Forescout Technologies has launched a new cloud-based offering. Forescout eyeSegment is designed to help organizations accelerate network segmentation projects, driven by the need to secure critical applications, mitigate increased exposure due to IoT devices, and limit the lateral movement and blast radius of threats across flat networks.
Forescout eyeSegment allows organizations to define and implement holistic network segmentation to secure the increasingly complex and interconnected enterprise network across campus, data center, cloud and operational technology (OT).
eyeSegment builds on Forescout eyeSight’s ability to automatically translate every IP-connected entity into a logical taxonomy of users, devices, applications and services. Additional context from third-party systems, such as vulnerability and compliance information, can be integrated to this taxonomy to enable a customer to define policy in business terms and drive device segmentation decisions across the entire enterprise.
eyeSegment then marries traffic flows to how these entities are communicating across all networks from campus, data center, cloud and OT in business terms. Frequent baseline communication can be used to create a segmentation policy. This accelerates segmentation design planning based on in-depth understanding of traffic flow baselines and anomalies.
Customers can proactively design, fine-tune and simulate policies before enforcing segmentation controls. This allows organizations to determine how specific policies would impact the rest of their network from a single policy layer before implementing the controls to understand overall business efficacy.
eyeSegment also allows customers to centrally monitor traffic flows between segmentation zones, validate Zero Trust controls, and automatically react to policy violations with restrictive controls, alerting and/or logging.
Combined with Forescout’s eyeControl and eyeExtend, eyeSegment can orchestrate policy-based control actions across multiple segmentation enforcement points, such as next-generation firewalls, wired and wireless network infrastructure, software defined networking and cloud infrastructure, as well as agent-based segmentation technologies.