ForeScout Technologies - Experts & Thought Leaders

Keysight Technologies, Inc. launched AppFusion, a network visibility partner programme that integrates third-party security and monitoring solutions directly into its network packet brokers. The programme integrates market-pioneering technologies from Forescout, Instrumentix, and Nozomi Networks, enabling customers to streamline network and security operations (NetOps/SecOps) while significantly reducing infrastructure costs. This all-in-one, multi-vendor solution helps IT professionals reduce capital and operational expenses while improving security monitoring and performance. Enterprise IT and SecOps teams Traditionally, this required separate hardware appliances, each running different monitoring tools Enterprise IT and security operations (SecOps) teams need real-time network traffic monitoring to troubleshoot performance issues, detect cyber threats, and maintain operational scale and compliance. Traditionally, this required separate hardware appliances, each running different monitoring tools. Keysight’s Vision Network Packet Brokers eliminate this complexity by integrating partner software directly into a single hardware platform. Key benefits of AppFusion Significant reduction in hardware costs by consolidating multiple servers into one Vision appliance. Simplified deployment with pre-integrated, best-in-class security solutions. Centralised management through a single interface for all monitoring tools. Easy scalability with on-demand activation of additional monitoring capabilities. Network visibility and monitoring “The more technology providers integrate and deliver complete solutions, the less time IT and security teams need to spend configuring and managing performance and security,” says Recep Ozdag, Vice President and General Manager, Network Visibility Solutions at Keysight.  “Our new partner integration programme fuses network visibility and monitoring in a new way to streamline deployment of complete, cost-efficient monitoring solutions for real-time threat detection and troubleshooting of performance issues.” Initial AppFusion integrations Forescout platform with eyeInspect security monitoring technology. Instrumentix xMetrics® trade flow performance monitoring and analytics software. Nozomi Networks’ AI-powered security and risk management solutions. Forescout Platform “Forescout has a long history of providing market-pioneering OT solutions to the most security-conscious organisations in the world. We’re extremely pleased to partner with Keysight on their AppFusion programme,” says Rob McNutt, Chief Strategy Officer at Forescout. “Deploying the Forescout Platform within a visibility fabric delivers an unparalleled and comprehensive view that reduces blind spots and monitoring bottlenecks to fortify security across IT, operational technology (OT), internet of things (IoT), and internet of medical things (IOMT) environments.” Benefits from integrated visibility and monitoring solutions As with OT and IoT domains, the financial markets sector benefits from tightly integrated visibility solutions As with OT and IoT environments, the financial markets sector benefits from tightly integrated visibility and monitoring solutions. “Time is money in financial markets, where nanoseconds of delay can impact the value of trades,” says Clive Posselt, Commercial Director at Instrumentix, a newly announced Keysight alliance partner. “Delivering our xMetrics® trade flow monitoring software onboard a Keysight visibility appliance can provide the buy and sell side, as well as exchanges and other liquidity venues, real-time access to the most reliable trade plant performance data, so they can optimise execution outcomes and differentiate their services.” Security monitoring and risk management  Chet Namboodri, Nozomi Networks Senior Vice President of Global Business Development, concurs: “Cyber-physical systems in enterprise and industrial environments require equal and, in many cases, higher performance levels for security monitoring and risk management than traditional IT networks." "Integrating Nozomi Networks’ AI-powered security and risk management solutions with Keysight appliances saves customers time and money while achieving the most reliable, innovative, and highest calibre of threat monitoring and risk management available for OT, IoT, and cyber-physical systems.”

