Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

ActiveScout

Product Version Certified: Version 2.7
Certified for use with: Check Point NG and Check Point Express
 
Product Description: ActiveScout is an intrusion prevention solution that identifies and blocks network attackers at the earliest stage of an attack, based on their pre-attack activity. ActiveScout provides automatic protection from both known and unknown attacks while requiring minimal administration. Located in front of the firewall, ActiveScout is a new layer of defense that enhances the firewall.
 

Key Features and Benefits
OPSEC Integration
Additional Information

 
  Download the ActiveScout Documentaion
 

Company Description: ForeScout Technologies has completely reinvented the way intrusion prevention works, by creating technology that recognizes and blocks attackers based on their proven malicious intent, with 100% accuracy.Founded in April 2000, the company set out to solve the problems created by traditional security products including: low levels of accuracy, static protection policies, tremendous need for ongoing maintenance, and high initial set-up costs. Protecting against attackers with proven intent to attack, ForeScout eliminates the need for signature updates and continuous adjustments. This unique approach produces zero false positives, so users are confident that all alarms are justified and no legitimate traffic is dropped.

   ForeScout Technologies
   
Key Features and Benefits

Absolute accuracy
ActiveScout's identification algorithm is 100% accurate in attacker detection. With zero false positives, you can depend on ActiveScout to provide actionable information.

Automatic blocking
ActiveScout's accuracy eliminates the cry-wolf effect, and delivers the confidence to take action against attackers through real time blocking of network attacks.

Prevention of known & unknown threats
ActiveScout provides instantaneous protection against both known and unknown attacks by focusing on the attacker's intent, and not the attack payload.

Low complexity/Low cost of ownership
ActiveScout requires no tuning, no signature updates and no constant log reviews. Like the firewall, ActiveScout is a "set-it and forget-it" solution that can be easily managed by any size organization.

Enterprise Lock-down
Enterprise lock-down enables the instantaneous sharing of attacker alerts among all enterprise Scouts, achieving complete and consistent protection across the entire perimeter.
OPSEC Integration

ActiveScout integrates with the Smart OPSEC Manager framework, by using the following integration points:

Suspicious Activity Monitoring Protocol (SAMP)
In addition to being able to block attackers on its own using TCP resets, ActiveScout can utilize SAMP to have VPN-1/FireWall-1 block attackers. Upon early detection of an attacker, ActiveScout sends a SAM block command to VPN-1/FireWall-1 and by that, blocks the offender.

Event Logging API (ELA)
ActiveScout utilizes ELA to send real-time alerts of identified attackers to the VPN-1/FireWall-1 log repository, allowing the security administrator to use the Check Point SmartView Tracker to view alerts and actions performed by ActiveScout.

Application Monitoring (AMON)
ActiveScout integrates with AMON to export real time status information to the administrator who uses Check Point's SmartView application. This provides the administrator a single view of the organization's security including the ActiveScout status.

Check Point Roam Admin (CPRA)
ActiveScout uses the CPRA API to facilitate the secure communication and authentication between ActiveScout and FireWall-1.

SmartLaunch
ActiveScout utilizes the SmartLaunch framework to enable the launching of ActiveScout's management GUI directly from the FireWall-1's console.
Additional Information

ForeScout Technology Flash Tutorial