ForeScout, Splunk Partner on Endpoint Visibility, Security

The app is designed to help business use and create a variety of operational dashboards and reports, which take advantage of Splunk Enterprise.

Network security solutions specialist ForeScout Technologies and operational intelligence software developer Splunk announced a technology partnership combining ForeScout's dynamic endpoint visibility, access and security capabilities with Splunk Enterprise's advanced machine data analytics expertise.

ForeScout CounterACT helps organizations gain visibility for devices, users, systems and applications attempting to connect to or on an enterprise network, whether wired or wireless, managed or unmanaged, PC or mobile. Devices are dynamically discovered, classified, profiled and assessed without requiring agents.

In conjunction with the partnership, ForeScout has made available bi-directional integration between the company’s CounterACT and Splunk Enterprise and the ForeScout App for Splunk Enterprise. The ForeScout App for Splunk Enterprise is available on Splunk Apps, and ForeScout integration with Splunk is performed through syslog, CEF (Common Event Format) and Web API (Application Programming Interface) standards.

The app is designed to help business use and create a variety of operational dashboards and reports, which take advantage of Splunk Enterprise to analyze, visualize and store volumes of identity, device, application, access and violation data generated by ForeScout CounterACT. Splunk can be configured to send triggered event data to ForeScout CounterACT in order to remediate endpoint security issues, isolate breached systems or trigger other policy-based controls.

"IT organizations are challenged with enormous visibility and control gaps given increased network complexity, BYOD proliferation and the velocity of sophisticated threats. Users not only want greater operational intelligence, but they also want the means to efficiently analyze data and effectuate policy," Scott Gordon, chief marketing officer at ForeScout, said in a statement. "A combined approach with ForeScout and Splunk gives the best of both worlds to solve a broad range of security issues."

CounterACT applies policy-based controls to allow, limit or block access, manage guests and BYOD users, monitor and enforce endpoint compliance and mitigate violations and exposures. Captured information, as well as event logs, can be sent to Splunk Enterprise for data analysis, reporting and optimized retention. In addition, operators can enable Splunk Enterprise to communicate with CounterACT to directly mitigate security issues.

"In today's threat landscape, all data is security relevant and requires a solution that delivers real-time insights. ForeScout CounterACT provides visibility to network and endpoint activity that our customers can use to augment their Splunk analytics in order to monitor for critical security issues and expedite investigations," Bill Gaylord, senior vice president of business development at Splunk, said in a statement. "Leveraging the interoperability of Splunk Enterprise and ForeScout not only helps expand the surface area for customers to more rapidly and confidently identify problems but also automates controls to directly mitigate threats."