Extended Modules
  • (+95) 151 4134
  • |
  • yitm@yipintsoi.com

Extended Modules

Extended Modules expand the see and control of ForeScout CounterACT®. Your organization can share contextual device data between ForeScout and your other IT and security products, automate policy enforcement across disparate solutions, bridge previously siloed IT processes and accelerate system-wide response to more rapidly mitigate risks.

Extended Modules are available for:

Base Modules are included with ForeScout CounterACT to provide open integration with a broad range of network and security infrastructure.

Leveraging the ForeScout Extended Module for Splunk via Adaptive Response, we can increase our holistic data defense and security to minimize the impact of malware and data breaches.

Clayton Colwell, Associate Security Engineer, Brown-Forman Corporation

Advanced Threat Detection (ATD)

Our ATD Extended Modules provide security orchestration between the ForeScout platform and your ATD system. The combined solution allows you to automatically detect indicators of compromise (IOCs) on your network and quarantine infected devices, thereby limiting malware propagation and breaking the cyber kill chain.  How they work:  Your ATD system detects malware then informs CounterACT about the affected system(s) and IOCs. Based on your policy, CounterACT leverages its IOC repository to scan other endpoints that are attempting to connect or are already connected to your network for presence of infection. CounterACT automatically takes policy-based mitigation actions to contain and respond to the threat. Various actions can be performed depending on the severity or priority of the threat.

ATD Partners:



Client Management Tools (CMT)

Our CMT Extended Modules provide visibility and control across your network-connected devices— including corporate devices—while they’re off the enterprise network. They let you verify device compliance with security and regulatory mandates and take remediation actions.


How they work:

  1. CounterACT discovers and classifies various types of network-connected devices.
  2. CounterACT verifies the presence of a fully operational agent or performs device remediation preceding connection if an agent is missing or broken.
  3. Your CMT platform verifies device compliance with corporate and industry standards.
  4. Your CMT platform performs automatic re-configuration or triggers network actions via CounterACT to isolate devices, kill malicious processes and alert users.

CMT Partners:

Enterprise Mobility Management (EMM)

Our EMM Extended Modules facilitate policy-based orchestration between the ForeScout platform and leading EMM systems to provide you with unified security policy management for mobile devices on your network.

How they work:

  1. CounterACT instantly profiles managed and agentless mobile devices connected to your enterprise network.
  2. CounterACT provides comprehensive information about devices to EMM systems.
  3. When CounterACT discovers a device without a functional EMM agent, CounterACT redirects it to the EMM app store for installation according to policy.
  4. CounterACT enforces your network security policies, monitors and reports on policy compliance and sees network information such as where and how devices connect to your network 

EMM Partners:


Endpoint Protection, Detection & Response (EPP/EDR)

Our EPP/EDR Extended Modules provide bi-directional integration between the ForeScout platform and leading endpoint security platforms to let you verify device compliance for functional antivirus, up-to-date signatures, encryption and other endpoint policies and facilitate remediation actions.

How they work:

  1. CounterACT detects and profiles devices as they connect to your network and shares this information with your EPP/EDR platforms.
  2. If the device has a functional agent, the endpoint management platform tells CounterACT what it knows about the device's compliance status.
  3. CounterACT then allows access to compliant devices and authorized users.
  4. If the device has a missing/broken agent, CounterACT informs the EPP/EDR platform to install/repair the agent. CounterACT can also capture the endpoint’s browser and send the user to a self-remediation page. CounterACT continues to monitor systems for compliance and erroneous behavior.
  5. Based upon your security policies, CounterACT can perform a wide range of control actions, including device isolation, killing a malicious process or initiating other remediation actions and alerting the user.

EPP/EDR Partners:


IT Service Management (ITSM)

Our ITSM Extended Modules share up-to-date device properties, classification, configuration and network context to help true-up assets in your CMDB, improve asset compliance and maintain a trusted single-source-of-truth repository for better decision-making.

