Microsoft & Forescout: A Powerful AI Security Partnership
(bright music) - Hello everyone. Welcome to another episode of "Tech Innovators Spotlight." Today we have a very exciting guest from security and Forescout is the guest and we are super excited to have Justin. Before I hand it over to Justin, let me hand it over to my co-host today, to Raquel, to introduce herself and how she's associated with Forescout. - Hi everyone.
I'm Raquel, the Azure specialist working with Forescout here at Microsoft. I've had the opportunity to work with them over the last year and support them on their journey with Microsoft and their migration to Azure. - Welcome, Raquel. - And over to you Justin, please introduce yourself and a little bit about Forescout as well. - Sounds good. My name's Justin Foster, I'm CTO here at Forescout and we provide four core things, asset visibility, risk management, threat management and control.
- That's amazing. Thank you for taking the time. We are super excited to bring you on board. We have not done, you know, an episode on security thus far. And so with AI, security is at the forefront and so is for Microsoft. So this is going to be an exciting episode.
So Justin, when you talk about Forescout, what differentiates Forescout from other peers of yours in the security space? - Sure. Our customers generally use us to continuously assess their networks, keep rogue devices away and ensure compliance. We also help them manage risks and threats across IT, IoT, OT and medical devices. For unmanageable devices like OT, assets like the ones that you can't put Defender on, we shine especially bright with network-based threat detection, risk management, vulnerabilities and recalls.
In short, if you have a cyber incident and a threat from a malicious actor, those come together to create a malicious event. That could be a vulnerability, but it could also be a misconfiguration or a gap in their security coverage. Our mission is to continually assess and provide protection to close those gaps.
Make sense? - Yes, absolutely. Thank you for that overview. And based on that overview, it feels like you touch all the industry and I also did some research and you know, you're as you said, medical devices for healthcare but also manufacturing with IoT and so the breadth and also defense and government. Tell us a little bit about like which industries do you feel like benefits end-to-end and are there are some of the top ones that you cater towards with a high visibility? - Yeah, it's a very good question. So Forescout is sought after by any industry under regulatory pressures to know what their assets are and meet regulatory compliance requirements. Many of the industries have unmanageable, unagentable devices and that's why the partnership with Microsoft is very important to us.
In fact, organizations we protect, you have a number of unmanageable devices that exceed the amount of manageable devices like desktops or laptops or servers in these cases. Our largest sector is government, financial and healthcare are the three top ones. For instance, we help the US Department of Defense to ensure devices are compliant before being on the networks with the Comply to Connect program.
This is for all branches of the Defense Department. We also protect healthcare payer and providers, keeping their network segmented and safe. We help protect biomedical devices including usage and recalls and we help some of the largest financial institutions on the planet help keep their network secure by keeping rogue devices off the network and providing continuous real-time compliance. Primarily we're in the area of things like NIST, CSF, HIPAA or CIS where we're required.
- That's incredible. Do you feel like one of the value prop for Forescout is just the overall value that you can provide end-to-end and so they don't have to go and stitch fix various solutions from security providers and they can just rely on Forescout to make sure like end-to-end security protection. Do you feel like that's one of the things that, you know, customers get excited working with you? - You know, I think the thing is we're almost like the security Switzerland where we make everything work and work together. We work with almost 250 different ISVs to stitch things together for security automations, visibility, compliance, you know, and we sit in a neutral position so that we can work with every switch vendor on the planet, every EDR on the planet to combine the information in powerful ways.
So say the EDR is saying this device is no longer compliant, we can talk to the switch and take that device off the network. It's a really good question though. - That's incredible. So you make it easier for them. You know, you take away that high maintenance from the customers and say, hey, we are here. We'll take care of all of this.
Like you don't have to worry about it and you can trust us. That is pretty incredible. - Justin, based on what you just said and the work we've done together, I know that there are just a ton of synergies between our two companies.
Can you tell the audience just a bit more about why Forescout chose Microsoft as a partner on this journey? - For sure. We chose Microsoft as a comprehensive partner for our company as well as our cloud needs. So on the go to market side, we believe Microsoft, we can help their clients with zero trust assurance, automated attack disruption, continuous asset protection, and much, much more. As part of the strategic partnership agreement, we chose to focus on Azure Marketplace and our clients run a massive amount of security protection already on Azure today.
