Forescout monitors assets on an on-going basis to ensure that they are in a compliant state. If their posture changes to non-compliance, remediations can occur automatically. Repeat offenders can also flagged for additional attention.
System alerts can be created based-on all sorts of dynamic conditions and actions can be automated. Contextual data gathered by the products native integrations can be upleveled to SIEMs, SOARs, and other products to enrich threat hunting products and practices.
Forescout eyeSight can leverage our strong and robust integration capabilities to greatly assist with the control of malicious code protection. The product has an understanding of who is logged in to information systems at the time that incidents occur. This context can be reported on or pushed into third-party systems to identify patterns.
Scans can be done to monitor for known malicious file hashes or file names/locations. In addition, the product integrates with third-party EDR systems to ensure they are running and updated properly on information systems. If they detect malicious files, the product can take action.
Forescout eyeSight is able to agentlessly monitor information systems in real time. Forescout helps identify behavior that may indicate Indicators of potential attacks. Forescout eyeSight can help ensure ingress and egress communications are monitored for anomalous behavior depending on policies. You can not only monitor endpoint behavior on the network but control user and devices actions while connected to the network to limit only the minimum access required to perform their functions in real time.
Policies can be created to detect deviations from known good states of an asset. This includes monitoring processes, services, applications, files, or network communications for any occurences that aren't acceptable. The product comes with hundreds of policy conditions that can be used to identify unauthorized usage of organizational systems. Combine that with the boolean nature of the policy engine and thousands of combinations can be created to alert or take action when unauthorized use occurs.