How they work:

  1. CounterACT discovers and classifies various types of devices as they connect to your network, including industrial and critical infrastructure systems using passive-only discovery and profiling.
  2. The Extended Module shares device properties, configuration information and network context with your ITSM system.
  3. ITSM system adds or updates this information in the CMDB to true-up existing asset repository.
  4. CounterACT lets you import CMDB properties from ITSM system to be used in its inventory and policies.


ITSM Partners:


Next-Generation Firewall (NGFW)

Our NGFW Extended Modules enable you to implement dynamic network segmentation, automate controls for secure access to critical resources and create context-aware security policies within your next-generation firewalls based on device context from CounterACT.

How they work:

  1. CounterACT discovers, classifies and assesses devices as they connect to the network.
  2. Based on your policies, the Extended Module sends user identity, device information and security context/tag to the next-generation firewall.
  3. Your next-generation firewall leverages contextual information from ForeScout to enforce security policies, network access and granular segmentation.

NGFW Partners:



Privileged Access Management (PAM)

Our PAM Extended Modules provide you with real-time agentless visibility into undiscovered local privileged accounts and let you automate responses to threats based on holistic visibility into user activity, device security posture, incident severity and overall threat exposure.

How they work:

  1. CounterACT discovers devices and undetected local privileged accounts.
  2. The ForeScout Extended Module shares this information and device context with your PAM system.
  3. The PAM system identifies threats and alerts CounterACT.
  4. CounterACT isolates devices on the network and limits network access.

PAM Partners:


Security Information and Event Management (SIEM)

Our SIEM Extended Modules facilitate information sharing and policy management between the ForeScout platform and leading SIEM systems to improve situational awareness and mitigate risks using advanced analytics. The solution shares comprehensive device information with your SIEM, including IoT classification and assessment context for correlation and incident prioritization.

How they work:

  1. CounterACT discovers infected devices then sends the information to your SIEM.
  2. CounterACT receives instructions from the SIEM and automatically takes policy-based mitigation actions to contain and respond to the threat.
  3. You can perform various actions depending on the severity or priority of the threat, such as:
    • Quarantine devices
    • Initiate direct remediation
    • Share real-time context with other incident response systems
    • Initiate a scan by another third-party product
    • Notify the end user via email or SMS

SIEM Partners:


Vulnerability Assessment (VA)

Our VA Extended Modules share comprehensive vulnerability assessment data between the ForeScout platform and leading VA systems to initiate VA scanning of devices and automate policy-based enforcement actions as necessary.

How they work:

  1. CounterACT triggers your VA system to perform a real-time scan of the connecting device when it joins the network.
  2. CounterACT isolates the connecting device in an inspection VLAN while the VA system performs a scan.
  3. CounterACT triggers VA scans on devices that meet certain policy conditions, such as devices with specific applications, or when device configuration changes are detected.
  4. After the VA system scans a device, CounterACT can obtain the scan results and initiate risk mitigation actions if vulnerabilities are detected.

VA Partners:


Open Integration Module (OIM)

Our Open Integration Module allows customers, systems integrators and technology vendors to integrate custom applications, security tools and management systems with the ForeScout platform.

  1. Web Services API for sending and receiving XML messages.
  2. SQL, allowing reading from and writing to databases, such as Oracle®, MySQL, and SQLServer.
  3. LDAP, enabling reading from standard directories

Advanced Compliance Module

The Advanced Compliance Module automates on-connect and continuous device configuration assessment to comply with security benchmarks. It enables you to leverage standards-based security benchmarks and content published in the SCAP format. This allows you to:

  1. Improve device hygiene for greater device security.
  2. Verify system configuration settings and increase compliance against regulatory or other baselines.
  3. Reduce usage of outdated application versions.
  4. Gather and aggregate assessment results for audit preparation.
  5. Streamline existing processes and automate compliance and remediation workflows.

Copyright © 2021 All Rights Reserved By YITM Co., Ltd. Powered By  Innovix Solutions