Gain real-time visibility and automated response with Vectra and Forescout
- Automate network defense. Combine behavior-based threat detection with real-time enforcement.
- Empower security analysts. Respond to threats using simple event tags.
- Trigger different network actions. Take action based on type of threat, risk and certainty.
- Enforce device compliance. Automate remediation and response for noncompliant devices.
Why integrate Forescout with Vectra AI?
As the scale and sophistication of network threats continue to increase, businesses need greater visibility into threats as well as the devices and accounts in their network. To respond effectively against these cyberattacks, a modern security approach must be built on automated, actionable intelligence that can be easily shared between systems.
Forescout and Vectra work together to provide inside-the-network threat detection and response as a critical layer of defense in today’s security infrastructure.
The Forescout platform delivers absolute real-time visibility and control of all the diverse types of devices connected to the enterprise network.
The Vectra network detection and response platform constantly analyzes network traffic to reveal all phases of an active cyberattack. The Vectra platform surfaces threat behaviors including hidden command and control (C&C) communications, internal reconnaissance, lateral movement, botnet fraud, ransomware and data exfiltration.
Vectra scores and ranks network hosts by risk. To enable faster investigation and response, all malicious behaviors are automatically associated to the physical network host, even if the IP address changes.
Automate defenses based on risk with Vectra AI and Forescout
When Vectra identifies an infected device, its IP address and threat certainty are pushed to Forescout.
The integration then enables automated remediation actions including dynamic segmentation, quarantining infected devices, blocking communication with a C&C server, and preventing data exfiltration across all device types and network tiers.
Forescout can be configured to take action based on risk scores. For example, a low-risk score could merit segmenting a host to an inspection VLAN with restricted access for further monitoring and investigation.
A higher risk score could trigger an automated quarantine, cutting off all communication to avoid attacker lateral movement and data exfiltration.
Forescout device visibility and control platform enables automated response to quarantine infected devices and block communication with a C&C server. This integration provides a foundation that secures against the broadest spectrum of threats.
Automated remediation actions could follow or trigger orchestration events like patch management through other system integrations with Forescout. Once all vulnerabilities are addressed, the device could be automatically allowed back onto the network per policy.
A new class of defense
With this joint solution, Vectra and Forescout have created anew class of defense. By combining data science and machine learning, Vectra provides the fastest, most efficient way to find and stop attackers once they are inside a network.
Additional resources
Vectra AI's User-Centric Approach to Delivering Advanced Attack Signal Intelligence
Discover how Vectra AI, through user feedback, has improved its scoring model and user interface to provide more effective threat prioritization.
Blue Team Workshop: Become a Master Threat Hunter
Learn how to detect and respond to attacks in a simulated enterprise environment. An opportunity to sharpen your threat analysis, hunting and defending skills.
The AI Behind Vectra AI
Not all AI is the same, learn Vectra’s multi-patented data science approach to surfacing the most sophisticated and evasive threats with a unique balance of human and artificial intelligence.
