Forescout joins MISA, integrates with Microsoft Sentinel to offer automated threat management

Cybersecurity vendor Forescout announced Tuesday integrations with Microsoft Sentinel as part of a broader initiative to support the Microsoft Security portfolio. These integrations will deliver real-time visibility, threat management, and incident response across the extended enterprise: campus, data center, remote workers, cloud, mobile, IoT, OT (operational technology) and IoMT (Internet of Medical Things) endpoints. 

“We’re proud to join the Microsoft Intelligent Security Association (MISA) through our integration with Microsoft Sentinel, to provide customers with a comprehensive and holistic approach to cybersecurity,” Barry Mainz, CEO of Forescout, said in a media statement. “With this integration, Forescout helps security teams more deeply understand the risks within their network, helps mitigate cyber-attacks, and most crucially, helps them respond rapidly and accurately if one does occur.” 

“Microsoft Sentinel brings together data, intelligent analytics, and workflows to unify and accelerate threat detection and response across the enterprise,” said Rob Lefferts, Microsoft’s corporate vice president for modern protection and SOC. “With Microsoft Sentinel Content hub customers gain access to robust built-in and partner published content and solutions with the click of a button. We are thrilled to collaborate with partners like Forescout, to develop valuable and innovative content for our users.”

The benefits of the Forescout integration with Microsoft include:

• Faster mean time to respond (MTTR): Enables orchestration of host-based remediation through Microsoft Defender, via integrations with Microsoft Sentinel along with network-based response using Forescout, to accelerate mean-time-to-respond for the SOC.
• Comprehensive, real-time asset discovery and inventory: Provides a holistic 360-degree view of their enterprise environment. This includes valuable device context such as logical and physical network location, risk exposure, device identity, and taxonomy.
• Asset Lifecycle Management: Automatically assess posture and enforce compliance, identify known vulnerabilities and indicators of compromise, quarantine at-risk devices, remediate problems, and allow endpoints back onto the network with appropriate network segmentation policies, all enforced from a single platform. An ideal set of capabilities to supplement ‘comply to connect’ initiatives with a proven ability to never lose asset context at any stage of the process.
• Attack Surface and Automated Threat Management: Real-time risk assessment and remediation of endpoint posture to harden devices, segmentation policies to enforce least-privilege network connectivity, automated detection and quarantine controls that together enable a true zero trust architecture.

The statement recognizes that Forescout helps enterprises continuously identify and classify every connected asset type – IT, OT, IoT and IoMT, managed, unmanaged or un-agentable – and enable the automated enforcement of appropriate security and compliance measures to reduce risk.

The continued rise in severity, sophistication, and number of cyberattacks has shown that many organizations’ current disparate cybersecurity frameworks and tools are insufficient. Understaffed security operations centers (SOCs), a proliferation of unmanaged devices, and newly discovered and exploitable vulnerabilities on legacy systems compound and exacerbate the risk and likelihood of a breach. 

Furthermore, sophisticated adversaries are targeting increasingly complex, heterogeneous compute environments while security teams are inundated by false positives, and threats that get missed, aren’t properly prioritized, or aren’t responded to appropriately.

Microsoft’s Sentinel platform adds a crucial layer of automated intelligence by delivering an impactful and automated way to drastically improve the signal to noise ratio security teams are grappling with daily.

Forescout’s new comprehensive integration with Microsoft Sentinel along with long standing touch points to Microsoft’s broad enterprise suite of solutions provides joint customers with real-time device context, risk insights, and automated mitigation and remediation capabilities that will improve overall security response times to incidents and events. This enables customers to remove complexity from the incident response process by leveraging Forescout’s automation and AI (artificial intelligence) to make contextual decisions to improve security or mitigate a cyber-incident.

Earlier this month, Forescout unveiled its Risk and Exposure Management cloud-native product designed to collate all data sources associated with an enterprise’s connected assets. It also calculates a unique multifactor risk score for each asset offering a more intuitive and quantitative approach to risk prioritization.

Industrial Cyber News Desk

Industrial Cyber News Desk