As a nice bonus, we're IP co-sell eligible, we're MAC eligible and going a bit deeper, you know, we have off the shelf integrations with Defender for Endpoint, Entra, Sentinel, Intune with more being planned. But when we think about our own cloud, you know, we run a lot of cloud compute as a company, our SaaS products, we chose Azure for its robustness, it's competitive pricing, its features and we just unified all of our capabilities on all of our clouds into one to provide segmentation, health monitoring, risk management, threat management in a single Azure project running in multiple global Microsoft points of presence. And I'm so excited for that. - That's wonderful. And I know that you've been able to leverage AI on this journey as well. Can you tell the audience a bit more about how you've been able to do that? - Yeah, we're using Microsoft AI for our own productivity, but also in our products.
For example, we're using Office Copilot and GitHub Copilot for productivity boost internally. But in our products we're using GPT-4o, the letter O, not the number O, through Azure OpenAI Service to summarize assets, risks and threats as well as simplify reporting for executives through generated summaries. We've seen productivity boosts on the AI assistance side and our customers are benefiting from areas like GPT-4o creating initial summaries for case notes for a threat for instance. So an analyst doesn't have to do the initial documentation for a threat that might have, you know, a hundred different components to it. We can distill that down using generative AI and then they can edit those notes from there.
We're also launch partners for Security Copilot in the Sentinel providing two integrations, one for valuable threat detection, especially around OT, where we show emerging threat actors and vulnerabilities. The other is if they have any Forescout products, we can feed the asset information and compliance data and all the changes up into Sentinel and Security Copilot. So you can see all that for the analysts at their fingertips. But in a broader way, what I'm most excited about is we're seeing a shift in the industry towards autonomous agentic AI and Forescout has a large set of data, both risks, threats, asset compliance, threat actors, IOCs. So I'd say stay tuned for more on that.
- So exciting, you've been able to incorporate so much and just through working with Forescout, I've noticed you've been so thoughtful about how you prioritize the use cases that are gonna have the biggest impact to your customers. Given we're in the era of AI and you know, everybody has interest in AI, can you share more on how AI is shaping your offerings to customers and what value you see it bringing to them? - Yeah, I think the main thing is we're using it for distilling information. So taking the wealth of information we have, doing the prompt engineering ourselves instead of leaving it open and combining those into outputs that the user persona can understand. So if you're a security analyst, create me the initial summary of that incident.
If you're a GRC analyst and you're looking at that asset and remediations or you're in vulnerability and risk management, you know you want a different set of recommendations around remediations. But if you're an executive, you know, what does this number mean? All these acronyms in cybersecurity you don't understand. So we use generative AI for instance, to distill that information down to something a board member could understand who may have never touched security products at all in their past.
- Yeah, there's so much value in that. That's great. It's making everyone's job so much easier. I love to see Forescout incorporate that into your product.
Justin, can you share glimmers of where you see AI taking Forescout in the long term? Any thoughts to share with the audience on that? - Yeah, I think what everyone wants to know is how to most efficiently use their time. We have a wealth of information on assets, risks and threats and we see a deeper use of agentic AI to help individuals be more productive and help organizations take down relevant risks. In the future, where an operator, you know, could ask something to the AI like, what should I do today? Or better yet, and agentic AI having multiple purpose-driven AI subsystems doing remediations and harbing for you, I think we're at the precipice where, you know, humans will always be involved in the decision making, but we can do more and more through automation and AI that we can apply that to the cybersecurity 'cause we know the threat actors are doing that. So why not embrace those tools ourselves to make sure that we're staying ahead of the game? - Thanks Justin, it's really exciting. Vrushali, I'll hand it back over to you. - Yeah, thanks Raquel.
So Justin, you kind of touched on a few things there, which I was kind of thinking that okay, it would be amazing to hear Justin's thoughts here. So let me ask you, when it comes to security, especially true for security, you can debate about whether AI has created more work and more threat and more threat actors have access to multiple avenues now more because of AI. And one could also argue that with AI, we can now tackle them faster or we can address those which you know, probably would have missed by the loopholes.
