We’re living in a new world, Sandeep Kumar was saying. He rattled off a list: IoT, OT, medical devices. “Devices are now the new users,” he said.
With their workforces remote, companies are grappling with security challenges beyond workers and their laptops, he continued. There are all of those “connected things” to consider. Take your smart TV. If it’s connected to your home network alongside company issued laptops, how does that impact the company’s security posture?
These are the issues Kumar’s company is also focused on. Forescout Technologies, founded in 2000 and headquartered in San Jose, is all about device visibility and control these days. As companies’ attack surfaces have expanded exponentially, it’s about risk management.
No company can protect itself against all dangers. They need to start by asking, “Where are the greatest risks?” And it’s not just with your corporate-issued laptops and managed endpoints, Kumar said.
The game has changed. As digital transformation accelerates, agent-based security isn’t viable for IoT and smart devices connecting to enterprise networks. Forescout saw devices multiplying and companies looking to automate device visibility and control, and it pivoted that way. It doesn’t matter what or where the device is. It can be on campus, cloud or edge networks. Essentially, Forescout wants to secure your “enterprise of connected things.”
Kumar trotted out statistics to illustrate what he was talking about. By 2023, the average chief information officer will be responsible for more than three times the endpoints he or she manages now. By next year, 70 percent of operational technology will be managed by the CIO or the chief information security officer, up from 35 percent today. Also by next year, 70 percent of large enterprises will embrace security automation and orchestration capabilities. In 2018, only 5 percent did.
What’s behind this, of course, is the explosion of devices, the interconnectedness of those devices, and the need for companies to automate compliance. Gone are the days when SOCs can sift through alerts raised by all their security tools. SOC analysts wind up investigating mundanities and missing important stuff. Automating the most common tasks saves time and money, and enables security analysts to focus on mitigating more important issues. And this can be particularly important to law firms, because typically they have fewer tech resources than many businesses, and can benefit greatly from automation.
Forescout’s flexible platform starts with an inventory of devices to produce your unified device directory, Kumar said. “Until you know what’s on your network, you can’t apply the appropriate policies.” Once you do, you can assess compliance and identify risk indicators—and then enforce controls to mitigate and resolve issues.
There are two particular areas companies are focusing on. The first is identity-based segmentation, which Kumar explained by using an analogy. IoT devices can expose other IT and IoT devices to risks and threats if they’re all communicating on the same network. But they can co-exist with minimal risk, like the animals at a zoo—as long as they’re not allowed to wander into each other’s territory. If they’re segmented in enclosures with similar animals, they’re in their safe zones and cannot harm others. It’s the same with IoT devices, he said. When they’re steered by engagement rules, they can be zoned to interact only with certain devices and users. That’s a big new area of security.
The other area is continuous monitoring and mitigation—increasingly important for IoT and OT devices. Unlike user-oriented devices that come and go on the network and connect in various ways and locations, these smart devices stay connected for long periods of time—often their entire lifecycle. Focusing on authentication at the time of connection or periodic scanning—as is done for user laptops—is simply not sufficient. The risks to a company change from minute to minute, second to second. What if a device gets spoofed by an impersonator, a new vulnerability is disclosed or a device is communicating inappropriately on the network, suggesting a compromise or misconfiguration? Continuous monitoring is key. Quick action is necessary to mitigate any issues.
Legacy network access control used to be black and white, Kumar continued. If a device wasn’t compliant, it was off the network. But these days, companies need flexibility to balance business risk and business continuity. Especially with digital transformation and remote workforces that are leveraging a whole new range of devices, and communicating across hyper-connected networks. Companies want to be able to identify and control which devices can be on the network, but they also need to be able to regulate what the devices can do.
Forescout’s platform makes it all possible. Controls can be policy-based, Kumar said, and can allow businesses to mitigate what the platform finds by taking appropriate action. Say a user is noncompliant because he’s running a Microsoft program that hasn’t been updated. The platform can be set to walk the user through resolving that. Or suppose a critical function is out of compliance—and a deadline looms? What can be done? The platform can apply a compensating control that isolates and restricts access for the noncompliant device, Kumar said.
Law firms should have a special interest in these solutions, Kumar added. Segmentation and isolation can be crucial ways to protect a law firm’s clients and their data. Few things are more important to a firm than that.