Forescout Platform Reviews

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

We use it to prevent malicious activities on our network that potentially infiltrate it. We've been able to take out over twenty percent of our threats connected into our environment that we just never had a means to stop from connecting up to our network.

We've discovered regular assets. Let's say you had a mobile device, you walked into our network, and you said "hey, I need to connect up to the network. I'm a contractor here for you all and I'm going to add in one device". You immediately now have access into our environment.

It needs easier integration to other partners that automate functions within the security phase. There's no difference because you're not going to be able to fill the places fast enough for all these security people. So how do you get it to be able to manage more with less people by automating some of the functions? So when, for instance, NetScout discovers something and installs a ticketing system instead of sending an alert to a person, it automatically opens a ticket with the appropriate levels and automates that stuff.

We've had no issues with deployment.

It has been stable. The benefit wasn't around stability, it was more around preventing instability. What we were fearful about is whether or not customers would get impacted by the restriction of them not being able to connect to the network.

For instance: you're an employee, your laptop was part of our asset, but your phone was not and your tablet was not. All of the sudden, now all three of those devices were all connected into environment. Well, I only want your laptop to be connected. Your mobile devices, I really don't care to because when you go, you surf wherever you want on your stuff. You could probably pull up malware and then plug it in as soon as you put in your credentials into our network. So we want to keep that one off and allow you to connect to the network but connect to the internet, but not to my infrastructure.

We haven't scaled it all the way up, but we started to pilot, grew it to a couple of floors, and then grew it to an entire building.

I've never had to use it.

My understanding is that it was complex simply because my mandate is to zero-in back to the user.

We did look at multiple partners and we ended up with ForeScout.

Definitely use it. It's a good protection tool.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

We've had no issues with deploying it.

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

The network access control is a valuable feature for us. It provides endpoint visibility of our network and controls who can access network resources. That's really powerful.

The problem with vendors like Cisco is that their solutions are limited their to own ecosystem, and in general they don't work well with other vendors. With virtual machines, it can actually collect data from a variety of different network solutions, such as Cisco, Bloomberg, etc. Any routing platform out there, you can import it today. It can basically integrate these products and you can use it for enforcement. You can use them to collect the data. 

The other one is obviously that CounterACT can provide you with virtual ability to control who gets access to the network. It can act as a super-based machine and provide a level of security. It is integrated more easily than other vendors.

The integration with Sync can be improved. We would like to see better integration with some other popular vendors. 

Also, the reporting needs improvement, as well as integration with PAL services. It also needs more options for different sizes of customers. It does really work well in the big departments. For smaller organizations it might be a little overkill of a solution.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

It's a little bit too complex. A little bit of simplification when it comes to deployment might actually be better.

I think it is a good product and definitely fills the gap. I don't think we have many competitors at this stage. The major competitor is Cisco, but the biggest advantage of CounterACT is vendor agnostic. It means that it can work with a variety of different products. That is the biggest advantage.

CounterACT is a very flexible product in terms of deployment where the users will have a Layer 2 or Layer 3 deployment depending on their network infrastructure while maintaining the product's features regardless of which deployment. For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Besides that, deploying CounterACT introduces almost little-to-no network infrastructure changes.

Integration with third-party products is also an important feature of CounterACT. While many of their competitors' products can only be integrated within their own portfolio, CounterACT manages to integrate with today's top security products to cover the security gaps that many solutions may introduce. CounterACT also provides a ControlFabric platform which may allow the users to integrate all of their security and network solutions into CounterACT.

As a distributor's engineer working on CounterACT, there are a few vast changes that I have seen after deploying CounterACT for our customers. A few of our customers reportedly had an easier time with their auditors on endpoint compliance, where they would only need to generate and turn in CounterACT's report. This saves both the customer's and the auditor's time.

Another improvement that we can see is automated security, where the customers would not need to manually turn on and off the switch ports for their guests. CounterACT automatically recognizes these guest and provides a self-registration feature to their guest while still maintaining the customer's network security posture.

There are few areas which will need vast improvements. The CounterACT graphical user interface could use a revamp as it may not look appealing enough to the end users.

Another area which the CounterACT should improve is their ability to deliver a more precise error messages to their users. At times, the error messages are not clear enough and are too technical to understand. Some of their error messages are not generic, as they are only understandable by the ForeScout engineers.

I've used it for three years.

There were no issues with deployment.

There are few issues with CounterACT that need more attention, mainly it's ability to process and perform discovery faster. At times, CounterACT takes too long to determine the endpoints, which may cause delays to the end users.

CounterACT could also use a more stable management console interface. This is because there will be times where CounterACT takes too long to login to its management console.

Another issue with CounterACT is that it does not provide very meaningful error messages when some error occurs. The error messages are hidden and it does not show unless the users click on a specific button or mouse over to the problematic elements.

There have been no issues scaling it.

The Customer Service is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

The Technical Support is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

Initial setup is very straightforward because there are only a few network configurations needed to be done. It does not require any downtime and could be deployed at any time during production hour. There are a few endpoint configurations that need to be done, which users can do so through their Microsoft ActiveDirectory or desktop management tools or software.

We implemented the solutions with our S.I. To ensure a smooth implementation, it is crucial to have all the endpoints and network requirements ready and configured before CounterACT is installed. It is recommended to start with the default policies and work on these policies to meet customers' requirements.

As we are an implementer, we do have an ROI for all our products.

For pricing and licensing, CounterACT is not an overly expensive product. They can fit most of our customers' budgets.

We managed to evaluate Cisco ISE. Cisco ISE is a complex solutions to deploy where it only supports users who use Cisco switches.

ForeScout CounterACT is a much more appealing product because of the market here in Malaysia, where the users uses multiple brands of switches with complex network infrastructure. CounterACT could easily adapt to these environments without any changes made to the customer's network infrastructure.

ForeScout CounterACT is like a Pandora's box, which contains a lot of functionalities that can be used to improve the customer's daily operation tasks and reduces manual workforce. It is recommended that the implementer understand what CounterACT can be used to do as different customers' business functions could use different functions of CounterACT.

• Guest management
• Antivirus compliance monitoring
• USB connection management

The bank has been able to manage host connection on the network, manage antivirus, and restrict the use of USB on the bank’s systems.

The patch management ability of the solution needs to be re-examined.

We've used it for five years.

There have been no issues with the deployment.

There have been no issues with the stability.

There have been no issues with scaling it.

Customer service is above average.

Technical support is above average.

It's straightforward to set up.

We used a vendor team alongside an in-house one.

The ROI is commensurate with the price.

The product is expensive.

To get the best out of the solution, the organization’s networks team must be willing to take ownership and provide assistance where required. Use tools like Gigamon during deployment and avoid spanning directly from Cisco switches.

The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.

Since my company is a systems integrator, we have ForeScout CounterACT in our lab just to test or troubleshoot customer configurations.

There isn’t a specific area to improve. It’s a good product from my point of view. Maybe the licensing and cost can be improved.

No issues with deployment.

Haven't had issues with stability.

Haven't had to scale it.

Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

With the use of the NAC solution from ForeScout, the company was able to defend against unauthorized access to the network, thereby thoroughly distinguishing who is a Corporate user and who is a Guest. Process for Guest Registration (if implemented properly) was also easy.

Detection and control of Dual-Homed devices needs to be improved, as the product sometimes gives false positives. Also, more custom policies should be made available.

I used this solution for 14 months.

There were issues of false positives whenever a new hotfix was installed even with the GA release. There was actually an issue where an upgrade to a new version of the hotfix plugin increased the CPU optimization and network bandwidth usage.

ForeScout is scalable since a management device is available to manage other CT boxes.

Technical support from ForeScout is pretty good, with escalations made promptly when needed.

No previous solution.

The initial setup was straightforward, as the steps were simple to understand. It only got complex when creating policies that are not simple.

I worked for a vendor team, and for any client ready to implement this product, I would recommend that the necessary requirements for deployment should be done before the team arrives to start implementation. This makes deployment less stressful.

No other options were evaluated.

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.

• Rogue detection and blocking
• Guest registration
• Full visibility of network hosts
• Threat protection

We are provided with real-time visibility and control of devices accessing our network.

• Reduce false positives
• Reduce bugs
• Improve on host classification
• Increase the Nigerian partner base

We've been using it for over two years.

No major issues.

No major issues.

No major issues.

It's good, but certainly it needs improvement especially on the side of the partners.

Initial setup was straightforward. All it required was to integrate traffic sniffing/monitoring and management ports into our core switch, and instruct the core switch to mirror every traffic to the device through the sniffing port. The rest was simply to define all our network segments on the device and integrate all access switches via SNMP.

We implemented it through ForeScout's only Nigerian partner, and this is what I would advise everyone interested in the solution to do.

It is quite expensive, but there are specs for small companies as well.

Cisco ISE was also evaluated, but the CT10000 was easier to implement and integrate into our environment.

You can go ahead, but you will need good network skills to get the maximum benefits from it.

I would also advise that you don't activate all the add-on features, but use it solely for its primary function - visibility and rogue detection/blocking.

Endpoint visibility, policy flexibility, compatibility and integration with other products.

Automation! One broad example is that we can now stop network threats right away and without intervention.

Forescout is constantly adding new features, so this may change as of this writing, but sometimes the switch management interface doesn't display accurate information which relates to false positives on individual switch access errors.

1 year

None that were Forescout related. CounterACT always opens a bunch of little IP sessions with endpoints, ake sure you have a large enough connection table on your firewall if you plan to put it behind one.

Minor. Had to reinstall one virtual appliance, which is painless when you have an Enterprise Manager.

No, this is one of the products strengths.

10 out of 10. Very responsive and address concerns quickly.

9 out of 10. Really fast response, high level of competency.

I switched from Cisco NAC because it is reliant on 802.1X, and has no other function than to ensure endpoints have authenticated via your method of choice.

Straightforward. Setup is simple with a solid, pre-defined set of policies that you build on and customize as you learn.

In house.

Without access specific numbers, we now have the ability to instantly shut down internal malicious hosts or traffic, refuse or restrict access to non-compliant hosts, discover risks on the network we didn't know were there, and automate the remediation of a multitude of security risks. As I work for an organization that spends a lot on security administration, at a minimum, the cost savings must have already paid for the product.

Palo Alto

Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP address. For example, a busy core switch can have 20+ IP addresses, and each one goes against your license count. Also, if you plan to have it behind a firewall, take into consideration your firewall's connection limitations. Although CounterACT isn't really a heavy bandwidth user, it does open a ton of short connections on a constant basis. The more you tune these down, the less accurate your real time host information becomes.