Forescout Technologies Inc. unveiled
Forescout XDR, to help
enterprises better detect, investigate, and respond to the broadest range of
advanced threats, across the extended enterprise.
A typical SOC is flooded with 450 alerts per hour, and
analysts waste precious time trying to correlate low fidelity alerts and
chasing false positives, often at the expense of focusing on legitimate
attacks. Until now, a security operations center's (SOC) field of view for
threat detection and response has excluded critical devices that are
increasingly common points of attack, including operational technology (OT),
industrial control systems (ICS), building management systems (BMS), and
medical and IoT devices. In addition, the technology stack that SecOps teams
have had to rely on has made it difficult to respond to these threats in a
rapid and comprehensive manner.
"The true value of an XDR solution lies in its ability to ingest
telemetry and data from across the entire enterprise: cloud, campus, remote and
datacenter environments, and every managed and unmanaged connected device. This
is what the X in XDR is all about, after all," said Justin Foster, CTO,
Forescout. "Traditional XDR products lack this capability, or they only
leverage data from the vendor's own EDR or a few other security tools. This
significantly limits the flexibility, scalability and effectiveness that an XDR
solution must provide."
Through the advanced application of data science and automation,
Forescout XDR generates one high-fidelity alert that truly warrants analyst
investigation, from every 50 million logs ingested, per hour. Because
Forescout XDR is vendor- and EDR-agnostic, this ingestion includes data from
over 170 security, infrastructure, application, cloud/SaaS and enrichment
sources, and dozens of leading vendors. And with over 70 sources of threat
intelligence and 1500 verified detection rules and models, and data onboarding
included, Forescout XDR customers can be operational within hours, actively
detecting, investigating, and responding to threats.
"Forescout XDR, with the breadth and richness of its
capabilities, particularly its dashboards and reporting, provides an
out-of-the-box solution to SOC challenges that we spent 18-24 months trying to
address," said Samer Mansour, CISO, Panasonic Corporation of North
America. "It was easy to deploy, and fully operational in a matter of
weeks. And with its tight integration to Forescout's network security and
visibility solutions, and our broader security tech stack, it gives us the
ability to exert a lot more control across our IT and OT environments, and
further elevate our overall security."
Seamless integration with Forescout's industry-leading network
access control solution, helps ensure that customers can:
1. Reduce the attack surface, and the risk of an attack
in the first place, by preventing compromised or non-compliant devices from
connecting to their networks. This proactive approach to XDR further elevates
the effectiveness and performance of a modern SOC.
2. Automate response workflows that can immediately touch
every managed and unmanaged connected device, across the enterprise. This
reduces an attack's blast radius in real-time, allowing proper mitigation or
remediation measures to be completed.
Because Forescout XDR has a multi-tenant architecture and
supports local data storage while also being able to provide an aggregated
global view of threats and SOC performance, it is ideally suited to large
enterprises, multi-nationals, organizations with regional SOCs and managed
security service providers (MSSPs).
Pricing
SaaS licensing is based on the total number of endpoints in the
enterprise. As such, customers have the flexibility to leverage the data
sources needed to fully support the use cases important to them, and help
ensure better detection, without concern for escalating or fluctuating costs
associated with cloud log storage.