一个基于DPI技术实现了内网资产识别的应用
https://www.forescout.com/products/counteract/see/visibility-capabilities/
See Capabilities*
Device Information
- Device type (printer, wireless network device, laptop, etc.)
- Device authentication/NETBIOS/domain membership
- System information (manufacturer, model name, number of processors)
- Storage information (drive type, volume name, size and name)
- Motherboard (manufacturer, model, serial number, removable)
- RAM (memory type, capacity, manufacturer, serial number and speed)
- Network adapter (DeviceID, name, adapter type and speed)
- Processors (number of cores, description, family and manufacturer)
- MAC/IP address
- NIC vendor
- Hostname
Security Status
- Anti-malware agents status (installed/running) and database versions
- Patch management agent status (installed/running)
- Firewall status (installed/running)
- Audit trail of changes to OS/configuration/application
- X.509 certificates
User Information
- Username
- Full name
- Authentication status
- Workgroup
- Email address
- Phone number
- Guest/authentication status
Device Information
- Device type (printer, wireless network device, laptop and more)
- Device authentication/NETBIOS/domain membership
- MAC/IP address
- NIC vendor
Operating System Status
- Type
- Version number
- Patch level
- Processes and services installed or running
- Registry and configuration
- File name/size/date/version
- Shared directories security status
- Anti-malware agents status (installed/running) and database versions
- Patch management agent status (installed/running)
- Firewall status (installed/running)
- Audit trail of changes to OS/configuration/application
Application Information
- Authorized applications installed/running
- Rogue applications installed/running
- P2P/IM clients installed/running
- Application name and version number
- Registry values
- File sizes
- Modification date and patch level
Peripheral Information
- Device class (disk, printer, DVD/CD, modem, NIC, memory, phone and more)
- Connection type (USB, Bluetooth, infrared, wireless)
- Device information (make, model, device ID, serial number)
Network Traffic Information
- Malicious traffic (worm propagation, device spoofing, intrusion, spam and more)
- Traffic source/destination
- Rogue NAT/DHCP behavior
- IPv6 tunnels through IPv4
Physical Layer Information
- Switch IP, description, location
- Switch port
- VLAN
- Number of devices on any port
- 802.1X authentication status
Virtual Servers/Desktops
- Server name
- Server build
- Server instance
- Server license product name
- Server license product version
- Server locale build
- Server locale version
- Server OS type
- Server product ID
- Server product name
- Server vendor
- Server version
- Server IP
- Guest OS information
Industry Solutions
GOVERNMENT
Security, privacy and compliance begin at the endpoint
Local, state and federal government agencies are prime targets for hackers, whether politically motivated, seeking information they can sell, or simply engaged in mischief. By providing secure network access for a wide range of devices and user populations, ForeScout CounterACT® can help government agencies protect their confidential data and support their compliance efforts with mandated policies and regulations such as FISMA, NERC, ISO/IEC 27001 and the GDPR. ForeScout can:
- Identify managed and unmanaged devices and control the spread of malware across the network
- Guard against targeted threats that can result in stolen data and network downtime
- Address endpoint compliance issues related to Security Content Automation Protocol (SCAP)
Learn more about what CounterACT can do for you.
When it’s late at night, or when my staff is sleeping, CounterACT is working with our other security solutions to take immediate action on threats. You can’t put a price tag on that type of automation.
Michael Roling, Chief Information Security Officer, State of Missouri
FINANCIAL
Protect information assets and fortify security, privacy and compliance
Although financial institutions face threats from a multitude of sources, today’s primary risks are internal. Employees and contractors misuse and abuse corporate data resources—intentionally or otherwise—and their personally owned devices can wreak havoc on network security and stability. CounterACT delivers real-time visibility and automates control of devices the instant they connect to your network to:
- Improve security posture without impeding customer service
- Reduce risks of data breaches, ransomware and malware attacks
- Support your compliance efforts with regard to FINRA, GLBA, PCI DSS, SOXand other regulatory mandates
Learn more about what CounterACT can do for you.
Ease of implementation and support for hybrid environments made
ForeScout the logical choice. Its Value and ROI were clearly superior.Dominic Hart, Manager Information Security Architecture, IT&S Security, RWJBarnabas Health
HEALTHCARE
Boost security, privacy and compliance in clinical settings
Healthcare organizations are facing constant threats as new types of devices add vulnerabilities to medical networks. CounterACT sees devices including medical, personally owned and IoT devices, the instant they connect. Its policy engine identifies thousands of medical devices from leading manufacturers to help you:
Learn more about what CounterACT can do for you.
EDUCATION
Maintain security and privacy while facilitating learning
Security teams at educational institutions face a unique challenge: dealing with a constantly changing array of unmanaged devices connecting to the network even as they must try their best to maintain the free flow of information. But with CounterACT, you can:
- Control access to networks by students, teachers, administration and guests
- Automatically enforce limits based on identities
- Continuously monitor the behavior of devices on the network and automatically execute a range of responses
Learn more about what CounterACT can do for you.
RETAIL
Reduce risks of data breaches and malware attacks
Cybercriminals constantly look for—and find—opportunities in the retail environment. As breach disclosures continue unabated, retailers need better ways to secure POS systems, ATMs, kiosks and other endpoints while keeping pace with regulations. CounterACT helps retailers address PCI DSS 3.0 compliance and reassure customers and shareholders. This powerful appliance can:
- Continuously monitor POS machines and other devices
- Automatically detect and remediate retail endpoints
- Identify and control devices that are attempting to access the network
Learn more about what CounterACT can do for you.
