The ForeScout Extended Module for Carbon Black orchestrates information sharing and security work flows between ForeScout CounterACT?? and Carbon Black to improve device hygiene, proactively detect threats across the network and automate threat response.
1. Enhanced Device Visibility:
ForeScout provides you with enhanced discovery, classification and assessment of managed and unmanaged devices on your network - across campus, data center, cloud and OT environments - in short, across the extended enterprise. In addition, ForeScout leverages host properties received from Carbon Black for your ForeScout policies.
2. Verify and Enforce Carbon Black Agent Hygiene:
ForeScout improves security hygiene by verifying that Carbon Black agents are installed, running and operating properly on supported corporate endpoints. ForeScout detects not-yet-enrolled devices and incorrectly functioning agents, and triggers work flows to enforce client-side and server-side compliance.
3. Shared Threat Intelligence and Joint Threat Hunting:
Carbon Black identifies malware and IOCs through advanced techniques and notifies ForeScout upon detection. ForeScout leverages this threat intelligence to monitor the network for IOCs, including unmanaged connected systems such as BYOD, guest and IoT devices, as well as network infrastructure components. Based on your policy, ForeScout can restrict, isolate or block network access for compromised devices.
4. Accelerate and Automate Policy-Driven Threat Response:
When Carbon Black identifies malware or malicious behavior, it informs ForeScout in near real-time. Based on threat severity and your policy, ForeScout can automatically take appropriate actions such restricting, isolating or blocking compromised devices, and initiating remediation work flows. The combination of Carbon Black host actions and ForeScout network actions allows you to reduce your mean time to respond (MTTR) and limit the impact of threats.