Forescout Technologies, a leader in device visibility and control, has announced that it is transforming enterprise-wide network segmentation with the launch of a new cloud-based offering.
Forescout eyeSegment will help organisations accelerate network segmentation projects, driven by the need to secure critical applications, mitigate increased exposure due to IoT devices and limit the lateral movement and blast radius of threats across flat networks.
“The demands on today’s security organisations are greater than ever before. Attackers are proving again and again their ability to take advantage of the dissolving network perimeter and move unrestricted across company networks,” said Michael DeCesare, CEO and president, Forescout Technologies.
“EyeSegment puts the security teams back in control. Understanding what is on the network is in our DNA and we are now using that visibility-first approach to give our customers the edge against attackers with true, enterprise-wide network segmentation.”
Forescout eyeSegment allows organisations to define and implement holistic network segmentation to secure the increasingly complex and interconnected enterprise network across campus, data centre, cloud and OT.
Available now, eyeSegment provides the following capabilities:
- Translate every IP-connected entity into context and groups: eyeSegmentbuilds on Forescout eyeSight’s ability to automatically translate every IP-connected entity into a logical taxonomy of users, devices, applications and services. Additional context from third-party systems, such as vulnerability and compliance information, can be integrated to this taxonomy to enable a customer to define policy in business terms and drive device segmentation decisions across the entire enterprise. This capability closes the gap between infrastructure controls and business segmentation policy.
- Visualise device communication and behaviour: eyeSegment then marries traffic flows to how these entities are communicating across all networks from campus, data centre, cloud and OT in business terms. Frequent baseline communication can be used to create a segmentation policy. This accelerates segmentation design planning based on in-depth understanding of traffic flow baselines and anomalies.
- Design and visualise policies and gauge impact: Customers can proactively design, fine-tune and simulate policies before enforcing segmentation controls. This allows organisations to determine how specific policies would impact the rest of their network from a single policy layer before implementing the controls to understand overall business efficacy.
- Monitor and automatically respond to policy violations: eyeSegment allows customers to centrally monitor traffic flows between segmentation zones, validate Zero Trust controls and automatically react to policy violations with restrictive controls, alerting and/or logging. This approach allows customers to implement enterprise-wide segmentation policies quickly and only target violations which eliminates disruption.
- Orchestrate heterogenous enforcement solutions: Combined with eyeControl and eyeExtend, eyeSegment can orchestrate policy-based control actions across multiple segmentation enforcement points, such as next-generation firewalls, wired and wireless network infrastructure, software defined networking and cloud infrastructure, as well as agent-based segmentation technologies. This allows customers to choose best of breed options across their enterprise to carry out restrictive enforcement
