Forescout Platform Reviews

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.

Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.

Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.

We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.

Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.

Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.  

We have been using the Forescout Platform for about a year.

We have had no problems with stability.

It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.

Technical support is generally very good.

This is our first NAC product.

The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire. 

We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.

I cannot speak to ROI.

Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.

We looked at Clearpass and ISE.

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. 

Importantly, the vast capabilities make it worthwhile. 

We use the Forescout Platform to manage all of the devices connected to our network.

The interface is easy to use.

The 802.1X configuration, which is difficult for all switches, is not required. It makes it easier to work with switches and IoT devices.

Forescout Platform is too expensive, so the price should be reduced.

Although Forescout manages endpoints and network devices, there is no capability for user management. This is something that should be added. For example, if I find that something is wrong in the services and need to disable a user's access, there should be no need to go to Active Directory and disable the user there. As it is now, computers and devices can be disabled, but not users.

I have been using Forescout for one year and am preparing to get my certificate.

This is a stable solution.

The Forescout Platform is easy to scale. We have more than 200,000 endpoints and at least 150,000 users.

I am working in the Security Operations team, which does not contact Forescout technical support directly. They are not responsible for the types of problems we have, such as checking for computer compliance and installing a new computer.

The complexity of the initial setup depends on the environment. I am managing an enterprise environment, so any deployment or any implementation will not be easy. Generally, however, Forescout is not difficult to configure.

This is a good product and I recommend it.

I would rate this solution a nine out of ten.

We use the solution for network access. 

The Forescout Platform's most valuable features include its agentless configuration, which allows for easy integration with switches, and its broad customizability of rules and conditions for policy configuration. By leveraging its Network Access Control capabilities, the tool controls network access, allowing administrators to enforce policies tailored to the organization's needs. 

The tool is agentless. If it encounters any issues or undergoes shutdown, it doesn't disrupt the entire network.

Forescout Platform would benefit from using AI. Everything has to be set up manually, but AI can learn and suggest rules over time. It also lacks visualization, and some interface configurations need improvement. The visualization seems a couple of years behind compared to other products.

Therefore, visualization and interface components need enhancement. A few pages can be improved for better design compatibility with current standards compared to other products available today. The solution doesn't have a widget-based dashboard. Also, the visualization isn't as customized as Splunk's analyzer. I believe it could incorporate a similar design approach into its dashboard.

I have been using the product for six months. 

I rate the solution's stability a nine out of ten. 

I rate the tool's scalability an eight out of ten. 

I haven't contacted the tool's support yet.

I've had experience setting up the Forescout Platform along with other products like Splunk. In my opinion, the Forescout Platform is the easiest to set up. The main configuration task is enabling the spam switch on the network. Configuring policies can be complex, but that's more related to management than the Forescout platform. I rate its ease of deployment an eight out of ten. 

The installation itself takes no more than a day. However, depending on how quickly customers can define their desired policies, the full deployment process can take up to three months.

The tool's pricing is expensive but reasonable.

We have only done POC, and it hasn't progressed to production. Our customers are small and medium businesses, mostly from the banking domain. I rate it an eight out of ten. 

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

Before our implementation of Forescout, we had no Network Access Control. This allowed all users, trusted and unknown, to access our internal infrastructure. This was a burden because we are in the contract manufacturing sector where each independent contractor brings in their own infrastructure and it is up to us to secure these networks. Since implementing CounterACT, we have been able to isolate and segment all unknown devices, providing strict requirements for device on boarding. Since implementing Forescout, our environment is significantly more secure.

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

The product could be improved in different ways: 

• The speed of identification
• More guest management features (i.e. extending time frames)
• Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. 

Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.

We have been using Forescout CounterACT for over a year now. We have been very impressed.

Forescout is one of the most stable pieces of software that I have ever worked with. Their updates are timely, and their software has an assortment of plugins and bolt-ons. Having a software this flexible would normally present itself with bugs, but we have not run into any software issues with their plugins, modules, or software in general.

