Forescout eyeExtend for ServiceNow Module & Associated Apps for ServiceNow

Forescout eyeExtend for ServiceNow along with the Forescout Apps in the ServiceNow Store enable bi-directional integration of the Forescout platform with ServiceNow CMDB, ITSM and Security Operations products. Your IT operations, security and network teams benefit by letting Forescout eyeExtend orchestrate workflows to streamline asset, IT service, security operations and risk management. eyeExtend plays an integral role in ensuring the maximum effectiveness of the ServiceNow platform in support of the following use cases.

PRIMARY USE CASES*

1) Continuously maintain a real-time asset repository. Forescout eyeExtend for ServiceNow powered by the Forescout platform helps you automatically true-up your CMDB for all connected IT, IoT and OT assets by continuously discovering and assessing devices then sharing device properties and additional network context with your ServiceNow CMDB. Configuration Item (CI) records are created or updated as needed. Additional context Forescout can provide includes device type, OS, firmware, authentication method, user information, location, patch status, the switch port to which the device is connected, VLAN information, network segment information, compliance status and so on. The Forescout platform helps ensure your CMDB is accurate and up to date, creating a single-source-of-truth repository for all assets at all times.

2) Leverage Forescout and ServiceNow to update MAR list. The Forescout platform identifies unmanaged IoT assets the moment they connect without requiring agents or supplicants. Once an asset is discovered and identified, Forescout can automatically update the MAR list in 802.1X deployments and assigns them to their appropriate network segment. This eases the error-prone and time-consuming process of updating the list manually. When devices are taken off-line for maintenance or retired permanently, Forescout gets the information from the CMDB in real time and updates the MAR list automatically with the new asset state information.

3) Use your CMDB to authenticate devices. Forescout eyeExtend for ServiceNow helps ensure that all IP-enabled corporate assets are in the CMDB. In non-802.1x deployments, at the time of connection, eyeExtend triggers Forescout to authenticate devices based on their existence and status in the CMDB. Forescout then assigns them to their authorized network segments. This helps in maximizing the return on your current ServiceNow investment.

4) Automatically create ServiceNow IT service incidents for policy violations. Forescout continuously assesses devices for configuration and state compliance and automatically creates a ServiceNow IT service incident if a device is deemed noncompliant. The IT service incident is automatically associated with the asset record within the CMDB. This expedites the resolution process and ultimately reduces the meantime to resolution.

5) Automatically create ServiceNow security incidents for compliance and threat management. The Forescout platform continuously assesses devices for security compliance and automatically creates a ServiceNow Security Operations incident for at-risk or compromised devices. It also connects security incident information with CMDB asset record. and Forescout solutions. This helps to reduce operational steps and reduces the meantime to resolve security issues.

6) Automate remediation and network access control workflows. ServiceNow ingests the IT service and security incident data from the Forescout platform and uses business context from its CMDB to prioritize policy enforcement actions. Through eyeExtend, ServiceNow can direct Forescout to take remediation actions for incidents such as patch updates, restarting services, installing agents and blocking or isolating a compromised device on the network. Once remediated, eyeExtend updates the ServiceNow CMDB record with the new device state and allows network access per policy, thus providing you with a closed-loop workflow.

*All use cases listed above require both the Forescout eyeExtend for ServiceNow module and the Forescout App for Asset Management as the foundational integration enablement components. The Forescout App for IT Incidents and Forescout App for SOC Incidents can be added to accommodate use case #s 4 & 5 respectively.

Forescout also supports ServiceNow Service Graph through the Service Graph Connector for Forescout. This is an optional layer that allows Forescout data to be imported into the CMDB following ServiceNow's Common Service Data Model (CSDM) guidance. By supporting CSDM, Forescout data can be more rapidly imported into the CMDB and consumed by ServiceNow products that leverage the CMDB. Service Graph support also allows for easier CMDB upgrades. The Service Graph Connector for Forescout requires the Forescout eyeExtend for ServiceNow module and the Forescout App for Asset Management.