RealTime IT News

ForeScout Upgrades to Enterprise Security

Intrusion detection system (IDS) developers ForeScout will announce and demonstrate a corporate version of its early-warning software ActiveScout application at the Computer Security Institute (CSI) exhibition Tuesday in Chicago.

The ActiveScout Enterprise edition has been tested to allow up to 50 access points (APs) in a network using the ActiveScout Site Solution to exchange information simultaneously, though ForeScout officials said the product will work globally and has no set limit of APs.

The ActiveScout Site Solution has been around for some time now, though until now the software application hasn't been able to "talk" with other network APs using similar software. The enterprise solution takes care of that; it's Enterprise Manager and Enterprise Heads-Up collect and disseminates network attacks from one node and warn the other APs almost simultaneously, behind the scenes.

"Security professionals are constantly looking for better ways to identify attacks with a high degree of accuracy so they can stop real network attackers and prevent intrusions across the entire enterprise," said Peter Lindstrom, a director at Spire Security, a research and consulting firm.

According to Nancy Blair, vice president of marketing at ForeScout, if an attack occurs at one AP, the threat information is passed to the other ActiveScouts running on the network to prevent a breach from occurring.

The new version comes with a graphical user interface (GUI) map that shows where the attack originated and how widespread the attack is, and whether it is hitting the other nodes in the network. Blair said it helps IT managers quantify the existence of network threats to company executives and is a precursor for ActiveScout versions in the future.

"Right now, the threat information is passed within the enterprise, but we do envision an inter-enterprise global warning communication in the future," she said.

Since the ActiveScout is a software solution, customers are allowed to build the server, and operating system (OS) of their choice, though officials said they have vendors who can bundle the software onto a new machine.

David Prince, director of information services at Leith Managment Company, a NC-based car dealership that keep thousands of car loan applications in the database, said he has been testing the ActiveScout for some.

"It's been working great," he said. "We've been running it on a test server and running intrusion tests on it but plan to move it onto a more permanent platform in the near future. Since installing it, we've seen a dramatic decrease in scan traffic, and a reduction in the amount of alerts for false positives and network attacks."

For companies that prefer to build an out-of-box server of their own, officials recommend it contain at least an Pentium III 600 MHz processor with 256 MB of RAM and 20 GB of disk space. ActiveScout runs on Windows, Linux or Sun Solaris platforms.

ActiveScout sits in front of the APs firewall and behind the router, processing incoming traffic and returning false network identification information to the originator. In the case of an attack, where the attacker launches an exploit, it is sent to the wrong area of the network because of the bogus information and intercepted.

Blair said this patented technique cuts down on the number of false positives and attacks that IT staffers need to respond to by 85 percent, since the attack is foiled before even reaching the Internet. Only with the other 15 percent will a network administrator get a page or phone call.

"It's much more effective than your regular IDS solution," Blair said, "because it doesn't bother alerting the IT manager with every single port scan or false positive. And because it works in the background so well, most managers aren't even aware their network is getting attacked; in the case of the NIMBA virus, one of our customers had to look through the logs to find out if they were even getting attacked, because ActiveScout stopped the virus before it got to the network."

Pricing on the ActiveScout is dependent on the amount of network traffic the application handles, but starts at:

  • ActiveScout Site Solution - $2,995.
  • ActiveScout Enterprise Manager - $9,995.
  • ActiveScout Enterprise Heads-Up - $4,995.