Network access control vendor ForeScout Technologies Inc. announced a new publish-and-subscribe framework that will allow third-party security platforms to share security intelligence and enforce policy through the company's product.
ForeScout ControlFabric uses a number of interface technologies, including LDAP, SYSLOG, SQL and a Web services application programming interface to integrate with other security technologies. The ControlFabric Integration Module is available now with integrations into a variety of mobile device management, security information and event management, advanced threat protection, endpoint protection, and vulnerability assessment products. The module requires an additional license, which starts at $560.
"There is a race to this publish-and-subscribe middleware for security," said Jon Oltsik, senior principal analyst for Milford, Mass.-based Enterprise Strategy Group. "The way it used to be, two companies would get developers together and figure out how to talk to each other. It was a one-off thing. Maybe you could do something from ForeScout to Airwatch, but it was only as powerful as the developers made it. [Customers] would say, 'It would be great if I could see this kind of information or write to my own policy.' This gives them a standard way to publish information, and once it's published, theoretically, you can manipulate it any way you want."
ControlFabric can help make security products more responsive to changes on the network. For instance, a system that periodically scans hosts can receive instructions to immediately scan a new device.
"If a new [device] comes on the network and the vulnerability scanner doesn't know it exists, we can tell the scanner to start scanning that system now. We've eliminated that gap of periodic scanning," said Scott Gordon, chief marketing officer for Campbell, Calif.-based ForeScout.
ControlFabric is based on the concept of "neural networks" where ForeScout lies as the center of the collective security intelligence network, said Ken Pfeil, global security officer for Boston-based Pioneer Investments Inc. and a ForeScout customer.
"It provides you with an active defense model rather than a reactive one. Traditionally as an industry we've been using a lot of different point solutions with a lot of different management and care and feeding of those various systems. All those systems have their pros and cons, but ControlFabric ties all the pros together," Pfeil said.
According to Pfeil, ControlFabric will have an immediate impact on his deployment of Bromium Labs' vSentry, an anti-malware system that will now integrate with ForeScout.
More on the evolution of network access control
NAC offers contextual security
Comparing the mobility capabilities of NAC vendors
How scary is BYOD?
Bromium protects PCs that run an Intel i3 Processor or better, but only half of Pioneers' systems meet that requirement, Pfeil said. "We're hoping ForeScout can use those protected devices as an early warning for the rest of the [device] population," he said.
"I'd say it's a subset of what Cisco wants to do," Oltsik said. "Cisco's ambition is bigger because there are more ways to enforce policy using their infrastructure. For instance, [with pxGrid] you may be able to tie a particular anomaly detection to an immediate ACL generation on switches across the infrastructure."
Oltsik added that pxGrid is more of a future strategy for Cisco, whereas ForeScout's ControlFabric is available now.
ForeScout also argued that Cisco's approach with PXGrid and ISE is only for Cisco infrastructures.
"Ours is a completely vendor-agnostic approach," Gordon said. "It uses standards to allow everyone to integrate -- not just ISVs [independent software vendors]. And as a platform, our solution has pre-connection and post-connection intelligence. It doesn't rely on 802.1x [like Cisco ISE]."