Enterprises looking for more comprehensive, pervasive network and endpoint security will soon have another option to consider. Today, network security vendor and Gartner Network Access Control (NAC) market Magic Quadrant leader ForeScout and endpoint security startup and 2013 Gartner Cool Vendor Bromium announced an integration that the companies promise will take automated threat response to the next level.
Campbell, CA-based ForeScout has of late expanded their mission beyond pure network access control with efforts to position their flagship NAC product, CounterACT, and ControlFabric, their integration and orchestration platform, as the keys to comprehensive, automated endpoint visibility, access control, and security. Cupertino, CA-based Bromium may provide ForeScout with an additional edge against competitors like Cisco, Juniper, and Aruba Networks.
That edge will come from Bromium’s innovative vSentry and LAVA technologies. vSentry protects endpoints by leveraging the Bromium Microvisor to create “micro-VMs” for each new browser tab, attachment, or document on a Bromium-protected machine. The micro-VMs hardware-isolate each risky task and prevent malware from accessing enterprise data and networks. Malware is then automatically flushed when the user ends the task, but not before Bromium’s Live Attack Visualization and Analysis (LAVA) collects information about the malware for analysis and future response.
The integration originated in ForeScout customer Pioneer Global Asset Management’s interest in combining both technologies, according to Simon Crosby, Bromium co-founder and CTO, and Scott Gordon, ForeScout CMO. Ken Pfeil, Pioneer’s CISO, “saw the possibilities that would result from the integration,” Crosby told me. Most of ForeScout’s integrations are driven by customer needs, so the companies worked together to develop an easily replicated solution.
The result “leverages our existing investments in endpoint and network security, providing unambiguous and actionable threat intelligence that we can use to quickly and systematically enhance our overall security posture,” Pfeil said in a statement.
The integration stitches CounterACT, vSentry, and LAVA together in the ControlFabric interface. CounterACT can deploy vSentry to detected endpoints that meet vSentry’s minimum hardware and BIOS requirements. LAVA, meanwhile, will enable automated malware response by sending threat intelligence to CounterACT for response, which may include quarantining infected endpoints, blocking infection sources, and alerting administrators and end users. The malware data LAVA collects also enables CounterACT to assess all other endpoints for remediation.
Doing so closes gaps in an enterprise’s security strategy. “Bromium can protect endpoints where we are installed, but enterprises may have endpoints without vSentry. What’s needed is enterprise-wide response, and ForeScout CounterACT is the perfect automated control fabric for that purpose,” Crosby said. Gordon added that the ability to act on LAVA-generated threat intelligence across all endpoints will “allow our mutual customers to gain greater ROI” from their Bromium and ForeScout deployments.
Bromium and ForeScout both look set to benefit from their partnership. If the integration works as described, so do their customers.
“This approach really showcases the versatility of our ControlFabric bi-directional integration technology. Not only can CounterACT identify systems that should have a Bromium vSentry agent and facilitate deployment, but customers can also apply the advanced malware signatures identified by Bromium LAVA as CounterACT policies to serve as an active defense,” Gordon said. And while ForeScout already supports a large number of leading endpoint protect solutions, “Bromium definitely has a very innovative approach to malware and advanced threats,” he added. ForeScout’s market share may bring that approach to a much larger audience.
ForeScout anticipates general availability of the integrated solution in early 2014.
Header photo courtesy of Shutterstock.
Jude Chao is executive editor of Enterprise Networking Planet. Follow her on Twitter @judechao.