Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Innovation
    • Innovation
    • Networking

    How Forescout eyeSegment Brings Order to Complex Networks

    By
    Frank J. Ohlhorst
    -
    February 29, 2020
    Share
    Facebook
    Twitter
    Linkedin
      Forescout-1

      Network complexity is becoming one of the primary reasons for failure in the enterprise. After all, the more complex a network is, the more likely that there are blind spots, which often are only discovered in investigations appear after things have already gone awry in costly incidents leading to disruption.

      Today’s network managers are constantly adapting to change driven by concepts such as digital transformation, cloud-based initiatives, compliance requirements, cybersecurity challenges and much more. That constant cacophony of change results in network managers no longer having the intimate knowledge of both their networks and the traffic flowing between devices necessary to keep things running smoothly and securely.

      San Jose, Calif.-based Forescout is aiming to remove the angst of network management by providing a platform that brings full visibility to the network, regardless of how complex or distributed that network may be. The company recently extended its platform-based offerings with the eyeSegment product, a solution delivering the capability to segment networks using powerful context-aware policies.

      EyeSegment’s key features include not only full discovery of all connected devices but the ability to rapidly improve network segmentation by grouping similar and related devices together according to organizations’ business operations and unique environments. Instead of having to start with tedious granular information like IP addresses, eyeSegment first aims to give security and network managers a logical top-down view of connected devices’ location, relationships and traffic. This helps orchestrate and maintain required segmentation controls that eliminate needless attack surfaces and prove compliance with regulatory measures.

      EyeSegment solves many of the problems associated with highly dynamic environments and can bring forth actionable insight for extended network environments when paired with Forescout’s eyeSight product. The combination of eyeSight and eyeSegment brings a one-two punch to solving the challenges of discovery and segmentation into an easy to use, unified visibility and control platform. 

      A Closer Look at eyeSight and eyeSegment

      EyeSight uses a platform-based approach that incorporates some unique capabilities. The platform’s power comes from its ability to discover and classify any IP device that connects to the network. Simply put, any time a device with an IP address connects to the network; eyeSight becomes aware of that device and can assess that device. What’s more, this device discovery is agentless, meaning that software agents do not have to be installed on the connecting device.

      EyeSight is also able to quickly classify the device and detect if it is a physical device, a virtual device, or even an IoT device. Discovery is a key process for network managers looking to continuously discover, assess and classify the network and its connected devices, and it is a prerequisite for dynamically segmenting the network.

      The platform’s discovery engine gives network managers 100% visibility into the network and accounts for any IP connected device, even if that device is connected across the cloud or via mobile network, or even as a virtual device. eyeSight accomplishes that bit of wizardry by using a combination of techniques to discover devices.

      Combination of components power the solution

      EyeSight can use a combination of SNMP traps, SPAN traffic detection, Flow analysis, DHCP requests, HTTP user-agents, TCP fingerprinting, protocol parsing and RADIUS requests to passively detect what is connecting to the network. The platform also can passively inspect connected endpoints using capabilities such as network infrastructure polling, SDN integration, integration with public and private clouds, as well as use queries to LDAP, REST and SQL databases.

      It is that comprehensive discovery and classification that makes it possible to segment enterprise-wide networks. Many IT managers have come to the conclusion that enterprise-wide networks must be segmented to reduce the attack surface and bring order to the chaos of network communications. eyeSegment supports that process with a policy-based approach, where context can be used to define segments that meet user needs, while also embracing a Zero Trust framework to protect networks from lateral attacks.

      EyeSegment works hand in hand with Forescout’s other platform related products, such as eyeSight, eyeControl and eyeExtend to create a holistic approach to managing complex and orchestrating controls across dynamic network environments. eyeSegment is specifically focused on improving segmentation hygiene by using a combination of administrator defined policies, coupled with continuous monitoring.

      EyeSegment automatically maps network traffic flows and creates a visual paradigm that administrators can use to monitor the interaction details of users, applications, services and devices across an enterprise network. It’s also worth mentioning that eyeSegment is able to gather that intelligence without the need to deploy agents. The gathered network intelligence can be translated into logical business segmentation policies, which grant granular control to administrators looking to get a better, and more secure, handle on network operations.

      Automates access controls for administrators

      Policy-based control lends itself well to numerous use cases. Take, for example, a business that has a particular operations department, such as inventory control, that needs to access applications across multiple internal and external domains. Inventory control personnel may need to access certain accounting applications, supply chain management applications, sales applications and so forth. Without eyeSegment, an administrator would have to manually define access controls on an individual basis.

      eyeSegment eliminates that tedious task by helping an administrator to better understand the goals of the department and then create a policy that can dynamically deliver on the connectivity needed so that department members can access only what they need to access.

      What’s more, eyeSegment offers the ability to simulate the impact policies have, before they are deployed. That brings additional confidence to the dynamic definition of network segments by providing a method to test policy changes before they are deployed into a live enterprise network. The product uses a “single-pane of glass” view, which helps reduce learning curves while exposing the most critical information on the primary management console. The product’s dashboard provides real-time monitoring and makes it easy to spot potential problems and mitigate those problems as quickly as possible.

      Traffic flow visualization, along with policy visualization provides administrators with instant insight into dependencies, services, and validation on active segments. The gathered data can be correlated into reports and other analytics systems to garner additional insights if needed.

      eyeSegment offers numerous other benefits that can improve both security and reliability of network segments. Administrators can define policies that protect business critical applications and ensure that the proper access controls are in place. What’s more, eyeSegment continuously monitors activity to ensure that protections provided by policies never lapse. That level of protection can extend down to users as well, meaning that policies enforce what users can and cannot access.

      Builds policies that can be replicated

      Policies can also be created to limit access to critical network resources, granting another layer of protection for sensitive network devices, workloads and domains. In short, administrators can build a policy that only allows administrators to access switches, firewalls, active directory, LDAP and domain controls. The product also helps to bring emerging technologies under control, such as Internet of Things (IoT) and Operational Technology (OT) devices by allowing administrators to build isolated segments for those devices, effectively separating those devices from the rest of the enterprise network.

      EyeSegment brings a great deal of value to the network segmentation challenge. The product offers a clean way to create dynamic policies that can defend critical resources, protect applications, and ultimately reduce the attack surface of the network. What’s more, the intuitive dashboards and connectivity matrix help to minimize the chaos of complex networks using visual paradigms and intuitive management consoles.

      Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

      Frank J. Ohlhorst
      Frank Ohlhorst is an award-winning technology journalist and IT industry analyst, with extensive experience as a business consultant, editor, author, and blogger. Frank works with both technology startups and established technology ventures, helping them to build channel programs, launch products, validate product quality, create marketing materials, author case studies, eBooks and white papers.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×