ForeScout Technologies Stops Zotob.E Before Security Warnings

CUPERTINO, Calif.—August 18, 2005—ForeScout Technologies, Inc., the leading provider of network-based Network Access Control and Intelligent Intrusion Preventionâ„? security solutions, announced today that its ActiveScoutâ„? and CounterACTâ„? appliances automatically detected and blocked the Zotob worm and all of its variants across its customer base worldwide.

On August 9, 2005, Microsoft issued the MS05-039 security bulletin, which describes a Windows vulnerability categorized by Microsoft as “Critical”. Within days the Zotob worm and more than a dozen variants had emerged and were propagating in enterprise networks. The new worm bypassed signature based Intrusion Prevention Systems (IPS) and Anti-Virus (AV) products that needed to create new signatures for the worm and each new strand. ForeScout’s patented Active Response technology engaged the Zobot infected machines and prevented connections to vulnerable hosts, thereby stopping the spread of the worm. No signatures updates or other human intervention was required for ForeScout’s installed customer base to have real-time protection against this new worm.

“With one of our enterprise class customers, we had the worst case scenario with this worm,” said Scott Shinn Managing Partner of Prometheus Group. “It was ‘zero-day’, and it came in through contractor VPN connections from their home network, completely circumventing all the perimeter security systems. From the CounterACT Console we watched each remotely connected system get compromised until more than 40 in all had been infected, and their connections cut off from the network before the malicious code could propagate. CounterACT was literally the last line of defense and it worked flawlesly – at no point did the attack pose a risk to this extensive network.”

ForeScout’s integrated security platform combines network-based Network Access Control (NAC), Intelligent Intrusion Prevention and Vulnerability Assessment and Protection in a single appliance. If an endpoint machine is in compliance with network policies but is nonetheless infected with a new worm, Active Response, a highly accurate and patented methodology of detecting network attacks and espionage can immediately suppress the worm. ForeScout’s CounterACT appliance blocks malicious traffic automatically without effecting legitimate data flows. Currently the technology is the only scalable, customer-validated security solution that has been proven to prevent zero-day malicious attacks from both self-propagating malware and hackers.

“Over this past year we have made the case in our research and security seminars that the greatest risk to business continuity and the most damaging attacks to corporate networks occur in the window of time where no signature is available,” said Ken Kousky, president and CEO of ip3. “Singularities (non/pre signatured attacks) like Zotob and all of its variants demonstrate the importance of technology that can detect zero-day threats and based on that accurate detection, turn on automatic blocking.”

“With each new vulnerability announcement there is a new window of vulnerability for networks which is the time between the vulnerability appearing and the time when protection is deployed. Security solutions that require updated signatures for each new variant of a worm are not available to fight this battle in the critical early minutes of the attack;” said T. Kent Elliott, CEO of ForeScout Technologies, “Since the first breakout of the worm on August 14, ForeScout’s customers have been depended on Active Response to block these threats from infecting their networks, and have not been disappointed.”

The malware and worm writers are getting faster and more sophisticated all of the time. The window between the time these vulnerabilities are announced and the first instance of a worm continues to shrink. With the Zotob outbreak, the window was three days, making it the fastest exploit announcement to worm outbreak to date. This emphasizes the absolute necessity to have technology in place that can protect against zero-day threats without a delay or updates.

About Prometheus Group
Prometheus Group is an established leader in security consulting, providing its clients with a valuable suite of products and services, to ensure the security of their networks and intellectual property. Providing strategic consulting, advisory services, training and implementation, our security professionals offer experience and expertise to identify potential vulnerabilities that face your organization and recommend effective long-term security measures. More information can be found at

About IP3, Inc.
IP3, Inc. is the leader in Intellectual Publishing, Sales and Distribution provides a full range of services targeted at assisting emerging and expanding technology companies including: strategic product guidance on modifying the IP product, educational marketing, technical training, product support, and channel development and management. More information can be found at

About ForeScout Technologies, Inc.
ForeScout’s network security platform combines network policy enforcement and access control, Intelligent Intrusion Preventionâ„?, and vulnerability assessment in an enterprise-class security appliance. ForeScout offers real-time automated protection against self-propagating malware and malicious hacker attacks for a defense-in-depth strategy that ensures network availability and business continuity. ForeScout’s customers include a wide range of Fortune 1000 corporations and government agencies. ForeScout’s headquarters are located in Cupertino, California. More information can be found at

Don't miss