Like what is your philosophy of AI and security together and how do you kind of foresee us, whether it is helping us or whether it is not helping us, how do you foresee like our future will take over with AI? - So, you know, AI is a tool like anything else and we have to be careful with certain things. Like we saw the, you know, the potential is tremendous, but there's cautions, right? When you ask certain AI models what you should you patch, they'll say Windows 8, 9 and 10. And we all know there was no Windows 9. We also have to be conscious about jobs, however, in the right way, you know, AI tools are productivity accelerators.
I think the one major difference is we're incumbent to the ethical use of AI in the security industry. The threat actors are not. And so how do we innovate in ways that leverage AI automation, you know, quantum computing future developments at the pace at which will outpace threat actors that may be less funded or less coordinated or less compliant to ethical considerations that we have. Does that make sense? - Yeah, absolutely. And and that's one of the things that we as Microsoft also kind of take it front and center.
That's why we have like responsible AI, we have the principles of ethical AI, right? Like there are several investments that kind of orient around that, however each company kind of operates differently. And so it's very refreshing to hear from you in terms of what sets front and center for Forescout and that's like ethical AI because that's super important and very aligned with Microsoft as well in terms of how we wanna kind of not do innovation just for the sake of it, but do innovations right and do innovations in a way that kind of helps the entire world. And to that note, yeah, go ahead.
- Sorry, I think that's the main reason we didn't just jump into a chatbot like everybody else in the security industry. One, I feel they're clunky. You're using human language to convey things that should often be visual, but two, it's open to, you know, you have people asking other security AIs, how do I cook an egg, for instance, right? We don't want that.
We wanna make sure we're taking the structured data, the prompt engineering ourselves where we're saying, you know, act like a security analyst, take this information, distill it down to something that is two paragraphs long maximum, and then spit out high quality output. Not to say we will never do interactive chatbot, but I think too many people left that stage where it can produce results that you may not want to feed to your users. So it's not just the ethics, it's also about the relevance and quality of that output.
Does that make sense to you? - Yeah, yeah. And not to jump, yeah, and that absolutely does because we don't wanna jump on to the first thing that's out there and sort of say, okay, we are just gonna do chatbots because there are several thousands, not just in security, but everywhere that you'll take a look, right? So you having that niche and kind of going after the value that you can deliver in a rich way, in a rich manner to the customer goes a longer way than us just creating a chatbot and then sort of people struggling to see the value. And that kind of ties into sort of what Satya kind of keeps saying, and I'd love your thoughts on this, is like increased AI would be successful when we can successfully say that it has increased the GDPR of the world. Whether it is one country or whether it's all.
With security and AI together, I feel like there will be more and more investment going into security, to one, understand AI and then to work with AI ethically. What is your take when it comes to sort of increasing the jobs around security, increasing the value that we have given to security historically versus now? Like what are your thoughts around how AI will change this space? - In cybersecurity we have, between one and four million open roles, depending on who you ask. We're never gonna close that gap.
We're never gonna train people fast enough, even though there are good programs to go towards that direction. I feel like, you know, increasing the GDPR is an interesting statement. I think that applies more to other industries. For security for me, it's more about reducing MTTR, MTTD, and filling those job gaps because we need tools to be able to reduce the time to detect, the time to respond and filling in the missing roles that we have. Many SOCs, for instance, are staffed at half the level 'cause everybody's fighting over the same security analysts driving up prices. So it's not, you know, in the security industry, it's not about AI putting anyone outta work.
It's about making sure all the work's being done. - Being done and we have just so much white space to your point that, you know, the more we can train the people and more tools we can put in place, the more successful everyone is going to be. So help us understand, you said two acronyms.
You used two acronyms, what were those? The MTR and MTT? - The MTTR, the meantime to detect and meantime to respond. That applies to the reactive side. So if you think about threat security operation center, you know, here in Forescout, we also look at the proactive risk management, exposure management side of things and the compliance side of things, or GRC side of things.
Each of those have different needs, but each of those have a cybersecurity skill shortage. They don't have enough people that are trained to fill those roles. So the more that we have, again, AI is one of the tools in the toolbox. Automation is a big one too.
