eEye to Strengthen the US Department of Defenses' Network Security

The American Department of Defence (DoD) has entrusted two companies with ensuring its networks are fully protected from non-compliant networks computers and to only grant access to devices once they are registered as protected.

ForeScout Technologies and eEye Digital Security are delivering a combined vulnerability assessment (VA) and network access control (NAC) solution to automate the process of ensuring all devices connecting to The American Department of Defence (DoD) networks are in compliance with Information Assurance Vulnerability Alerts (IAVA) standards and grant access based on this compliance.

According to Morey Haber, vice president of product management, eEye Digital Security: “The DoD approached us with the requirement of automating device scans to eliminate the risk of disconnected laptops missing regularly scheduled VA scan sessions and posing a threat to the production network upon re-entry.

In addition, the DoD needed a way to limit network access to non IAVA-compliant devices. To address this joint requirement, we looked to ForeScout. By adding the ForeScout CounterACT plug-in to our scanner, eEye was able to meet the DoD requirement of real-time detection of connecting devices, automating our ability to conduct IAVA scans.”

Haber and his colleagues chose the ForeScout CounterACT solution for its ability to detect out-of-compliance devices as they connect to the network and provide the appropriate level of enforcement to ensure DoD networks are protected from vulnerable systems.

Haber added, “Now, if a DoD network user connects an infected or out-of-compliance computer that needs malware removal, OS updates,security patchesor anti-virus software installed, the Retina Web Security Scanner will detect it immediately. Using CounterACT, the device will be placed in a DMZ zone for remediation and, based on the scan results and the NAC policy in place, the device will be brought back into compliance before it is allowed to fully connect to the production network. This eliminates laptop vulnerabilities in real-time and preserves the vital uptime of DoD networks.”

Today’s enterprises and branches of the federal government and military face a steady influx of vulnerabilities introduced by users who are able to bypass scheduled scans. The CounterACT plug-in to the Retina Web Security Scanner addresses this problem by detecting all connected or connecting devices and enforcing network security policies across all network devices without the need for any prior knowledge of the connecting device. This visibility combined with eEye’s deep scanning technology ensures an unprecedented level of protection for DoD networks.