More than ever in 2024, attackers are crossing siloes to find entry points across the full spectrum of devices, operating systems, and embedded firmware, forming the basis for the report, The Riskiest Connected Devices in 2024. Forescout Technologies, Inc., a global cybersecurity pioneer, delivers this fourth annual review of data sourced from nearly 19 million devices through its research arm, Vedere Labs, an international team dedicated to uncovering vulnerabilities and threats to critical infrastructure. Riskiest Connected Devices report “The device has evolved from a pure asset to a reliable, sophisticated, intelligent platform for communications and services, driving a transformation in the relationship between devices, people, and networks,” said Elisa Costante, VP of Threat Research, Forescout. “We analyse millions of data points to publish the Riskiest Connected Devices report to integrate important threat context into how organisations use different devices and to redefine what it means to connect and interact securely. Forescout is committed to delivering device threat intelligence that helps organisations respond faster to potential threats and take advantage of opportunities to enhance security postures.”   Five riskiest device types The Riskiest Connected Devices in 2024 identifies the five riskiest device types in four categories, IT, IoT, OT, and IoMT. The following are the key highlights: Most Risky: IT Devices Endpoints – servers, computers, and hypervisors – remain high-risk as entry points for phishing IT devices – network infrastructure and endpoints still account for the most vulnerabilities at 58% despite being down from 78% in 2023. Network infrastructure devices – routers and wireless access points are often exposed online and have dangerous open ports. Endpoints – servers, computers, and hypervisors remain high-risk as entry points for phishing or because of unpatched systems and applications. At the beginning of 2023, endpoints were riskier than network devices. At the end of 2023, there was a reversal in the number of vulnerabilities found and exploited in network infrastructure devices. Today, network equipment has become the riskiest IT device category surpassing endpoints. Persistent Risk: IoT Devices IoT devices with vulnerabilities expanded by 136% since 2023. The riskiest IoT devices include the most persistent suspects – NAS, VoIP, IP cameras, and printers. These are commonly exposed on the internet and have been historically targeted by attackers. 2024’s analysis uncovered one IoT device making the Riskiest Connected Devices list for the first time: Network Video Recorder (NVR). NVRs sit alongside IP cameras on a network to store recorded video. Like IP cameras, they are commonly found online and have significant vulnerabilities that cybercriminal botnets and APTs have exploited. Ubiquitous and Insecure: OT Devices Many robots share the same security challenges as other OT equipment, including outdated software, default credentials Industrial robots debut as an area of emerging risk for OT devices. The riskiest OT devices include the critical and insecure-by-design PLCs and DCSs. It also consists of the UPSs in many data centers with default credentials and the ubiquitous, often invisible building automation systems. Industrial robots make the list of Riskiest Connected Devices for the first time. Often used in logistics and military applications, robots are growing in use in industries like electronics and automotive manufacturing. Many robots share the same security challenges as other OT equipment, including outdated software, default credentials, and lax security postures. Notable Changes in Healthcare Device Security: IoMT Devices Healthcare is no longer the industry with the riskiest devices, but IT equipment for medication dispensing systems is the second-most exposed IoMT device type.  Just one year after the 2023 analysis highlighted the high level of device risk within the healthcare industry, our research today indicates that many organisations are closing ports by replacing remote management of devices from Telnet to SSH. Medication dispensers The IT equipment used for healthcare like medical information systems and workstations continues to pose a risk Healthcare marked the highest decrease in open ports from 10% in 2023 to just 4% in 2024. Healthcare also had the highest decline in RDP from 15% to just 6%. Despite this good news, IoMT devices – the IT equipment used for healthcare like medical information systems and workstations continue to pose a risk for the industry, especially in medication dispensing systems. Medication dispensers have been known to be vulnerable for almost a decade, yet they represent the sixth most vulnerable device type overall and the second most in the category. Modern risk and exposure management “Modern risk and exposure management must include devices in every category, to identify, prioritise and reduce risk across the whole organisation." "Beyond risk assessment, risk mitigation should use automated controls that don’t rely only on security agents and which also apply to the whole enterprise instead of silos like the IT network, the OT network, or specific types of IoT devices,” adds Costante. Steps to reduce risks Among the immediate steps organisations can take to reduce device risk are: Upgrade, replace, or isolate OT and IoMT devices running legacy operating systems known to have critical vulnerabilities. Implement automated device compliance verification and enforcement to ensure non-compliant devices cannot connect to the network. Improve network security efforts, including segmentation, to isolate common, exposed devices such as IP cameras and dangerous open ports such as Telnet.

