Forescout Platform Reviews

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

Before our implementation of Forescout, we had no Network Access Control. This allowed all users, trusted and unknown, to access our internal infrastructure. This was a burden because we are in the contract manufacturing sector where each independent contractor brings in their own infrastructure and it is up to us to secure these networks. Since implementing CounterACT, we have been able to isolate and segment all unknown devices, providing strict requirements for device on boarding. Since implementing Forescout, our environment is significantly more secure.

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

The product could be improved in different ways: 

• The speed of identification
• More guest management features (i.e. extending time frames)
• Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. 

Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.

We have been using Forescout CounterACT for over a year now. We have been very impressed.

Forescout is one of the most stable pieces of software that I have ever worked with. Their updates are timely, and their software has an assortment of plugins and bolt-ons. Having a software this flexible would normally present itself with bugs, but we have not run into any software issues with their plugins, modules, or software in general.

We run virtual appliances. We have needed to bring up a fully functional data center in less than 15 weeks. Forescout takes less than a day to implement. Their product is very scalable.

Tech support is very good and knowledgeable. 

They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous. In addition to the support, they can take their time getting to you, which is another frustrating item.

The initial setup is very simple. The logic behind policies makes it very straightforward. With that being said, policies can be very complex, and if you are not careful, they could have unintended results.

Brite Computers was a phenomenal asset. I would rate them as a 10 out of 10.

The ROI is priceless. How can you put a price on someone's privacy?

We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.

We primarily evaluated Cisco ISE. We looked at Cisco ISE and were in the process of demoing it. We looked elsewhere because the MAC Authentication Bypass feature was not a workaround that we wanted to implement for over half of our environment.

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer. 

To be able to improve security within our network. We needed Network Access Control (NAC). As such, we reviewed the available vendors who could provide this service to us and selected the Forescout CounterACT (CA) product primarily because we needed to be able to position the product in several regional locations. At the same time, we managed and controlled it locally and dynamically where we have it responding to a single control center. While we have implemented today strictly for wireless access, we will be extending that to include wired access in the future.

NAC: Forescout CounterACT has allowed us to better open our access and control wireless access globally from our HQ. This allows us to monitor the network access for every office globally. This has improved overall security, reducing risk and opening up the opportunity to provide greater end user flexibility. 

The key feature we use is AD integration. That feature needs the least amount of attention once set up. 

Monitoring and logging are the pieces that we use most day-to-day. These are used by both our network and security teams to ensure proper operation with minimal risk. Whether machines attempting access are firm managed, vendors visiting, or IoT, all are available within the CA appliance. We plan to extend the use to further support growth functionalities and new work from home initiatives going forward.

Better reporting and analysis of access (based on client) would be helpful. Also, a tool that allows tracing a user through the rules to authentication.

More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated.

Two years.

ForeScout CA has proven itself to be very solid.

It is very scalable with a lot of features that we aren't even using yet today.

Technical support has been great. They are very knowledgeable, helpful, and considerate.

We used Cisco ISE but found that it did not have the flexibility that we needed within our organization.

Setup was anything but straightforward, but this had nothing to do with Forescout. This is the nature of NAC solutions in general. 

Setup takes significant preplanning. Don't expect to just drop it in, then have it up and running, even if you already use an alternative NAC product. However, it is worth it.

We used a Professional Services engagement from Forescout, but still experienced a lot of issues.

I don't know.

The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access.

We had ISE. As that product reached EOL, we considered whether there were alternatives to a NAC that we should consider but felt that a NAC is a security requirement.

In both the environment I have used CounterACT to permit guests access and recognize automatically domain/white list members

It permit to treats the access policy without lists of macaddresses but by mean a dynamic policy

it permits to discover and classify a lot of devices that the organization forgets to have to manage

The last two or three versions that have been released on CounterACT Forescout have allowed for the possibility to search for any kind of device. Before that, I could only search for guest domain users.

For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.

I've been using the solution for five years.

It is a very good product.

Very good policy has been released with the for device licenses that permit to "paint" the better solution using virtual appliances.

It has very good support, it is very easy to contact the country post-selling engineer.

The initial setup is very, very simple. It's more complex to tune the product in the company environment and usually, that requires two days. I need a few days to tune the product correctly. I do also need to do a lot of tests during the initial implementation.

We implemented together vendor team.

I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy.

no, I have used only forescout and I haven't need to use anything else

I have installed the solution for two customers. For one, I have used the CounterACT CT 1000. In another environment, I did a more complex installation and I have used the appliances and management in a tray.

Forescout is a very good company that delivers very good features. I love it. I'd rate it nine out of ten.

To find out what devices are in the network for our clients. We manage client's networks, so we have it on the client's network and they use it so they can make sure they know who's on the network and if it's secure.

We really like that we get full visibility of devices in the local network.

It could be better, they could work on the wide-area network and easier because it's a bit clumsy at the moment when we go on to a remote site. It works well in the head office but we've had challenges trying to install it across other sites. So pricing and support for branch offices. The interface is okay for the local office, but it's hard to get visibility from remote branches.

We have been using the Forescout Device and Visibility Control Platform for about two years.

The Forescout Platform is very stable.

It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch.

We have used technical support, it's been fine.

The initial setup of Forescout Device and Visibility Control Platform is fairly complex.

The Forescout Device and Visibility Control Platform is quite expensive. I would recommend it depending on the environment, but I would tell them to look at things that depend on their environment. There is other software as well.

I would rate the Forescout Device and Visibility Control Platform at a six out of ten.

We are using the Forescout Platform mostly for the Bring Your Own Device features. So we like it very much. We like the dashboard, the usability, and the Bring Your Own Device feature. That's our main usage of the Forescout.

We are really adapted to the product. So we find it perfect.

Now that I'm used to it I don't see many places to improve it. We really like it as it is. We think it's simple. We think it's very useful and we really like reports and everything. We like it very much.

The biggest disadvantage is the pricing. I can see that the product has value. I see that the product is really good. I think that the pro is it's really stable, but price-wise, I think it's bad. But you have to pay for quality. But the pricing can be a little bit improved in my point of view. It will be harder to choose if we start comparing features and prices and when we made the initial choice. Our choice was based mainly on features. There was no price comparison involved. I think that it is not in the same landscape. The landscape has changed and there are a lot of contenders in this field. The price scale could be improved.

I have worked with Forescout Device Visibility and Control Platform for two years.

The availability is one hundred percent available. So we don't have issues with that also, so very good.

The installation is small enough, it's 500 users and there are no issues with the performance. So our escalation costs, we are small so it's perfect. I've had no issues. The availability is one hundred percent available. So we don't have issues with that also, so very good.

Technical support was really great at the beginning of the setup. At the moment we don't use it because the product is very good. I cannot say if it's good or it's bad because we don't use it, we don't see any issues. It's very good. So for me, I cannot tell you if the support is fast or it's slow, or if it's good or bad because we don't use it. No, we don't use the support.

The initial setup was straightforward. We have help from the manufacturer, so to put it in place it was straightforward. We have been using it for two years now with no issues.

The pricing is really bad. We think that it's expensive. So the pricing part is expensive.

I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will buy it. 

I would rate Forscout Device Visibility and Control Platform at a nine out of ten.

Right now, we are looking to implement the solution in a hospital where a lot of people come to the lobby and are outsiders or guests. The VOD and guests' mobile phones will be able to connect to the Wi-Fi. This is the latest use case we are working on.

The solution offers very good management.

It allows for good detection of all the vendor products we have on-site.

The solution is very similar to other solutions, so it's not hard to figure out how to use it.

The solution could always improve by adding more features to make it more robust.

I deployed the solution for one project about a year and a half ago. I may implement another one for another project this year.

The scalability is quite good. It does depend on the complexity of the setup, but for our purposes, we've never run into any issues.

We've never had to contact technical support. We've never had a need to do so yet. I can't speak to the level of service they provide. We have our own team in-house that will troubleshoot if we run into problems.

The initial setup is pretty straightforward. It's not complex.

It took us about one week to deploy the solution. It didn't take long to set everything up.

I'm basically focusing on the product line right now. It's pretty good. The nice thing about it is that at last, we have a kind of software that's very easy to work with.

While most people in most of the cases do not want to go for Mac, in the case of cybersecurity, I believe it is very important to do so. In enterprise cases, the common culture is the DYD. Organizations need to add some sort of network access control to prevent many issues.

I'd rate the solution itself eight out of ten overall. It's quite good, but it could always continue to improve.

We've been able to use the solution for a couple of tasks including using it to monitor for anti-virus compliance. We also use it to monitor the health of the security history of our endpoints.

