Validated Product - CounterACT Edge v3.0.5 /CounterACT v4.1.0 (formerly ForeScout ActiveScout v3.0.5/CounterACT v4.1.0)

Certificate Date: 13 July 2005

Validation Report Number: CCEVS-VR-05-0108

Product Type: IDS/IPS

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: CygnaCom Solutions, Inc

CC Certificate [PDF]
Security Target [PDF]
Validation Report [PDF]

PRODUCT DESCRIPTION

The TOE is ForeScout Technologies’ Intrusion Detection and Prevention System (IPS), a software product that protects organizational networks from network-borne threats. The TOE identifies impending attacks against the protected network by identifying the pre-attack activities that precede them. It then neutralizes the attacks in real-time by blocking them before they penetrate and potentially compromise the protected network.

The TOE consists of two components:

  • “Scout” – a server component that monitors traffic to the network;
  • “Manager” – a console component by which administrators manage the TOE, define policies, review audit logs, etc.

Scout is positioned at a network choke point and monitors traffic for signs of pre-attack activity. Scout is responsible for accurately identifying attackers, marking them as threats, and implementing a blocking policy that prevents the attackers from infiltrating the network.

Manager is a component that enables an administrator to locally or remotely view attacker activity, configure and administer Scout and generate reports for ongoing findings. Residing on any point of the network, Manager also presents a visual overview of Scout’s threat prevention activity, including a geographical and topological representation of potential attackers and the preventive steps taken against them. Operational activities performed by Manager are policy definition and update, user definition and management data and audit log presentations.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. ForeScout ActiveScout / CounterACT was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in July 2005.

ENVIRONMENTAL STRENGTHS

The TOE provides the following security services:

  • Security Audit – the TOE generates audit information for security-relevant events and enables authorized administrators to view the audit records.
  • Identification and Authentication – the TOE allows only users who have been successfully identified and authenticated (authorized administrators) to access security-relevant functionality, including viewing audit records.
  • Security Management – the TOE enables authorized administrators to define policies in which the parameters affecting the attack identification process and the response are specified, as well as defining other administrators and system-wide parameters.
  • Attack Detection and Prevention – the TOE protects networks from attack by responding with false information and then blocking the attacker and thus rendering them harmless.

Vendor Information

logo
Forescout Techologies, Inc.
Shaul Haham
408.213.2283 (Fax)
ccc@forescout.com

http://www.forescout.com