We run virtual appliances. We have needed to bring up a fully functional data center in less than 15 weeks. Forescout takes less than a day to implement. Their product is very scalable.

Tech support is very good and knowledgeable. 

They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous. In addition to the support, they can take their time getting to you, which is another frustrating item.

The initial setup is very simple. The logic behind policies makes it very straightforward. With that being said, policies can be very complex, and if you are not careful, they could have unintended results.

Brite Computers was a phenomenal asset. I would rate them as a 10 out of 10.

The ROI is priceless. How can you put a price on someone's privacy?

We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.

We primarily evaluated Cisco ISE. We looked at Cisco ISE and were in the process of demoing it. We looked elsewhere because the MAC Authentication Bypass feature was not a workaround that we wanted to implement for over half of our environment.

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer. 

We have two main use cases: wired networks and wireless networks. In the wireless scenario, our main focus is on authenticating users to ensure compliance before granting access to our private network.

We use the Forescout Platform for device visibility and control in our network. It's very helpful for tracking malicious or unusual activity. We use it to track which ports are open, which machines are running specific services, and to identify vulnerabilities. For example, there was a vulnerability related to SMB, and we could use the product to determine which machines inside our organization were allowing SMB traffic.

The tool's most valuable feature is its ease of configuring and controlling endpoints, particularly in building policies for endpoint management. Its interface is simple to use and offers good visibility.

When compared with other solutions, the Forescout Platform's standout feature is its ability to integrate with various systems. This capability is particularly valuable as it supports the implementation of a zero-trust architecture. We are currently in the process of constructing our zero-trust architecture, wherein the tool serves as a pivotal component.

The solution's compliance capabilities have indeed been very beneficial for our organization. Unlike other solutions, it allows us to implement controls swiftly. Typically, transitioning to a blocking mode with other solutions would take around six months. However, we achieved this with the Forescout Platform within just one month.

The product needs to improve its support. I know a case that dragged on for about one and a half years. They eventually suggested professional services and closed the ticket. We followed their advice, engaging the account manager and professional service team, only to discover that the issue was a bug. After reopening the case, it's been about six months, and the problem still hasn't been resolved.

Forescout Platform's support often takes a long time to respond to tickets. Even after we reply, there's another lengthy wait for feedback, and their responses sometimes seem to delay resolution with unnecessary questions. For instance, they might ask for details about previous issues. Meanwhile, competitors may offer temporary solutions but often lack or are unsatisfactory regarding technical or research and development support from Forescout Platform's team.

Another area where it can improve is when dealing with multiple sites and overlapping subnets. While it works well for individual sites, it struggles when managing several sites with overlapping subnets, especially with authentication portals.

I think the Forescout Platform could use some extra features or improvements in the future. Specifically, it could be better at working with other security tools. For example, when it connects with VPNs or security scanners, it could work a bit better. The tool has already made some efforts in this area, but I think it could do even more to make these devices work together

I have been working with the product for two years. 

I rate the product's stability a ten out of ten. 

My company has 800 to 1000 endpoints and approximately 500 users. I rate the tool's scalability an eight out of ten. Forescout Platform is fully operational in our company, managing all our devices. We plan to use it more in the future because we're setting up a zero-trust architecture. This will allow our staff to work remotely, even from home.

I have used Cisco before. When deciding which product to switch to, we picked the Forescout Platform because it was more stable and easier to upgrade.

I rate the tool's ease of deployment a ten out of ten. It is easy to manage and implement. With the help of our partner, it took about one to two weeks at most to deploy this solution. This includes setting up the policies, implementing them, and ensuring the product is operational. Building the policies initially took around two to five days. However, refining and enhancing the policies took approximately three weeks in total.

We required a team of one senior engineer and one regular engineer to deploy this solution. The regular engineer was primarily responsible for implementing the Forescout Platform. In contrast, the senior engineer was involved in specific areas, such as integration and troubleshooting issues during deployment.

