“CISOs are deploying new security solutions at lightning speed to stay ahead of emerging threats resulting in a greater need for orchestration and information sharing among these technologies,” said Michael DeCesare, President and CEO, ForeScout. “Through our collaboration with Splunk and agentless approach to visibility, ForeScout streamlines security operations and reduces the window of exposure to limit malware proliferation and data exfiltration from devices on the network.”
ForeScout’s integration with Splunk Enterprise and Splunk ES enables customers to leverage high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritisation. The increasing volume of IoT devices connecting to the network has created new windows of opportunity for today’s cybercriminals to enter an organisation. ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk's Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organisations better combat advanced attacks through a unified defense.
“To help stay ahead of advanced threats, Splunk customers rely on technology that enables an analytics-driven approach to security and automates the incident response process. The Adaptive Response Initiative, and collaboration with partners like ForeScout, helps break down the silos between what are typically disparate security systems to provide our customers with faster threat investigation and remediation,” said Doug Merritt, president and CEO, Splunk.
Customers gain improved correlation and incident prioritisation based on ForeScout data such as:
· Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT
· Device profiling and classification information
· Device security posture and compliance gaps
· Network authentication, access and location information
Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:
· Enable Splunk software to delegate alert mitigation actions in real-time
· Take network actions to quarantine, isolate or limit access of IP-connected devices
· Initiate remediation and threat mitigation actions on a broader range of devices
· Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions