Forescout XDR enables SOC teams to reduce the attack surface


Forescout revealed Forescout XDR, a solution designed to aid enterprises in detecting, investigating, and responding to an extensive range of sophisticated threats throughout their extended enterprise.

A typical SOC is flooded with 450 alerts per hour, and analysts waste precious time trying to correlate low fidelity alerts and chasing false positives, often at the expense of focusing on legitimate attacks. Until now, a security operations center’s (SOC) field of view for threat detection and response has excluded critical devices that are increasingly common points of attack, including operational technology (OT), industrial control systems (ICS), building management systems (BMS), and medical and IoT devices.

In addition, the technology stack that SecOps teams have had to rely on has made it difficult to respond to these threats in a rapid and comprehensive manner.

“The true value of an XDR solution lies in its ability to ingest telemetry and data from across the entire enterprise: cloud, campus, remote and datacenter environments, and every managed and unmanaged connected device. This is what the X in XDR is all about, after all,” said Justin Foster, CTO, Forescout. “Traditional XDR products lack this capability, or they only leverage data from the vendor’s own EDR or a few other security tools. This significantly limits the flexibility, scalability and effectiveness that an XDR solution must provide.”

Through the advanced application of data science and automation, Forescout XDR generates one high-fidelity alert that truly warrants analyst investigation, from every 50 million logs ingested, per hour. Because Forescout XDR is vendor- and EDR-agnostic, this ingestion includes data from over 170 security, infrastructure, application, cloud/SaaS and enrichment sources, and dozens of leading vendors.

And with over 70 sources of threat intelligence and 1500 verified detection rules and models, and data onboarding included, Forescout XDR customers can be operational within hours, actively detecting, investigating, and responding to threats.

Forescout XDR addresses modern SecOps challenges

“Forescout XDR, with the breadth and richness of its capabilities, particularly its dashboards and reporting, provides an out-of-the-box solution to SOC challenges that we spent 18-24 months trying to address,” said Samer Mansour, CISO, Panasonic Corporation of North America. “It was easy to deploy, and fully operational in a matter of weeks. And with its tight integration to Forescout’s network security and visibility solutions, and our broader security tech stack, it gives us the ability to exert a lot more control across our IT and OT environments, and further elevate our overall security.”

Seamless integration with Forescout’s network access control solution helps ensure that customers can:

  • Reduce the attack surface, and the risk of an attack in the first place, by preventing compromised or non-compliant devices from connecting to their networks. This proactive approach to XDR further elevates the effectiveness and performance of a modern SOC.
  • Automate response workflows that can immediately touch every managed and unmanaged connected device, across the enterprise. This reduces an attack’s blast radius in real-time, allowing proper mitigation or remediation measures to be completed.

Because Forescout XDR has a multi-tenant architecture and supports local data storage while also being able to provide an aggregated global view of threats and SOC performance, it is ideally suited to large enterprises, multi-nationals, organizations with regional SOCs and managed security service providers (MSSPs).

SaaS licensing is based on the total number of endpoints in the enterprise. As such, customers have the flexibility to leverage the data sources needed to fully support the use cases important to them, and help ensure better detection, without concern for escalating or fluctuating costs associated with cloud log storage.



Source link