Detect and Secure IoT and Rogue Devices, While Satisfying NIST RMF Security Requirements

We all know that the Internet of Things (IoT) is here. But IT professionals responsible for enterprise communications networks aren’t exactly sure where IoT resides on their networks or whether these devices are secured. Rogue devices are everywhere (although not all are out to steal the blueprints to the Death Star) but according to a survey sponsored by ForeScout Technologies, only 30% are confident that they know what IoT devices are on their network. While only 44% had a known security policy for IoT.

These are particularly problematic findings for the public sector where regulations such as the NIST Risk Management Framework (RMF) requires that federal systems categorized as High, Medium or Low with Confidentiality, Integrity and Availability, implement and assess security controls to protect operation functions and secure the confidentiality of unclassified systems.

The problem is that many agencies are unable to enforce cybersecurity policies across the enterprise. The reason for this is that devices that lack required security agents, such as IoT, come and go from the network at will and are largely undetected by periodic, point-in-time vulnerability scans. This kind of gap in security policy enforcement puts the entire network in jeopardy.

The good news is that it’s possible to enforce a unified network security policy to address RMF’s requirements. The ForeScout CounterACT security platform provides agency administrators with the critical ability to detect and monitor IP-addressed endpoints on the network, including unmanaged, IoT and rogue devices, without requiring software agents or previous device knowledge. It also enforces access policies across the network hierarchy, from switches to access and distribution layers.

CounterACT also gives control. You can allow, deny or limit network access based on device posture and security policies. Automate security and compliance policy enforcement and reduce the time to identify and resolve incidents while allowing security operations to be more efficient, effective and proactive.

It also helps agencies orchestrate and automate their system-wide threat response by enabling the sharing of real-time security intelligence across more than 70 network, security, mobility and IT management products.

By helping enforce NIST fundamental controls, CounterACT also helps federal organizations keep in line with FISMA requirements. Logically, ForeScout can support most federal, state and local security requirements by utilizing the base NIST security guidance for their network architectures.

Learn more about addressing NIST security controls with ForeScout.