Transforming Enterprise-Wide Network Segmentation
A new cloud-based offering from Forescout Technologies, Inc., promises to support critical application development by accelerating network segmentation projects used in mitigating exposure from IoT devices.
Forescout eyeSegment allows organisations to define and implement holistic network segmentation to secure the increasingly complex and interconnected enterprise network across campus, data centre, cloud and OT.
According to Forescout, the new platform empowers organisations with new capabilities, including:
Translating every IP-connected entity into context and groups – eyeSegment builds on Forescout eyeSight’s ability to automatically translate every IP-connected entity into a logical taxonomy of users, devices, applications and services. Additional context from third-party systems, such as vulnerability and compliance information, can be integrated to this taxonomy to enable a customer to define policy in business terms and drive device segmentation decisions across the entire enterprise. This capability closes the gap between infrastructure controls and business segmentation policy.
Visualising device communication and behaviour – eyeSegment then marries traffic flows to how these entities are communicating across all networks from campus, data centre, cloud and OT in business terms. Frequent baseline communication can be used to create a segmentation policy. This accelerates segmentation design planning based on in-depth understanding of traffic flow baselines and anomalies.
Designing and visualising policies and gauge impact – Customers can proactively design, fine-tune and simulate policies before enforcing segmentation controls. This allows organisations to determine how specific policies would impact the rest of their network from a single policy layer before implementing the controls to understand overall business efficacy.
Monitoring and automatically responding to policy violations – eyeSegment allows customers to centrally monitor traffic flows between segmentation zones, validate Zero Trust controls, and automatically react to policy violations with restrictive controls, alerting and/or logging. This approach allows customers to implement enterprise-wide segmentation policies quickly and only target violations which eliminates disruption.
Orchestrating heterogenous enforcement solutions – Combined with eyeControl and eyeExtend, eyeSegment can orchestrate policy-based control actions across multiple segmentation enforcement points, such as next-generation firewalls, wired and wireless network infrastructure, software defined networking and cloud infrastructure, as well as agent-based segmentation technologies. This allows customers to choose best of breed options across their enterprise to carry out restrictive enforcement.
Announcing eyeSegment’s launch, Michael DeCesare, Forescout Technologies’ CEO and President, said:
“The demands on today’s security organisations are greater than ever before. Attackers are proving again and again their ability to take advantage of the dissolving network perimeter and move unrestricted across company networks.
“EyeSegment puts the security teams back in control. Understanding what is on the network is in our DNA, and we are now using that visibility-first approach to give our customers the edge against attackers with true, enterprise-wide network segmentation.”
Anshul Sadana, chief operating officer at Arista Networks, added:
“Arista is leveraging our cloud networking principles to bring resiliency and automation to campus networks. The growth of IoT devices and proliferation of malware fundamentally impacts network operations, visibility and security in enterprise networks. The combination of Arista EOS® and CloudVision® for cognitive campus infrastructure and Forescout’s device visibility and policy control will enable joint customers to implement enterprise-wide segmentation and fine-grained device control.”
Nikhil Kelshikar, vice president of NSX product management for VMware, commented:
“VMware NSX micro-segmentation policies lock down critical applications to achieve Zero Trust level security in private and public cloud environments. We are excited about Forescout eyeSegment’s ability to dynamically group heterogeneous devices by business context and accelerate segmentation policy creation based on in-depth visibility of traffic flows between device groups regardless of connection point. Together, VMware and Forescout deliver comprehensive segmentation to achieve Zero Trust security for the entire corporate estate: from campus, including IoT and Operational Technology, to data centre and cloud environments.”
Don O’Neil, director of cybersecurity and privacy consulting at PwC, added:
“PwC helps customers architect, design and deploy networks with a business-centric, top-down approach to prevent the sprawl of inconsistent policies and solutions. In addition to Forescout’s enterprise scale device visibility, eyeSegment’s business context view of network communication patterns, and ability to simulate and refine segmentation policies before enforcement, are key capabilities that can help accelerate segmentation projects and further reduce risk for our clients.”
Frank Dickson, program vice president of security and trust at IDC, said:
“Segmentation is the buzzword of the day, but how does one implement segmentation given the realities of IoT?
“Forescout is addressing the need with eyeSegment, which is an ‘easy button’ to start designing and planning enterprise-wide network segmentation. It allows organisations to create a baseline of what is communicating with what and helps make sense of the network chaos associated with the volume and diversity of connected devices.”
Visit for additional information.