ForeScout CounterACT for Mobile Security provides real-time visibility and control over smartphones, tablets and wireless devices on your network. With our solution, you can let users enjoy the productivity benefits of mobile computing devices while you keep your network safe from data loss and malicious threats.

The Challenge

Smartphones and tablet computers are in common use by mobile workers who want to use these devices for both personal and professional tasks. End users load personal applications on their devices, and prothen they try to connect these devices to your network. Some people call this phenomenon the “Consumerization of IT”. If you are responsible for security, you call it a nightmare.

Clearly, mobile computing devices enable greater productivity and business agility, but they also introduce security risk. Surveys indicate that IT managers are most concerned about the risk of data loss and infection by mobile malware.

If a user has corporate data on his mobile device, and then he loses that device (or sells it), the enterprise has just suffered a data loss incident. Depending on your local data privacy laws, your enterprise could be assessed with penalties.

Data loss caused by malicious applications is also a risk. When a user installs an app, he grants it certain privileges which may include access to his physical location, contact information, and other data. You can’t control what the app maker will do with this information.

For years, the concept of malware on mobile devices was mostly academic because malware did not exist for mobile devices. This has now changed:

• The Zeus Trojan is now present on Windows Mobile, Symbian and Blackberry devices*
• Over fifty malicious Android applications were discovered in the Android marketplace, each infected with DroidDream. **

None of this would be a problem if your enterprise were able to tightly control and manage all mobile devices that store your organization’s data. But those days are gone. The chaos is here. Employees, contractors and guests bring personal handheld devices into the workplace and try to connect them to your network. It is up to you to keep your network secure in the face of these mobile devices.

ForeScout’s Solution

As an IT security manager, you can choose what policy you want to enforce on your network. You may wish to prohibit employees using their consumer devices on your network, or you may wish to embrace the practice. By allowing employees to use mobile devices on your network, you can enable greater connectivity, data sharing, productivity and morale. Regardless of your policy, ForeScout CounterACT for Mobile Security can help you automatically enforce your security policies, saving time and enhancing security.

ForeScout CounterACT for mobile security offers an automated, extensible and scalable approach to apply security policy across a diverse array of corporate and personal mobile devices. Platforms that are currently supported include iPhone and iPad, Android, Windows Mobile, Blackberry, and Nokia Symbian.

*http://securosis.com/blog/network-security-in-the-age-of-any-computing-the-risks
* http://www.zdnet.com/blog/security/welcome-to-the-mobile-malware-mess-we-hope-you-enjoy-your-stay/8267
** http://www.pcmag.com/article2/0,2817,2381390,00.asp#
** http://www.networkworld.com/news/2011/030211-google-android-apps.html

ForeScout CounterACT for Mobile Security provides real-time visibility and control over smartphones, tablets and wireless devices on your network. For a complete list of product features, see our product page. At a high-level, these are the important features that you should look for in a product such as this:

Easy to deploy. Look for a product that:

• Works with your existing network infrastructure
• Is agentless. Products that require you to deploy agents to handheld devices are not only difficult to deploy, but they are inherently unable to deal in a sophisticated way with unmanaged personal wireless devices.
• Has few moving parts. The fewer appliances, servers, and software that you need to install and configure the better.

Wide range of enforcement actions. Look for a product that includes these characteristics:

• Monitor-mode which lets you detect (and report on) policy violations without taking action.
• Notifications which let you send emails or HTTP hijacks to endusers who violate policies
• Restrict traffic to certain portions of the network
• Block network access using a wide range of technologies such as 802.1x, SNMP, ACL management, TCP reset

Automated guest registration. Look for a product that identifies users trying to connect their wireless devices to your network and provides them an opportunity to request permission to use your network.

Post-connect monitoring. Look for a product that will monitor a handheld device after it has been admitted to the network, checking to ensure that it does not begin to behave in a threatening manner.

Improved productivity. ForeScout CounterACT for Mobile Security empowers workers to use mobile and wireless devices of choice for maximum productivity.

Improved visibility: ForeScout CounterACT for Mobile Security lets you see who has been on your network, which days, and where they were connecting.

Better security: ForeScout CounterACT for Mobile Security has three mechanisms to ensure that guests do not threaten the security of your network:

1. CounterACT limits guest access, preventing them from accessing sensitive resources
2. CounterACT can ensure that guest devices meet your security policies while they are connected to your network
3. CounterACT can continuously monitor guest systems to ensure that they do not attack your network.