Forescout Addresses SecOps Challenges with XDR

Forescout Technologies Inc., a leader in automated cybersecurity, unveiled Forescout XDR, to help enterprises detect, investigate and respond to the broadest range of advanced threats, across the extended enterprise.

A typical SOC is flooded with 450 alerts per hour, and analysts waste time trying to correlate low-fidelity alerts and chasing false positives, often at the expense of focusing on legitimate attacks. Until now, a security operations center’s (SOC) field of view for threat detection and response has excluded critical devices that are common points of attack, including operational technology (OT), industrial control systems (ICS), building management systems (BMS) and medical and IoT devices. In addition, the technology stack that SecOps teams have relied on has made it difficult to respond to these threats in a rapid and comprehensive manner.

“The true value of an XDR solution lies in its ability to ingest telemetry and data from across the entire enterprise: cloud, campus, remote and datacenter environments, and every managed and unmanaged connected device. This is what the X in XDR is all about, after all,” said Justin Foster, CTO, Forescout. “Traditional XDR products lack this capability, or they only leverage data from the vendor’s own EDR or a few other security tools. This significantly limits the flexibility, scalability and effectiveness that an XDR solution must provide.”

Through the advanced application of data science and automation, Forescout XDR generates one high-fidelity alert that warrants analyst investigation, from every 50 million logs ingested, per hour. Because Forescout XDR is vendor – and EDR – agnostic, this ingestion includes data from more than 170 security, infrastructure, application, cloud/SaaS and enrichment sources, and dozens of vendors. And with more than 70 sources of threat intelligence and 1,500 verified detection rules and models, and data onboarding included, Forescout XDR customers can be operational within hours, actively detecting, investigating and responding to threats.

Seamless integration with Forescout’s network access control solution helps ensure that customers can:

  1. Reduce the attack surface, and the risk of an attack in the first place, by preventing compromised or non-compliant devices from connecting to their networks. This proactive approach to XDR further elevates the effectiveness and performance of a modern SOC.
  2. Automate response workflows that can immediately touch every managed and unmanaged connected device, across the enterprise. This reduces an attack’s blast radius in real-time, allowing proper mitigation or remediation measures to be completed.

Because Forescout XDR has a multi-tenant architecture and supports local data storage while also being able to provide an aggregated global view of threats and SOC performance, it is ideally suited to large enterprises, multi-nationals, organizations with regional SOCs and managed security service providers (MSSPs).

SaaS licensing is based on the total number of endpoints in the enterprise. As such, customers have the flexibility to leverage the data sources needed to fully support the use cases important to them, and help ensure better detection, without concern for escalating or fluctuating costs associated with cloud log storage.