The more you can tie systems together and integrate different vendors from the ecosystem, you know, many large organizations have 70 different ISVs, 70 different tools. You know, they'll have Defender and Sentinel from Microsoft, but they'll have, you know, firewalls from Palo Alto, they'll have CrowdStrike, they'll have, you know, you name it and they have to tie it all in together. And it's made worse by acquisitions, right? You go acquire a company, they had a different set of tools and you've gotta integrate all of those.
Or we work with a hotel chain, and you can imagine hotels change hands. Often the building owner is different than the brand that you see on the top. So they have all the brands of network gear, they have all the different type of, you know, check-in desktop terminals or printing your boarding pass. So the, the key is accelerating through automation and AI to pull all this information together to make the right decisions in the right time. That's what the response time is.
You know, do I patch the vulnerability in this one or this one? Well this one is being exploited awhile, let's do this one first. Threat, finding that threat in the first place and then reacting, how do I limit the blast radius? Do I do that through taking it off the network or locking down the EDR or blocking a firewall port or patching something? That's the race. That's the race is we never have enough time and we have too much to do.
And I feel like partnering with Microsoft, you know, we're gonna help accelerate those outcomes through AI and automation. - That's fantastic. So we talked about AI extensively, but then there is also so many companies that are very apprehensive about AI and they're like, we'll just let things settle down, dust settle down.
Like let us identify and just wait for us to figure out what AI is and then jump on it. What would be your guidance to those people? Should they wait? Should they try small? Like what would be your philosophy around that? - To me, it's unavoidable. It's about productivity gains and accelerators, you know, we still feel a human decision point is involved in every step of the way, but the ceiling for gen AI, for instance, is tremendous. Whether it's in communicating more effectively or shortening the time to detect or time to understand or communicate, time to respond, you know, we're seeing implementations of generative AI accelerate all those human decisions. We embrace the efficiency that it brings, but also believe that we're many years away from fully autonomous decisions for critical infrastructure, critical assets, critical decision making. You know, that's on the product side for a second.
But, you know, thinking just about us as employees and users, I'm here in our Ottawa office, you know, GitHub Copilot, we're able to prove that we can increase productivity. McKinsey & Company says it's about 15%, but I personally think it would be much higher based on our initial pilots with GitHub Copilot. Imagine that savings, you know, writing code or renewing code, reviewing code, you know, creating test cases, generating documentation. When developers spend more time solving complex problems, creating beautiful user interfaces, innovating in ways AI can't, we are gonna win.
And instead they're spending a lot of time on the mundane, like generating unit tests for this function when AI is a tool that can do that. Believe me, it also took us a little while to get through the legal process to get it acceptable to generate code and use it in our core IP products. But it was worth it. We brought in our sponsors, we brought in lawyers, we brought in people from McKinsey and we made that decision in a responsible way, but in a way that saves us millions of dollars. Or actually, I'll say it differently.
We didn't reduce any staff, it's increased productivity. So maybe Satya is right. - It does.
Yeah, because even like internally with GitHub, this is one thing that we are actively working on. It is to understand when developers are productive, how do we enhance and give the assets to the companies for developer of lifecycle, understanding that, because we also don't want anything not to be in the hopper when the developers are done with coding, right? Because now instead of 90 days to deliver something, for example, they can deliver that code in 30 days or less. It's like, okay, but we have to plan for the 60. We cannot like not do anything for the 60 and wait for another life cycle of the semester to kick in when they know what features to release, right? And so there is a lot of the backend of accelerating innovation that's going on with GitHub to sort of just help you all figure out, okay, this is how it's gonna change all aspects, so let's be prepared as developers become more productive. So it very well resonates to what you're saying.
- Yeah. Like unit testing becomes faster, regression testing becomes faster, creating your internal tech documentation becomes faster. Creating external user guides and information becomes easier and faster. - Yes. - So if you can shorten that time between, I've coded something really neat, I want to get it out to our audience, oh, there's this test and regression and documentation and release management cycle. If I can squish that more and more, that just becomes time to value for our customers and more acceleration for them. - Absolutely.
