Deep Dive into ForeScout Part 2: Protecting Enterprise Networks from Cyber Attacks
After previously discussing ForeScout CounterACT's deep monitoring capabilities for users and devices across the network, let's continue by exploring how ForeScout helps protect your network from various cyber threats and attacks.
Threat Detection
ForeScout CounterACT provides threat detection capabilities through the following methods:
- Detecting malicious network traffic
- Monitoring attack activities such as worm propagation, unauthorized website access attempts, and many other suspicious events
- Detecting network probing activities
- Identifying actions that may pose risks to network security
- Detecting network scanning activities
- Detecting Finger, HTTP, and NetBIOS scans
- Detecting abnormal login attempts such as username scanning or password scanning
- Detecting vertical scans, horizontal scans, and ping sweep scans
- Detecting SNMP scans targeting network devices
- Detecting email worms within the network
- Detecting abnormal mass email activities
- Detecting suspicious email attachments
- Detecting sender spoofing attempts
- Detecting abnormal recipient volumes
- Detecting unusual connections to multiple email servers
Threat Prevention and Response
ForeScout CounterACT provides several methods for threat prevention and automated response, including:
IP and Service Blocking
- Blocking all network access for attacking users or devices
- Blocking only the specific services being used in an attack
- Logging all detected attack activities
Worm Propagation Control
- Using Worm Slow Down techniques to prevent infected systems from rapidly spreading worms
- Preventing network instability and minimizing impact on normal users
- Giving administrators time to analyze attacks and decide whether to manually respond or allow ForeScout to automatically contain the worm
- Allowing infected systems to continue operating while balancing usability and security
User Notification and Awareness
- Displaying attack notifications to users via HTTP/HTTPS, allowing them to acknowledge the incident while automatically recording confirmation logs
- Displaying automatic Balloon Box notifications for user convenience
- Sending automated email notifications to affected users
Endpoint Security Enforcement
- Enforcing operating system patch updates
- Enforcing critical Microsoft hotfix updates
- Checking vulnerabilities on each host device
- Enforcing installation and usage of personal firewall software such as ZoneAlarm, Windows Firewall, Symantec, Sygate, McAfee, and many others
- Enforcing installation and usage of antivirus solutions such as Avast, Trend Micro, Symantec, Sophos, McAfee, Kaspersky, ESET, CA, BitDefender, AhnLab, AVG, and many others
- Enforcing installation and usage of antispyware solutions such as Windows Defender, Webroot Spy Sweeper, Spyware Doctor, Spyware Blaster, Spybot-Search and Destroy, McAfee, Lavasoft Ad-Aware, Kephyr Bazooka Adware and Spyware Scanner, CounterSpy, Anonymaizer, and many others
With these capabilities, ForeScout CounterACT can integrate seamlessly with Layer 7 Firewalls, IPS, SIEM, Log Servers, and many other enterprise security systems. As a result, ForeScout has achieved numerous high-level security certifications across military and financial sectors.
For more information, please visit the ForeScout CounterACT Threat Prevention page, where you can also download examples demonstrating how ForeScout mitigates well-known worms such as Conficker.
---
Source by Throughwave Thailand
For more updates and information, please visit https://www.throughwave.co.th