MANUFACTURING
Protect intellectual property, business operations and your company’s brand
Cybersecurity in manufacturing is extremely complex because there’s so much at stake—everything from factory floor operations to reputations, not to mention productivity and profitability. Fortunately, CounterACT lets you:
- Gain real-time visibility and endpoint compliance by continuously monitoring the vast array of small-footprint, IP-connected devices
- Automate remediation of vulnerabilities on managed and unmanaged endpoints
- Rapidly respond to incidents without human intervention
Learn more about what CounterACT can do for you.
一个基于DPI技术实现了内网资产识别的应用的更多相关文章
- 基于4G Cat.1的内网穿透实例分享
上一篇分享了:小熊派4G开发板初体验 这一篇继续BearPi-4G开发板实践:内网穿透实验. 基本TCP的socket通信测试 之前我们学习WiFi模块时,与PC进行TCP协议的socket通信测试我 ...
- 给我一个shell我能干翻你内网
0x00 前言 在去年小菜鸡学了点内网知识就闲着没事跑点jboss的站看看,在经历过很多次内网横向失败之后终于算是人生圆满了一把,阿三的站一般进去之后很难横向,不知道是不是我太菜的原因,反正阿三的站能 ...
- 传输层隧道技术之lcx内网端口转发
传输层技术包括TCP隧道.UDP隧道和常规端口转发等.在渗透测试中,如果内网防火墙阻止了指定端口的访问,在获得目标机器的权限后,可以使用IPTABLES打开指定端口.如果内网中存在一系列防御系统,TC ...
- 搭建基于HTTP协议内网yum仓库
目录 1. 前言 2. 把rpm包下载到本地 3. 配置nginx对外提供服务 4. 配置本地repo文件 5. 生成repodata信息 6. 检查及使用 7. 对管理机器上的仓库进行更新 参考资料 ...
- 一台PC双网卡,一个外网一个内网
问题:一台PC双网卡,一个连外网一个连内网.用户主要访问外网,内网只访问有限的几个ip.因为外网很大,一般人公司内网常访问的ip是有限的几个. 现在如何做到在上外网的同时也能访问内网的系统?明明两个网 ...
- 脑残式网络编程入门(六):什么是公网IP和内网IP?NAT转换又是什么鬼?
本文引用了“帅地”发表于公众号苦逼的码农的技术分享. 1.引言 搞网络通信应用开发的程序员,可能会经常听到外网IP(即互联网IP地址)和内网IP(即局域网IP地址),但他们的区别是什么?又有什么关系呢 ...
- Linux内网渗透
Linux虽然没有域环境,但是当我们拿到一台Linux 系统权限,难道只进行一下提权,捕获一下敏感信息就结束了吗?显然不只是这样的.本片文章将从拿到一个Linux shell开始,介绍Linux内网渗 ...
- 内网ip/公网ip
ip地址初识: 现在的IP网络使用32位地址,以点分十进制表示,如172.16.0.0.地址格式为:IP地址=网络地址+主机地址 或 IP地址=网络地址+子网地址+主机地址. IP地址类型 最初设计互 ...
- 什么是公网IP、内网IP和NAT转换?
搞网络通信应用开发的程序员,可能会经常听到外网IP(即互联网IP地址)和内网IP(即局域网IP地址),但他们的区别是什么? 1.引言 搞网络通信应用开发的程序员,可能会经常听到外网IP(即互联网IP地 ...
随机推荐
- JQuery/JS插件 zTree树,点击当前节点展开,其他节点关闭
好像没找到现成的,就自己写了一个demo. 效果如下: 代码: <!DOCTYPE html> <html> <head> <meta http-equiv= ...
- python 引用和对象理解(转)
引用和对象分离 从最开始的变量开始思考: 在python中,如果要使用一个变量,不需要提前进行声明,只需要在用的时候,给这个变量赋值即可 (这个和C语言等静态类型语言不同,和python为动态类型有关 ...
- 深入理解hello world
阅读目录 为什么所有东西都是从类开始的 为什么总是需要有一个“main”方法 HelloWorld的字节码 HelloWorld在JVM中是如何运行的 对于每个Java程序员来说,HelloWorld ...
- 2018面向对象程序设计(Java)第15周学习指导及要求
2018面向对象程序设计(Java)第15周学习指导及要求 (2018.12.6-2018.12.9) 学习目标 (1) 掌握Java应用程序打包操作: (2) 了解应用程序存储配置信息的两种方法 ...
- Javascript Iterator
[Javascript Iterator] 1.@@iterator Whenever an object needs to be iterated (such as at the beginning ...
- 查询结果null替换为0
xxx表示字段名 mysql数据库 : ifnull( xxx , 0 ) oracle数据库: NVL(xxx , 0 )
- U3D框架—单例框架
写程序应遵循的原则:高内聚(内容的聚合),低耦合(功能与功能之间的联系) 代码里尽量不要有冗余:既重复,没有用的代码 using System.Collections; using System.Co ...
- django创建一个简单的web站点
一.新建project 使用Pycharm,File->New Project…,选择Django,给project命名 (project不能用test命名) 新建的project目录如下: ...
- 第一次登录mysql,使用任何命令都报错ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
问题: 使用临时密码登录成功后,使用任何myql命令,例如show databases;都提示下面的报错 ERROR 1820 (HY000): You must reset your passwor ...
- SpringCloud报错:com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server
启动SpringCloudEureka 报错:com.netflix.discovery.shared.transport.TransportException: Cannot execute req ...