Enterprise-wide Network Segmentation with Forescout eyeSegment

Editorial Type: Review Date: 01-2020 Views: 3,490 Tags: Security, Forescout Technologies, eyeSegment
Network segmentation is increasing in popularity, as it is proving to be a highly effective security strategy. Segmentation can reduce the attack surface presented by today's legacy flat networks, limit the impact of network intrusions and prevent lateral movement, if breaches occur

It isn't a project enterprises will take on lightly, though, as it requires an in-depth knowledge of the network environment and how each component or service interacts with others. Along with impact assessments, segmentation projects demand clear documentation that identifies traffic flows between users, applications and servers.

Forescout's eyeSegment product overcomes all these hurdles to accelerate enterprise-wide network segmentation. Delivered as a cloud service, eyeSegment provides segmentation intelligence using a combination of dynamic zone and flow contexts, and allows project teams to run policy simulations to see clearly what their impact will be before going live.

eyeSegment works hand in glove with Forescout's flagship eyeSight product, which provides total network visibility and sophisticated access controls. eyeSight discovers, classifies and assesses all network devices, using passive and active profiling techniques, while its 3-dimensional classification technology gathers high levels of device attributes.

By leveraging the information presented by eyeSight, eyeSegment automatically maps traffic flows across the network. It uses logical taxonomy groupings for users, services, devices and applications, and provides real-time monitoring of network traffic, allowing users to visualise all flows in context.

Deployed on-site as physical or virtual management appliances, Forescout uses packet engine and flow collectors to receive and analyse mirrored traffic data. The Cloud Uploader component compresses this data and securely sends it to the cloud for processing and analysis.

Further deployment is simplified, as the web portal presents a selection of wizards. These help to configure the Cloud Uploader, taxonomy zones, traffic sources and Forescout's secret weapon - the Matrix.

eyeSegment takes the communication patterns and network connectivity between policy groups and zones and dynamically maps them into the Matrix. Presented as a grid, the Matrix provides crystal-clear visualisations of traffic flows between the selected source/destination zones and uses colour-coded icons to show where policy violations have occurred.

The Matrix is highly informative and provides extensive filtering capabilities, so you can configure it to show only the types of traffic you are interested in. You can easily see source and destination zones that have all traffic allowed or denied between them and if, for example, you want to find out who is using telnet, just create a filter for this protocol and the Matrix will show you precisely which business groups are using it.

Policies contain rule sets for traffic between source and destination zones, and are overlaid on the Matrix where you can easily see policy violations by enabling policy simulation mode.

This enables you to quickly identify potential risks before going live with segmentation enforcement controls.

eyeSegment works seamlessly with Forescout's eyeControl product, allowing enterprises to move from visibility to control. Segmentation controls can be fully automated and orchestrated through eyeControl across different enforcement technologies.

We were impressed with eyeSegment, as it shows clearly how everything on your network is interacting together and presents its findings in the smart Matrix view. With Forescout's eyeSegment and a single business policy layer, which extends across the entire environment, enterprises can tighten security and confidently implement segmentation across their entire network.

Product: eyeSegment
Supplier: Forescout Technologies
Telephone: +1 408 213 3191
Website: www.forescout.com