More acceleration, more innovation. Yeah, more breakthroughs, I love it. So tell us, when sellers like myself and Raquel are talking to our customers, what are the things they should be listening to sort of now, okay, this definitely we need to bring in Forescout for this kind of use case or this kind of problem statement. What would those be? - Yeah, I think asset discovery, NAC, of course we're historically known for that. I think when need talk about zero trust, we're a fabric of that. I think security automations, I wanna accelerate outcomes, but I think the clearest place that we have great synergies is beyond manageable devices, OT devices, you know, we can speak over 200 non IP protocols.
We offer network-based IDS, we offer risk management, patch management, remediation, you know, and you can put our product in switches, you can put in the hub of a wind turbine or we have projects, autonomous vessels at sea. We have much more flexibility than say, Defender for our OT. When it goes deep into those unmanageable worlds where we're looking at network-based threats and we're looking at how to keep those operational, we also look at operational alerts. So for instance, say you have a PLC and a sensor and that sensor is malfunctioning and it's sending mod bus signals that don't look correct. We can say, hey, that doesn't look correct. Go replace that sensor before there's an operational failure in your factory or your power grid generation or your traffic lights or your, you name it.
We cover all the different types of environments out there. - That's incredible. As you stated, at the beginning of the call, it's like Switzerland, right? So anything around the threat management, detection, compliance, security, it's like Forescout will have the answer for that is how I see it. Is that a fair statement? - Yeah, I think understanding what you have vendor, make, model, is it compliant, is it not compliant? The operational technology devices, IOT devices, medical devices, we have a lot of depth in that area.
And then of course, network access control, that's still something many organizations require to keep their network safe. So we go in and either do pre-connect where the device has to be compliant before it joins the network, or we do a post-connect where somebody plugs a noncompliant device into a LAN port here, we checked it and shut down that switch port. That's still a very valuable control. Even in the age of cloud, you still have a lot of on-prem equipment that's talking to each other and networks that can be infiltrated.
- Oh, we take a lot of security trainings. It's definitely important for us for sure. Raquel, was there something that you wanted to add? - Yeah, I just wanted to add, you know, the better together story between Forescout and Microsoft is so amazing because it really offers that comprehensive security view when you're using both tools. And so what I would just add to sellers is it gives your customers, and especially your enterprise customers that have all these endpoints, that have all the security data, a very comprehensive view that can be seen in Microsoft tools and integrations as Justin mentioned kind of in the beginning of our conversation.
So there's a lot of synergy and a lot of integrations that are important in these two companies. - That's fantastic. So if our customer wants to learn more about Forescout and products, where should they go? - Sure, the best source is Forescout.com of course. But if you prefer short form videos to guide you through cybersecurity and how Forescout helps, go to JustinFoster.name
and look at my video posts. I produce these one to two minute video posts that kind of distill complex topics like OT security for instance, down to something that anyone can understand, hopefully anyone can understand. But Forescout.com has a wealth
of information for you as well. - That's amazing. I did check out those videos by the way, and they are fantastic. That's how I ramp up now.
So absolutely, we'll list those assets at the bottom of this episode so everybody has access to those. Are there any final words that Justin, you, or Raquel, you want to give our audience before we wrap it up? - Yeah, I'd just like to say, you know, engage with the counterparts at Forescout. You know, we have over 3,500 customers heavily focused around the VLE segment. There's an opportunity to drive through the marketplace and create a deeper connection with their existing security stack through our integrations with something like Sentinel. You know, we produce a large volume of data for Sentinel, such as every relevant change to a device or a device becoming non-compliant. You know, we're really, really excited about this partnership with Microsoft and I really appreciate you having me on the show.
- Same here. Was very excited to have you and so thank you for your time, Raquel. Anything else you would like to add? - All I'll say is keep an eye out for case studies and things like that, we're continuing as we deepen the partnership to release things of that nature.
And so there'll be a lot of good things to share with customers. - Amazing. Thank you both of you. And thank you to our audience for tuning in. We will see you next time with another episode.
Thank you for watching. Take care. Bye. (bright music) Thanks for listening to the "Tech Innovators Spotlight Podcast." If you enjoyed today's episode, be sure to subscribe, rate and review us on your favorite podcast platform.
Wanna learn more about the AI innovations discussed? Visit techinnovatorsspotlight.com for more resources and insights from Microsoft and our technology partners. Stay tuned for more episodes where we continue to uncover the stories that are shaping the future of AI.
(bright music)
2025-03-22 03:20
