General Forescouts    Security		Forescouts Security ForeScout Technologies has completely reinvented the way intrusion prevention works, by creating technology that recognizes and blocks attackers based on their proven intent, with 100% accuracy. The company set out to solve the problems created by traditional security products including: low levels of accuracy, static protection policies, tremendous need for ongoing maintenance, and high initial set-up costs. While security vendors continually develop faster and more robust products that recognize attack signatures and anomalous network traffic, ForeScout has developed a much more efficient approach. Protecting against attackers with proven intent to attack, ForeScout eliminates the need for signature updates and continuous adjustments. This unique approach produces zero false positives, so users are confident that all alarms are justified and no legitimate traffic is dropped. ForeScout's ActiveScout Solution ForeScout's ActiveScout™ Enterprise Solution takes a radically different approach to intrusion prevention. ActiveScout operates under a simple, powerful principle: Attacks are preceded by reconnaissance of the network by an attacker. By monitoring and responding to this pre-attack reconnaissance activity, ActiveScout's patented ActiveResponse technology automatically neutralizes any resulting attacks before they reach your network. ActiveResponse technology identifies and optionally blocks both known and unknown attacks, guaranteeing false-positive-free threat prevention. ActiveScout requires neither signature updates nor manual intervention, providing a maximum level of perimeter protection with minimal cost of prevention. Benefits Blocks both known and unknown attacks Zero false alarms Zero time to prevention Minimal cost of prevention Enterprise-wide aggregated views and management Optional automatic blocking across the enterprise No signature updates required ActiveScout How IT's Work Network attacks are characterized by a three-step process. First, the attacker recons the network using various recognizable scans and probes. Then, the information gleaned by the recon activity is returned to the attacker. Finally, the attack itself is launched based on that recon information. Phase 1: Receptor ActiveScout continually monitors incoming network traffic, looking for any signs of network reconnaissance. Phase 2: Deceptor When ActiveScout detects recon activity, it automatically identifies the type of recon being used by the attacker. ActiveScout then responds to the recon attempt with information similar to that which is being sought - but which is purposely counterfeit. Phase 3: Interceptor If and when an attack is then launched, ActiveScout will be able to immediately identify it.. At this point, ActiveScout deflects the attack from the network, alerts the security team, and can even block all traffic from the offending IP address.