Forescout Technologies, the global pioneer in automated cybersecurity released its latest Continuum platform update which includes Forescout Continuum Timeline, a new cloud-native solution that provides comprehensive long-term retention, search, and analytics of asset data. Timeline enables enterprises to meet compliance and audit requirements, better support incident investigations, and proactively identify risks and gaps to help prioritise preventative measures. Cybersecurity solution All organisations need an automated way of maintaining real-time asset intelligence for every connected device. Cybersecurity teams overwhelmed with rapid asset growth and the expanded attack surface are receiving information from multiple tools to inform their security decisions. Forescout offers a complete cybersecurity solution in its latest release of the Forescout Continuum Platform with the Forescout Continuum Timeline. Timeline Timeline enables network and SecOps teams to query, investigate and leverage the essential data in real-time Timeline is a cloud-based offering that operates as a seamless extension to Forescout Continuum and has been engineered to handle the demands of the world’s largest enterprises, automatically ingesting, enriching, and normalising asset data. With its massively scalable data lake and a rich analytics engine, Timeline enables network and SecOps teams to query, investigate and leverage the essential data collected by eyeSight from connected assets in real-time, and across a historical timeline. Continuum platform This Continuum platform update expands asset discovery, assessment, and management capabilities to reduce high manual labour costs, performance issues, challenges with keeping asset databases current, business disruptions, and the risk of security breaches due to asset intelligence gaps. Lack of visibility, and the ability to quantify risk, lead to delayed insight and gaps in security posture. Forescout Continuum solves this by: Prioritising vulnerabilities and threats with in-depth multifactor risk assessment and scoring–newly added security controls for compliance align frameworks to focus SOC teams on the highest-risk cases.  Automatically reducing threat debt by orchestrating the proactive remediation of non-compliant assets. Advanced segmentation features to mitigate the blast radius of vulnerable devices. More powerful discovery and control capabilities and search and dashboard visualisations. Simple, cost-effective access “Our customers need simple, cost-effective access to accurate historical asset data for several purposes,” said Kevin O’Leary, Chief Product Officer, Forescout, adding “Timeline is an easy-to-use cloud solution which enables better asset visibility, including devices that are unagentable IoT and OT assets, and provides data integration for security operation teams to accelerate decision making.”

When 150,000 video surveillance cameras get hacked, it’s big news. Even if the main reason for the hack was to make a point. Even if the major consequence is bad publicity for a video company (and, by extension, the entire video surveillance industry). The target of the hack was Silicon Valley startup Verkada, which has collected a massive trove of security-camera data from its 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Previously, Verkada has been known for an aggressive sales approach and its intent to disrupt the traditional video market. The data breach was accomplished by an international hacker collective and was first reported by Bloomberg. The reported reasons for the hack were “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it,” according to Bloomberg. Tesla amongst those impacted The “fun” included access to a video showing the inside of a Florida hospital, where eight hospital staffers tackled a man and pinned him to the bed. Inside a Massachusetts police station, officers are seen questioning a man in handcuffsA view inside a Tesla warehouse in Shanghai, China, showed workers on an assembly line. Inside a Massachusetts police station, officers are seen questioning a man in handcuffs. There are even views from Verkada security cameras inside Sandy Hook Elementary School in Connecticut, where a gunman killed more than 20 people in 2012. In a “security update” statement, Verkada reports: “Our internal security experts are actively investigating the matter. Out of an abundance of caution, we have implemented additional security measures to restrict account access and further protect our customers.” Hacking was possible due to built-in feature The hacker group was able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code, reports Bloomberg. Obtaining this degree of access to the camera did not require any additional hackingUsing that access, they could pivot and obtain access to the broader corporate network of Verkada’s customers or hijack the cameras and use them as a platform to launch future hacks, the hackers told Bloomberg. Obtaining this degree of access to the camera did not require any additional hacking, as it was a built-in feature. Elisa Costante, VP of research for cybersecurity firm Forescout, calls the Verkada security camera hack "shocking." "Connected cameras are supposed to provide an additional layer of security to organisations that install them,” she says. “Yet, as the Verkada security camera breach has shown, the exact opposite is often true. [It is worrisome that] the attack wasn't even very sophisticated and didn't involve exploiting a known or unknown vulnerability. The bad actors simply used valid credentials to access the data stored on a cloud server.” Super Admin account had access to all cameras Hackers gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. They found a username and password for an administrator account publicly exposed on the internet, according to Bloomberg. The hackers lost access to the video feeds and archives after Bloomberg contacted Verkada.Hackers lost access to the video feeds and archives after Bloomberg contacted Verkada The results could have been worse, says Costante. "In