ForeScout and FireEye team for APT mitigation

ForeScout and FireEye announced an integrated approach to dynamically mitigate APTs and zero-day attacks.

According to FireEye’s 2H2012 Advanced Threat Report, on average, a malware event occurs at a single organisation once every three minutes, and the number of infections per company has nearly quadrupled since last year. This activity can include the receipt of a malicious email, a user clicking a link on an infected website, or an infected machine making a callback to a command and control server.

In many cases, the malware is so new or has morphed to such an extent that conventional signature-based protection is unavailable, which is called a “zero-day attack.” Worse yet, the host-based defenses that should be on every system connecting to a corporate network are in many cases outdated, corrupt or non-existent. By the time an organization discovers an insecure system or an advanced threat, the damage is already done, and the cost to investigate issues and remediate systems is high.

Companies can reduce their vulnerability footprint and avoid unplanned operating expenditures by assuring endpoint compliance, identifying advanced threats and isolating affected systems and malware connectivity.

“FireEye’s goal is to enable companies to advance their security strategies while helping them to stop modern malware and attack methods, such as zero-day attacks and APT. To accomplish this requires that organisations further coordinate their defences,” said Tim Mather, CSO at FireEye.

Together ForeScout CounterACT and the FireEye platforms offer enterprises:

Automated breach response in real time – Take decisive and automated actions for any compromised devices on your network. When FireEye MPS determines that an endpoint may have been compromised, it can prevent data exfiltration and notify ForeScout CounterACT to quarantine the endpoint and optionally initiate remediation based on device type, location, severity and other policy elements.

Real-time visibility – Readily gain operating and security details of all devices on your network, including unauthorized devices, BYOD devices, those with configuration violations and those that have been breached.

Endpoint security assurance – Reduce enterprise risk by ensuring that endpoints have complete, updated and active defenses according to policy. ForeScout CounterACT works without requiring agents to provide find and fix security gaps on both systems you own and those you do not.

Flexible, policy enforcement – FireEye MPS leverages ForeScout CounterACT’s mechanisms to enforce security policies using ACL, Firewall, WLAN and VLAN assignment and unique ForeScout Virtual Firewall technology to isolate all or specified endpoint communications.

Layered defense for advanced threats – FireEye MPS real-time protection stops APTs regardless of whether they are incoming, propagating or actively exfiltrating data. As part of a layered defence, FireEye MSP complements ForeScout’s ActiveResponse technology within ForeScout CounterACT that blocks attack behavior.