Skip to main content
Deep Dive into ForeScout Part 3: Centralized Endpoint Management and Control

Deep Dive into ForeScout Part 3: Centralized Endpoint Management and Control

Throughwave Teamβ€’10/8/2012β€’
ForeScoutendpoint managementinventoryMDMBYOD

Continuing from the previous articles, Deep Dive into ForeScout for Real-Time User and Device Monitoring and Deep Dive into ForeScout Part 2: Protecting Enterprise Networks from Cyber Attacks, we now move on to Part 3 β€” centralized endpoint management and control with ForeScout CounterACT, a Next Generation Network Access Control solution, also known as Automated Security Control. Let's explore how ForeScout can help your organization.

Creating Hardware and Software Inventory

After ForeScout automatically detects and classifies devices across the network using its Real-Time Network Monitoring capabilities, ForeScout can then generate both Hardware Inventory and Software Inventory reports. These inventories provide detailed information about all hardware within the network environment, including network devices, servers, PCs, notebooks, smartphones, tablets, IP phones, CCTV systems, printers, scanners, and many others. It also identifies operating systems such as Microsoft Windows 7, Microsoft Windows Phone, Linux, Unix, Apple Mac OS X, Apple iOS, Google Android, Nokia Symbian, Blackberry, and even Cisco IOS.

In addition, for systems with installed software agents or joined to Active Directory, ForeScout can also create hardware inventories for peripheral devices such as USB thumb drives, USB hard drives, USB printers, USB charging mobile devices, and more. ForeScout also generates Software Inventory reports by collecting information about installed software, running processes, active applications, and services in use. Administrators can search both hardware and software assets at any time and instantly generate reports for audit teams.

Classifying Network Devices by Department through Microsoft Active Directory

For organizations using Microsoft Active Directory as their domain controller for both domain join authentication and web-based authentication, ForeScout can immediately associate authentication data with endpoint devices. This allows administrators to classify devices by department, identify the number of devices in each department, and determine which users are operating specific devices. As a result, asset management and security auditing become much faster and easier, while user support operations also become significantly more efficient.

Controlling Applications and Processes

Beyond tracking endpoint devices and network equipment, ForeScout can also efficiently control applications and processes. Administrators can create policies to enforce or prohibit the use of specific applications and processes as needed. ForeScout continuously checks for applications or processes that violate these policies and can automatically run or terminate them in real time. Additionally, administrators can manually terminate unauthorized applications or processes whenever necessary.

When ForeScout detects that an endpoint device does not have required software installed, it can immediately deploy the software automatically. This capability greatly simplifies endpoint administration and improves operational efficiency for IT teams.

Managing Anti-virus, Anti-spyware, and Data Leakage Prevention (DLP)

ForeScout provides extensive capabilities for controlling security applications such as anti-virus, anti-spyware, and Data Leakage Prevention (DLP) software. ForeScout can verify installation status, monitor software activity, and ensure security applications remain updated. This guarantees that security applications and processes are continuously enforced and updated automatically, giving administrators confidence in endpoint security. ForeScout supports all major software brands and versions, while also allowing administrators to customize controls for broader coverage. This makes security auditing and compliance verification more effective and streamlined.

Managing Microsoft Windows Patches

To further strengthen network security, ForeScout can automatically verify and enforce Microsoft Windows security patch updates across all supported versions. Administrators can selectively deploy only the patches relevant to organizational requirements and generate security compliance reports for endpoint auditing purposes.

USB Device Control

USB control is one of the most critical security capabilities for protecting enterprise endpoints, as viruses and worms commonly spread through USB thumb drives, and sensitive organizational data is often stolen through removable storage devices. ForeScout allows administrators to selectively block specific USB device categories such as USB external storage, USB routers, USB printers, and more. This ensures endpoints can still use essential USB devices while preventing risky devices like unauthorized USB thumb drives from being connected.

Additionally, USB access policies can be customized based on user authentication levels and permissions.

User Notification and Communication

Regardless of the enforcement method used on endpoint devices, communication between administrators and users remains one of the most important factors for successful policy implementation. ForeScout therefore provides multiple communication methods between administrators and users. When users or devices violate policies, such as installing unauthorized software, ForeScout can notify users through the following methods:

  • Web Notification with Agreement Acceptance – Messages are displayed through a web interface with an Accept button requiring users to acknowledge the notification. The confirmation is automatically stored in the database. This method is ideal for notifying users about policy violations and recording acknowledgment.
  • Balloon Message Notification – Notifications appear as balloon messages at the bottom-right corner of the screen. This method is suitable for general status updates or alerts such as virus detection or completed updates.
  • Email Message Notification – Notifications are sent directly to the user's email account. This method is appropriate for formal communications.
  • Authentication Page Messaging – The authentication page can be customized to display announcements or daily updates to network users during the login process.

Detecting and Preventing Worms, Viruses, and Hackers

In addition to controlling applications and processes on endpoint devices, ForeScout can also integrate its previously discussed threat detection and prevention capabilities to identify and contain worms, viruses, and hackers. Once ForeScout detects and mitigates these threats, it can automatically force the affected endpoint to run a virus scan to eliminate the root cause of the problem.

Logging Endpoint Events

ForeScout offers highly flexible security policy customization, including the ability to define which events should send logs to a Log Server and determine the log message format. Administrators can specify events to be logged and customize the message structure using variables such as endpoint IP addresses, active users, application/process names, missing applications/processes, attack types, and many others.

This capability significantly enhances Security Information and Event Management (SIEM) systems. Traditionally, SIEM solutions collected logs primarily from network devices, but with ForeScout, SIEM platforms can also collect detailed endpoint security data simultaneously. ForeScout also integrates seamlessly with leading SIEM solutions such as HP ArcSight, EMC RSA enVision, and McAfee ePo.

If you are interested in ForeScout solutions, please contact info@throughwave.co.th or call +66 2-210-0969 for more information.

Source: https://www.throughwave.co.th

Back to Blog

View All Posts