ForeScout And Splunk Team On Big Data And Security Intelligence

ForeScout has made available bidirectional integration between ForeScout CounterACT and Splunk Enterprise and a new ForeScout App for Splunk Enterprise

October 15, 2013

4 Min Read


.conf2013, LAS VEGAS, Sept. 30, 2013 -- ForeScout Technologies, Inc., a leading provider of pervasive network security solutions for Fortune 1000 enterprises and government organizations, today announced a technology partnership with Splunk Inc., the leading software platform for real-time operational intelligence. In conjunction with the partnership, ForeScout has made available bi-directional integration between ForeScout CounterACT and Splunk® Enterprise and a new ForeScout App for Splunk Enterprise. By combining ForeScout's dynamic endpoint visibility, access and security capabilities with Splunk Enterprise's advanced machine data analytics capabilities, enterprises gain enhanced threat insight and automated control.

ForeScout CounterACT helps organizations gain complete visibility for all devices, users, systems and applications attempting to connect to or on an enterprise network - wired or wireless, managed or unmanaged, PC or mobile. Devices are dynamically discovered, classified, profiled and assessed without requiring agents. CounterACT applies policy-based controls to: allow, limit or block access; manage guests and BYOD users; monitor and enforce endpoint compliance and mitigate violations and exposures. All captured information, as well as event logs, can be sent to Splunk Enterprise for data analysis, reporting and optimized retention. In addition, operators can enable Splunk Enterprise to communicate with CounterACT to directly mitigate security issues. As a result, IT organizations can make their data truly actionable.

"IT organizations are challenged with enormous visibility and control gaps given increased network complexity, BYOD proliferation and the velocity of sophisticated threats. Users not only want greater operational intelligence, but they also want the means to efficiently analyze data and effectuate policy," said Scott Gordon, chief marketing officer at ForeScout. "A combined approach with ForeScout and Splunk gives the best of both worlds to solve a broad range of security issues."

The ForeScout App for Splunk Enterprise allows customers to easily use and create a wide variety of operational dashboards and reports which take advantage of Splunk Enterprise to efficiently analyze, visualize and store huge volumes of identity, device, application, access and violation data generated by ForeScout CounterACT. Security analysts can combine this information with other big data sources for real-time monitoring and to conduct historical searches to identify advanced threats, fraud and other security exposures. Furthermore, Splunk can be easily configured to send triggered event data to ForeScout CounterACT in order to remediate endpoint security issues, isolate breached systems or trigger other policy-based controls.

"In today's threat landscape, all data is security relevant and requires a solution that delivers real-time insights. ForeScout CounterACT provides visibility to network and endpoint activity that our customers can use to augment their Splunk analytics in order to monitor for critical security issues and expedite investigations," said Bill Gaylord, senior vice president of business development at Splunk. "Leveraging the interoperability of Splunk Enterprise and ForeScout not only helps expand the surface area for customers to more rapidly and confidently identify problems but also automates controls to directly mitigate threats."

The ForeScout App for Splunk Enterprise is available now on Splunk Apps. ForeScout integration with Splunk is performed via syslog, CEF (Common Event Format) and Web API (Application Programming Interface) standards. To check out the app, visit ForeScout at .conf2013 (hashtag #splunkconf), Splunk's fourth annual worldwide users' conference, Splunk Partner Pavillion, booth 7.

Relevant Links

ForeScout Splunk Integration Resource Center

ForeScout Blog

ForeScout Facebook

ForeScout Twitter

Tweet this: ForeScout and Splunk Team on Big Data and Actionable Intelligence

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data&trade. Splunk® software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks, sensors and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. More than 6,000 enterprises, universities, government agencies and service providers in over 90 countries use Splunk Enterprise to gain operational intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cybersecurity risk. Splunk Storm®, a cloud-based subscription service, is used by organizations developing and running applications in the cloud.

To learn more, please visit

About ForeScout Technologies, Inc.

ForeScout delivers pervasive network security by allowing organisations to continuously monitor and mitigate security exposures and cyberattacks. The company's CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based remediation of security faults. Because ForeScout's solutions are easy to deploy, unobtrusive, open and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorised partners worldwide. Learn more at:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights