eyeExtend for Palo Alto QRadar®
Formerly IBM QRadar®
- Developer
- Forescout
Dynamic isolation, quarantining or blocking of compromised devices for threat containment
By combining the Forescout platform’s complete device visibility with IBM QRadar’s data analytics, Forescout eyeExtend for IBM QRadar allows security managers to achieve a broader understanding of their security posture, prioritize incidents and respond more quickly to mitigate a range of security issues. Organizations benefit by optimizing time to insight, achieving quicker incident response and realizing strengthened network security.
Features and Benefits
Enhance incident correlation and prioritization
The Forescout platform provides high-value user, network and device context to IBM QRadar. The additional device information
from the Forescout platform includes user information, device type, device configuration, network access patterns over time,
device compliance status and significant changes in device processes and applications. IBM QRadar correlates rich device
context from the Forescout platform with other data sources to better identify and prioritize incidents. IBM QRadar leverages this
additional insight to determine if an incident is actually malicious or violates policy and escalates or reduces the severity of the
event based on the device and user context.Continuously assess IBM QRadar WinCollect agent health and compliance
eyeExtend for IBM QRadar verifies that IBM QRadar WinCollect agents, which collect event logs on Windows devices, are installed,
configured and properly running on all Windows devices at all times. If a connecting Windows device does not comply with security
policy, Forescout platform can facilitate remediation.Automate incident response
IBM QRadar can trigger Forescout platform to take policy-based response actions such as isolating, quarantining or blocking
potentially compromised or noncompliant devices, depending on the severity of the violation. For example, when IBM QRadar
detects, via firewall log correlation, a targeted denial of service (DoS) attack, it can direct Forescout platform to have the the
firewall automatically block the source of the attack to prevent further disruption of service to the application(s) on the network.
Broad Security Posture Awareness
Broad security posture
awareness, including
complete device visibility
across managed and
unmanaged devices,
device compliance status,
registered/guest status and
network access patterns
Continuous IBM QRadar WinCollect
Continuous IBM QRadar
WinCollect agent health
assessment
Dynamic Isolation, Quarantining or Blocking
Dynamic isolation,
quarantining or blocking of
compromised devices for
threat containment
Additional Information
Support
EyeExtend modules are fully supported by Forescout. Please see support details at https://www.forescout.com/resources/activecare-maintenance-and-support-policy/
- Phone: +1-866-377-8773
- Knowledge Base
- Read Documentation
Categories
-
App Type
-
Built By
-
Licensing Category
-
Works With
Resources
Forescout eyeExtend for IBM® QRadar® Data Sheet
Download PDF