eyeExtend for Palo Alto Networks® NGFW
Automate context-aware dynamic network segmentation
- Developer
- Forescout
Augment Palo Alto Networks NGFW defenses with context-aware dynamic network segmentation of all devices the moment they connect to the network
Forescout eyeExtend for Palo Alto Networks Next-Generation Firewall (NGFW) lets
you harness real-time visibility across all network-attached devices to help detect
today’s attacks and implement device identity and context-aware security policies
and dynamic network segmentation to stop them.
Features and Benefits
Implement dynamic network segmentation
Forescout eyeExtend for Palo Alto Networks NGFW matches connecting devices’ IP addresses with NGFW user IDs and captures
user information, device properties, classification and security posture, including Host Information Profile (HIP) data. It then
dynamically tags and assigns devices to their appropriate Palo Alto Networks NGFW address groups. Based on predefined roles,
the NGFW allows differentiated user access according to functional need. For example, visitors can be restricted to internet use
only, contractors to internet and Exchange Server and partners to internet and internal ordering. This enables business continuity
while preventing unauthorized access to sensitive resources.Enhance firewall intelligence for better policy creation and enforcement
Forescout platform pulls essential Host Information Profiles (HIP) on mobile, guest and BYOD devices and shares with the NGFW,
which is otherwise unavailable without the Palo Alto Networks Global Protect Agent installed on network devices. HIP data
includes information on the latest security patches, antivirus definitions, disk encryption, jailbroken status and whether custom
corporate applications are running on devices. eyeExtend also maps device IP addresses discovered by the Forescout platform to
firewall User-IDs. The in-depth device context and user information helps the firewall to segment devices based on user ID, Tagging
and HIP data and improve access policies for devices.Continuously assess device compliance and enforce network segmentation policies
The Forescout platform continuously monitors the security posture of all connected devices. If a device falls out of compliance—
due to out-of-date antivirus software, for example—eyeExtend sends an automatic notification to the network administrator,
removes the device from its assigned NGFW group and reassigns it to a different group with more limited network access.
Provide Device Security Posture and Compliance
Provide device security
posture and compliance
context of all connected
devices to the NGFW
Share Real-time Device ID
Share real-time device
identity information by
mapping detected IP
addresses to user IDs
without the use of agents
Share Device Host Information Profile (HIP)
Share device Host
Information Profile (HIP)
data on security posture
Dynamically Assign Devices
Dynamically assign devices
to predefined NGFW address
groups based on granular
device and user context
Enforce User- and Role-based Network
Enforce user- and role-based
network access in real time
Additional Information
Support
EyeExtend modules are fully supported by Forescout. Please see support details at https://www.forescout.com/resources/activecare-maintenance-and-support-policy/
- Phone: +1-866-377-8773
- Knowledge Base
- Read Documentation
Categories
-
App Type
-
Built By
-
Licensing Category
-
Works With
Resources
Forescout eyeExtend Palo Alto Networks® NGFW Data Sheet
Download PDFForeScout Extended Module for Palo Alto Networks NGFW Demo
ForeScout and Palo Alto Networks NGFW Integration Demo