this case, the bad actors have seemingly only resorted to viewing the footage these cameras have captured. But they are likely able to cause a lot more damage if they choose to do so, as our own research team has discovered. We were able to intercept, record and replace real-time footage from smart cameras by exploiting unencrypted video streaming protocols and performing a man-in-the-middle attack. This effectively gives criminals a virtual invisibility cloak to physically access premises and wreak havoc in the real world.” Impact on broader video surveillance industry The impact of a well-publicised cyber-attack on the broader video surveillance industry is also a concern. “As an industry, and as manufacturers in physical security, we cannot take these hacks lightly,” says Christian Morin, CSO & Vice-President of Integrations & Cloud Services, Genetec. “The potential broad-reaching impact of these hacks on physical security systems, including providing a beachhead to facilitate lateral movement onto networks, resulting in data and privacy breaches or access to critical assets and infrastructure, cannot be overstated. It is our responsibility and duty to users of our technology to prioritise data privacy and cybersecurity in the development, distribution, and deployment of video surveillance systems.” Widespread government and healthcare use The Verkada cameras are in widespread use within government and healthcare, which are by far the company’s most dominant verticals. Lesser verticals for them are manufacturing, financial and retail.The Verkada website pledges to take privacy seriously Verkada’s line of hybrid cloud security cameras combines edge-based processing with the capabilities of cloud computing. Cameras analyse events in real-time, while simultaneously leveraging computer vision technology for insights that bring speed and efficiency to incidents and investigations. Command, Verakda’s centralised web-based platform, provides users with access to footage they need. Motion detection, people analytics, and vehicle analytics enable searches across an organisation to find relevant footage. The Verkada website pledges to take privacy seriously: “We are passionate about developing products that enhance the security and privacy of organisations and individuals. We believe that well-built, user-friendly systems make it easier to manage and secure physical environments in ways that respect the privacy of individuals while simultaneously keeping them safe.”

The ban on U.S. government usage of Chinese-made video surveillance products was signed into law last year and was scheduled to take effect a year later – on August 13, 2019. With that deadline looming, there are questions about whether government agencies and departments will comply in time. A year ago, the U.S. Congress passed, and the President signed, a ban on government uses of video surveillance equipment produced by two of the world’s top manufacturers – Hikvision and Dahua. The provision was buried in the National Defense Authorization Act (NDAA) for fiscal year 2019, which the President signed into law on August 13, 2018. The ban, which takes effect ‘not later than one year after … enactment’, applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. Tracking software to detect banned products Forescout Technologies, San Jose, California, provides software to track various banned devicesThe bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. One problem is identifying where the surveillance equipment is being used, which involves either a tedious manual process to search out the equipment or the installation of tracking software to identify it on the network. A federal Department of Homeland Security program called ‘Continuous Diagnostics and Mitigation’ requires use of a detection tool to find any banned products on a network. Forescout Technologies, San Jose, California, provides software to track various banned devices, but not all required agencies have complied with a mandate to secure their networks by tracking every connected device (only 35% had complied as of 2018.) “Without an automated, real-time tool that can detect all of the IT devices – computer or ‘other’ – on your network, there is simply no way to be 100 percent certain that you are compliant with these product bans,” says Katherine Gronberg, Forescout’s Vice President, Government Affairs. Difficult to determine device’s manufacturer Not all equipment is marked to identify its manufacturer; some has been rebrandedAnother problem is the existence of OEM agreements and other supply chain complications that can make it difficult to determine the manufacturer of any given device. A report by Bloomberg says: “A complex web of supply chain logistics and licensing agreements makes it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules.” Not all equipment is marked to identify its manufacturer; some has been rebranded. “There are all kinds of shadowy licensing agreements that prevent us from knowing the true scope of China’s foothold in this market,” said Peter Kusnic, a technology writer at business research firm The Freedonia Group. “I’m not sure it will even be possible to ever fully identify all of these cameras, let alone remove them. The sheer number is insurmountable.” Companies banned under NDAA The NDAA ban covers “public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” It bans “video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, [and] Dahua Technology Company (or any subsidiary or affiliate of such entities).” Hytera Communications is a Chinese digital mobile radio manufacturer. Huawei Technologies Co. equipment has also been banned, including the HiSilicon chips widely used in video cameras. In addition to banning the Chinese equipment in government installations, the NDAA also includes a ‘blacklist’ provision [paragraph (a)(1)(B)], which could be interpreted to extend the ban to companies that use Chinese-made products in other, non-government applications. Rulemaking on that aspect is still under way, including a public hearing in July.