ForeScout Technologies Inc. has integrated its CounterACT network access control (NAC) technology with ESM, a security information and event management (SIEM) system from ArcSight LLC (an HP company.) The integration means ForeScout channel partners may find doors opening for them into ArcSight accounts.
NAC and SIEM integration
Using ArcSight’s Model Import Connector, ForeScout CounterACT will send endpoint configuration and security posture data, as well as security violations and event log details, to ArcSight ESM.
Demonstrating its integration with ArcSight is important because of how popular and prevalent ArcSight is in the SIEM market.
The 451 Group
According to Sam Davis, vice president of business development at Cupertino Calif.-based Forescout, CounterACT data can be used by the ArcSight SIEM platform to help security pros correlate the data with attack information and identify systems in need of urgent care. “Our joint customers have been asking for this complete loop, because the asset information we’re providing is very valuable,” Davis said.
“There’s been a long-standing debate about SIEM over whether you really need actionability, or just reporting,” said Rob Ayoub, global program director for research firm Frost & Sullivan. Ayoub believes mid-tier customers in particular want to move beyond simply receiving security data and have policy-based actions occur automatically.
That’s exactly what ForeScout does, according to Scott Gordon, vice president of global marketing at ForeScout. “ForeScout has unique integration with HP ArcSight,” Gordon claimed, noting the policy-based rules and action options in ArcSight can communicate with ForeScout to take action, such as isolating the endpoint under attack.
ForeScout demonstrated the integrated offering at the HP Protect 2011 Conference, held in Washington D.C. earlier this week.
Opportunity for channel partners
Gordon said the technology alliance will enable solution providers who are channel partners of both ForeScout and ArcSight to offer integration modules and related services to their customers.
Our joint customers have been asking for this complete loop, because the asset information we’re providing is very valuable.
ForeScout Technologies, Inc.
“This is definitely a feather in the cap for ForeScout,” said Andrew Hay, senior analyst for research firm The 451 Group. “Demonstrating its integration with ArcSight is important because of how popular and prevalent ArcSight is in the SIEM market.”
Hay believes the integration with ArcSight is good news for current ForeScout channel partners. “If an ArcSight customer is looking at a NAC product down the road, now they may decide to look at ForeScout,” he said.
“There’s some great upsell potential for the channel with this integration,” Ayoub said. He noted ForeScout has a good reputation in the NAC market, which should help open doors for ForeScout partners into ArcSight accounts.
Currently, ForeScout has more than 100 channel partners, while HP ArcSight has approximately 200 channel partners, worldwide.
NAC market conditions
Some industry analysts have reported the demise of the NAC market. In the report, The Forrester Wave: Network Access Control Q2 2011, John Kindervag, principal analyst for Forrester Research Inc. stated, “Forrester believes that the market for standalone NAC offerings .… will likely phase out in the next five years. ...The number of vendors offering standalone NAC solutions is shrinking, and those that are left, vendors such as ForeScout and Bradford Networks, are working to ensure that their appliances are part of an extended solution that offers more than just NAC.”
Similar to the ForeScout technology alliance with ArcSight, other NAC vendors have sought to align themselves with the most widely installed SIEM platforms. Cisco Systems Inc.’s NAC appliance can be integrated with Q1Labs QRadar, and Juniper Networks Inc. Unified Access Control integrates with RSA EnVision.
“ForeScout is still standing in what has been a very difficult market,” Frost & Sullivan’s Ayoub said, referring to the NAC market. “That in itself is a strength for its partners.”