It's a great solution. We use it for the internet here and it's been helpful. It's a great product for our Mac PCs and we can implement it to both our wireless and our wired network.

It's very quick.

The compliance aspects of the solution are excellent and one of the solution's best features. It helps us maintain the compliance of our endpoints.

In terms of physical tools, we are very satisfied.

In our organization, the solution provides us with a sound perimeter. 

The user interface is quite simple.

The version we're currently on, 8.6, has a lot more plugins than past versions. Now you can plug in anything you want. It helps us to utilize the product more fully.

There's always room for improvement for the solution. Off the top of my head, I really can't determine anything that is lacking right now. Basically there is no room for improvement that I can describe.

The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup.

The solution has very good uptime, and we have had no issues at all in terms of stability.

We didn't have any issues with the ForeScout scalability. So far, we've agreed with the pricing required for both the hardware and the software. 

We haven't been in touch with technical support, so I can't speak to their level of service and how they interact with clients.

The solution is not that simple, however, it's not complex, either. It's a solution that does so much it needs a bit of understanding to properly use it. Once team members go for basic training, they should be able to handle it. The basic training will also give team members a networking background to be able to master the solution. It's not very difficult, but a person will have to be a bit technical.

I'd advise companies to ensure their teams are well trained in ForeScout before starting implementation of any kind. Those setting up and using the solution should have a basic background in networking. If users are comfortable with configuring, they can create processes for the environment. That way, it will be deployed properly.

Teams should also test the solution first before they launch so there won't be any surprises. If they need to make changes, they need to manage the process properly.

I'd rate the solution nine out of ten. If it was a bit less complex, I'd give it perfect marks.

We needed this solution in order to block rogue devices (laptops, phones, etc) and block external devices.

ForeScout has given us the ability to block unwanted devices.

The most valuable feature is the blocking of USB devices.

The ability to block external devices in Mac is lacking and needs to be added.

We have been using ForeScout CounterACT for three years.

We use this solution for Network Access Control to prevent rogue devices connecting into the network.

This product allows monitoring and control of the PC fleet across the company.

The most valuable features are remote access and administration scripts.

We experienced some detection issues when checking compliance for the Sophos agent.

• Immediate relocation of network devices to segregated "Vendor" network based on autonomous analysis. Prevents scanning, malware spread, corporate asset (i.e. printer) misuse, and reconnaissance on our network by third-party devices. Allows us to block VPN from our corporate network but still allow Vendors to establish them.
• Better information provided by Level 1 support (helpdesk) regarding asset information as we provide them with R/O access to the tool
• Visitor policy communication & acceptance

• Network Access Control, its core use
• Asset Intelligence for deskside
• "What port is it plugged into" intelligence for deskside
• Patch-level Auditing
• Emergency response, risk assessment information to get a view of the vulnerability
• "What PC is a user on" for helpdesk/IT security/deskside
• Forces PEN Testers to request permission to exist on your network

• JAVA Memory management - leaving the app running for multiple days requires relaunch
• Search - needs boolean functionality (or psudeau operand now working)

Stability has been good.

• It is very scalable, allowing additional strategic appliances as required in either physical or VM format.
• We control >400 field sites, two Oilsands mines, multiple remote platform locations, 2 Canadian Metro offices and 1 UK office with 4 appliances centrally located.

Customer Service:

It's excellent! 

Technical Support:

It's excellent!

No previous solution was used.

It was straightforward, although I recommend having a strong relationship with network-asset owners to ensure SNMP rights are looked after.

We used a vendor, Conexsys (Graham Cheng & Jerry G), who were excellent.

Forescout's flex licensing has made our deployment more agile and helps us adapt our environment without buying more hardware.  

Under their old model, licensing was tied to 4k and 10k appliances which strained under the new v7 and v8 Forescout OS when nearing their designed capacity.  To acquire a new appliance, physical or virtual, meant buying licensing for that size of appliance.

Under the new flex licensing model, we've been able to deploy VM appliances, responsible for host interrogation and management, while retaining our physical appliances for SNMP switch management, and span aggregation.  

Under the flex licencing model, we've deployed to our ICS segments, and are deploying VMs to our DCS environment, allowing for full visibility under one 'pane of glass' of nearly every host on our network.

Ensure you consider everything you want to monitor that has an IP. Devices with multiple IP's count multiple times against your license count.

This was chosen without hands-on evaluation based on reviews and industry feedback.

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.