We currently only need one engineer for maintenance. The solution is mostly up and running, requiring minimal intervention. On average, the engineer spends about five minutes daily checking for issues or addressing complaints.

I rate the overall product an eight out of ten.

I am using the Forescout Platform for access control, a central management dashboard of all endpoints, and blocking.

The most valuable feature of the Forescout Platform it's highly customizable and flexible.

If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on.

I have been using the Forescout Platform for approximately four years.

I rate the stability of the Forescout Platform a seven out of ten.

We have security engineers and support workers using the solution.

I rate the scalability of the Forescout Platform a seven out of ten.

I rate the support of the Forescout Platform a seven out of ten.

Positive

The time frame for the implementation can vary depending on what needs to be configured. It is important to have support from the vendor for the setup, it is not easy.

We used assistance support for the implementation of the solution.

The solution is not priced low. There are no hidden costs.

I rate the price of the Forescout Platform a seven out of ten.

One support person is enough for the maintenance of the solution if everything was set up correctly.

I would recommend this solution to others.

I rate the initial setup of the Forescout Platform an eight out of ten.

Forescout Platform's most valuable features are that it is very granular. We are able to cull out a lot of information about our particular device or endpoint. The configuration and the visibility are very seamless. Overall the solution is very easy to handle and it's very comprehensive.

We have visibility of all the hidden assets and there are various versions of implementations of an AV in our environment. From the Forescout Platform, we have clarity of the device, and all the different versions reported in a simple dashboard. The number of attacks has been minimal. After this installation, we didn't have any kind of noticeable incident.

I have been using the Forescout Platform for approximately one year.

The solution is very stable.

Forescout Platform is scalable.

We have approximately 4,000 people using the solution in my organization.

We have used the support and it has been good. However, sometimes we have missed them because of the timezone difference.

I rate the support from Forescout Platform a four out of five.

We have previously used Symantec Mac. We switched to the Forescout Platform because Symantec has certain inhibitions. Symantec doesn't have an agentless implementation and they don't have a roadmap.

I have done many POCs with many similar solutions, such as Aruba ClearPass and Cisco ISE.

The implementation of Aruba ClearPass was very difficult. When we tried other solutions, the initial learning is difficult and takes a lot of time. Forescout Platform has been straightforward to use.

Cisco ISE has a very difficult integration for us.

Initially, the implementation of the Forescout Platform took some time to figure out. The reason is we are a manufacturing unit and we have certain silos that are insulated areas where certain systems will not connect to the internet or to the LAN. Since there are many parts of it, we have to have an inclusive view of all those systems. It took a while for us to initially implement, but after a few months, everything worked well.

We have a help desk team for support of this solution. We have a few security people to handle it.  We don't require that much of people for maintenance.

The price of the solution is reasonable. We have paid for the license for five years. We have integration with Symantec AV for orchestration, and we have an additional license.

My advice to others is Forescout Platform is a good solution. It's fairly simple to deploy in an environment, far better than the other products in which we have done a POC, has good stability and performance. 

I highly recommend it.

I rate Forescout Platform a ten out of ten.

Our primary use of the Forescout Platform is to enhance network security. It is deployed in an on-premises environment, although there is interest in exploring cloud-based solutions.

Automated policy enforcement is particularly valuable as it significantly reduces the need for manual intervention, thus enhancing efficiency and security.

Customer support could be improved by providing direct assistance from Forescout employees or specialists at customer sites to enhance the support experience and effectiveness.

The scalability also needs some enhancement.

I have been working with the Forescout Platform for two years.

Forescout Platform's stability is rated at eight out of ten.

Presently, there are twenty five engineer architect using the solution. I would rate the scalability a six out of ten. 

The customer service could be improved, specifically regarding direct support presence.

Neutral

The setup process is straightforward.

Forescout's pricing is noted for its attractiveness, with potential discounts depending on partnership levels.

The comparison with Nozomi suggests a switch due to Forescout's more appealing pricing strategy.

Overall, I would rate the solution an eight out of ten.