ForeScout Technologies Inc. has integrated its CounterACT network access control (NAC) technology with ESM, a security information and event management (SIEM) system from ArcSight LLC (an HP company.) The integration means ForeScout channel partners may find doors opening for them into ArcSight accounts.
NAC and SIEM
integration
Using ArcSight’s Model Import Connector, ForeScout CounterACT will send endpoint
configuration and security posture data, as well as security violations and event log details, to
ArcSight ESM.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
Demonstrating its integration with ArcSight is important because of how popular and prevalent ArcSight is in the SIEM market.
Andrew Hay
The 451 Group
According to Sam Davis, vice president of business development at Cupertino Calif.-based Forescout, CounterACT data can be used by the ArcSight SIEM platform to help security pros correlate the data with attack information and identify systems in need of urgent care. “Our joint customers have been asking for this complete loop, because the asset information we’re providing is very valuable,” Davis said.
“There’s been a long-standing debate about SIEM over whether you really need actionability, or just reporting,” said Rob Ayoub, global program director for research firm Frost & Sullivan. Ayoub believes mid-tier customers in particular want to move beyond simply receiving security data and have policy-based actions occur automatically.
That’s exactly what ForeScout does, according to Scott Gordon, vice president of global marketing at ForeScout. “ForeScout has unique integration with HP ArcSight,” Gordon claimed, noting the policy-based rules and action options in ArcSight can communicate with ForeScout to take action, such as isolating the endpoint under attack.
ForeScout demonstrated the integrated offering at the HP Protect 2011 Conference, held in Washington D.C. earlier this week.
Opportunity for channel partners
Gordon said the technology alliance will enable solution providers who are channel partners of
both ForeScout and ArcSight to offer integration modules and related services to their
customers.
Our joint customers have been asking for this complete loop, because the asset information we’re providing is very valuable.
Sam Davis
ForeScout Technologies, Inc.
“This is definitely a feather in the cap for ForeScout,” said Andrew Hay, senior analyst for research firm The 451 Group. “Demonstrating its integration with ArcSight is important because of how popular and prevalent ArcSight is in the SIEM market.”
Hay believes the integration with ArcSight is good news for current ForeScout channel partners. “If an ArcSight customer is looking at a NAC product down the road, now they may decide to look at ForeScout,” he said.
“There’s some great upsell potential for the channel with this integration,” Ayoub said. He noted ForeScout has a good reputation in the NAC market, which should help open doors for ForeScout partners into ArcSight accounts.
Currently, ForeScout has more than 100 channel partners, while HP ArcSight has approximately 200 channel partners, worldwide.
NAC market conditions
Some industry analysts have reported the demise of the NAC market. In the report, The
Forrester Wave: Network Access Control Q2 2011, John Kindervag, principal analyst for Forrester
Research Inc. stated, “Forrester believes that the market for standalone NAC offerings .… will
likely phase out in the next five years. ...The number of vendors offering standalone NAC solutions
is shrinking, and those that are left, vendors such as ForeScout and Bradford Networks, are working
to ensure that their appliances are part of an extended solution that offers more than just
NAC.”
Similar to the ForeScout technology alliance with ArcSight, other NAC vendors have sought to align themselves with the most widely installed SIEM platforms. Cisco Systems Inc.’s NAC appliance can be integrated with Q1Labs QRadar, and Juniper Networks Inc. Unified Access Control integrates with RSA EnVision.
“ForeScout is still standing in what has been a very difficult market,” Frost & Sullivan’s Ayoub said, referring to the NAC market. “That in itself is a strength for its partners.”