will automate every single decision or process. Nothing is worse than brainless automation that disrupts productivity or glosses over security incidents. In effective orchestration, your brain remains in complete control with the ability to override and fine-tune decision-making. As your incident response team takes in more information, decisions become more refined and automated over time.

The result is a unified, highly intelligent and responsive security infrastructure that shares contextual information, accelerates/automates incident responses, and improves incident response team insight while minimizing human intervention requirements.

Just as circuits in the human brain connect specialized components to make intelligence possible, integration of disparate security tools makes orchestration and automation possible. ForeScout Extended Modules bring the visibility, policy-based access controls and remediation functionality of ForeScout CounterACT to third-party security tools that typically lack enforcement capabilities. Advanced Threat Detection (ATD), Enterprise Mobility Management (EMM), Vulnerability Assessment (VA),  Security Information and Event Management (SIEM) and Endpoint Protection Platform (EPP) can all benefit from integration made possible by ForeScout Extended Modules. Custom application integration can also be obtained with the Open Integration Module from ForeScout.

Laying the Groundwork for a More Intelligent Security Infrastructure
Clearly, isolation is the enemy of intelligence and action—both in neurological and security systems—and component integration is key. Through its orchestration and integration efforts, ForeScout is committed to making free-flowing communication the rule rather than the exception in enterprise security systems everywhere.

Check out Our White Paper
If you’d like to see specific examples of how ForeScout helps leading security management vendors’ products share information and automate security workflows and response, I encourage you to download our white paper “Automating System-Wide Security Response through Orchestration“.: