Improve Security and Operational Efficiency To help serve the Cyber Security and Situational Awareness needs of the U.S. Department of Defense, ForeScout and McAfee have integrated their solutions. This joint solution allows DoD organizations to gain visibility to 100% of the endpoints connected to the network and extend the capabilities of their existing HBSS system to improve Situational Awareness and Incidence Response (SAIR). In addition, ForeScout’s automated solution helps government agencies save time by automating the installation of HBSS agents onto managed systems.

The Challenges Securing what you can’t see. The U.S. Department of Defense utilizes McAfee ePO and HBSS to provide visibility for endpoints that have HBSS agents installed. But visibility of non-managed devices—such as personal laptops, smartphones, rogue wireless access points, and devices with broken HBSS or missing agents—requires a real-time network monitoring device such as ForeScout CounterACT.

Controlling what you can’t manage. If an unmanaged device becomes infected and starts to attack the network, IT security managers need to be able to identify the source of the attack and automatically disconnect it from the switch.

Effective agent deployment. In addition, there is the ongoing time and effort required to deploy the HBSS software agents onto each endpoint and ensure their continuous operation. At times, remote remediation can fail, and addressing this can entail extensive manual effort, consuming thousands of labor-hours each year. And if you aren’t sure that the HBSS agents are deployed on all of your endpoints, you aren’t sure that your network is secure.

To solve these problems, you need 100% visibility to secure your network, and you need automation to maximize the efficiency of your operations.

Solution Brief

Highlights

Visibility | See 100% of the endpoints connected to a DoD network in real-time. Identify and validate rogue devices. No agents or software are required.

Access Control | Grant, deny, or limit network access based on who and what is trying to access your network including mobile devices such as iPhone, iPad, Android, etc.

Infection Containment | Identify the sources of malicious attacks and quarantine the systems to protect your network.

Agent Distribution | Save resources, manhours and operational spending by automatically detecting which endpoints have broken or missing HBSS agents and automating the installation of the HBSS agents.

Compliance | Built-in support for networthiness standards such as configuration standards and software compliance.

10001 N. De Anza Blvd., Suite 220 Cupertino, CA 95014 Tel: 1 (866) 377-8771 Fax 1 (408) 213-2283 www.forescout.com

Visibility and Automation for HBSS

© 2012 ForeScout Technologies, Inc. Products protected by US Patent #6,363,489, March 2002. All rights reserved. ForeScout Technologies, the ForeScout logo, CounterACT, CounterACT

Edge and Active Response are trademarks of ForeScout Technologies, Inc. All other trademarks are the property of their respective owners. FSMA-SBF040312

allow the device to access the entire network or just parts of the network, according to policy.

4. If the agent is missing or broken, CounterACT alerts HBSS, which will try to install the HBSS agent. If this fails, CounterACT will install the HBSS agent directly by running a script on the endpoint or will use captive-browsing to direct the end user to an HBSS installation page.

5. If the device is unauthorized, ForeScout CounterACT will deny access or quarantine the device and notify the HBSS Rogue System Detection.

6. After the device has been admitted to the network, if HBSS determines that the endpoint has become non-compliant, the HBSS server will immediately report this change to CounterACT, which will quarantine the endpoint until it has become remediated.

7. ForeScout CounterACT continually monitors the device to determine if its behavior becomes threatening. If this occurs, ForeScout CounterACT will immediately alert McAfee ePO and quarantine the device so that it no longer represents a security threat.

ForeScout-McAfee Joint SolutionCounterACT extends the functionality of the DoD’s HBSS capability, providing real-time visibility and control over 100% of the devices on the network, including devices outside the HBSS scope.

• Automated asset identification, posture assessment• Automated HBSS agent detection and verification• Automated network access control• Built-in support for STIG and FDCC security standards• Automated HBSS deployment and/or remediation

How it WorksForeScout CounterACT works together with McAfee ePO to improve and automate the security of DoD networks, for example:

1. When a device connection is attempted, CounterACT determines type of device, if an HBSS agent is installed, and reports it to McAfee ePO.

2. If the device has an HBSS agent, CounterACT queries the HBSS server to determine the compliance status of the endpoint.

a. Are all HBSS agents installed, running and up-to-date?

b. How recently was endpoint compliance assessed?c. Is the endpoint compliant with STIG and FDCC

standards?3. ForeScout CounterACT uses the above information

plus a set of pre-determined security policies to control the device’s ability to access the network. If both the device and the user are authorized, and if the device is compliant with STIG and FDCC standards, CounterACT will implement port-based control to

ForeScout-McAfee Joint Solution Benefits:

» Improves compliance with DISA STIG and JTF-GNO 07-12 by preventing rogue devices from connecting to the network and ensuring that 100% of systems have HBSS installed.

» Strengthens security by preventing network infection from rogue and unmanageable devices, and quarantining non-compliant endpoints until HBSS can remediate them.

» Saves thousands of hours by automating HBSS agent installation and by remediating HBSS agents more efficiently.