Forescout Platform Reviews

I primarily use Forescout Platform for its wireless functionality, predictive functionality, and NetFlow feature.

Forescout Platform's best feature is plug-in integration.

Forescout Platform's technical support needs to be improved - it could be faster, and its team could be more knowledgeable.

I've been using Forescout Platform for five or six years.

There are some problems with Forescout Platform's stability, but compared to its competitors, it performs well.

There are no problems with Forescout Platform's scalability.

Forescout Platform's technical support is slow to respond and could be more knowledgeable.

Neutral

The initial setup was straightforward.

Forescout Platform is on the expensive side.

I would recommend Forescout Platform for smaller businesses but not for large ones. I would give Forescout Platform a rating of seven out of ten.

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.

Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.

Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.

We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.

Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.

Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.  

We have been using the Forescout Platform for about a year.

We have had no problems with stability.

It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.

Technical support is generally very good.

This is our first NAC product.

The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire. 

We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.

I cannot speak to ROI.

Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.

We looked at Clearpass and ISE.

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. 

Importantly, the vast capabilities make it worthwhile. 

We use the Forescout Platform to manage all of the devices connected to our network.

The interface is easy to use.

The 802.1X configuration, which is difficult for all switches, is not required. It makes it easier to work with switches and IoT devices.

Forescout Platform is too expensive, so the price should be reduced.

Although Forescout manages endpoints and network devices, there is no capability for user management. This is something that should be added. For example, if I find that something is wrong in the services and need to disable a user's access, there should be no need to go to Active Directory and disable the user there. As it is now, computers and devices can be disabled, but not users.

I have been using Forescout for one year and am preparing to get my certificate.

This is a stable solution.

The Forescout Platform is easy to scale. We have more than 200,000 endpoints and at least 150,000 users.

I am working in the Security Operations team, which does not contact Forescout technical support directly. They are not responsible for the types of problems we have, such as checking for computer compliance and installing a new computer.

The complexity of the initial setup depends on the environment. I am managing an enterprise environment, so any deployment or any implementation will not be easy. Generally, however, Forescout is not difficult to configure.

This is a good product and I recommend it.

I would rate this solution a nine out of ten.

This solution ensures that every endpoint is compliant.

Forescout is easy to integrate with a lot of end systems.

It is very simple to set up.

We can scale the product.

It's stable.

Pre-sales is very helpful. 

The cost is too high. We are looking at some other solution where costs might be lower.

I've been using the solution for two to three months now. I've just joined the company.

The solution is stable. It is reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability a five out of five. We have not had any issues aside from a configuration that was not done right.

While I haven't personally attempted to scale, it is my understanding that we are adding licenses and expanding it. Therefore, in all likelihood, it can scale. 

We have 800 users in total. All departments use it.

While I have spoken to pre-sales and found them helpful, I've never really dealt with technical support.

In other organizations, I've used Nevis and Cisco ISE.

Nevis is not very good as far as scalability is concerned. ISE is good. There are no issues with that. Forescout also should be good. There should not be any issues, and I do not expect any challenges.

The solution is straightforward to set up. It is not complex at all. 

We're currently working with a third party that is auditing the implementation process. I also need some help from Forescout to validate how the implementation is currently done here.

I wasn't part of the initial setup. However, my understanding is there was a third party involved. We just brought in a new third party, in fact. We're in the audit phase and working out some parameters. We're working to improve the integration aspect.

Since the costs continually go up with each new endpoint, we don't really see an ROI. However, we do see value in the product.

The solution is very expensive. 

The price is based on the number of endpoints and is an annual cost. For one license, we pay around 3,000 Indian rupees.

If you keep adding endpoints, the price keeps going up. Even if one user has three endpoints, you are paying for each endpoint, not per user. 

We are customers. 

I'm not sure of the version we are using. 

I'd rate the solution nine out of ten. It's just a bit too expensive. Still, I would recommend it.

It's a Network Access Control tool.

The ability to control to identify devices and control the actual devices was great.

It is easy to set up.

It's stable and reliable.

The scalability is good. 

It is an affordable solution. 

The product is easily deployable and it is agentless.

Custom integrations need to be better. I'd like to have the option, for example, to integrate the Forescout Platform with a customized application or any other software out there that I am using at the same time.

I would like the Forescout Platform to be deployable on cloud solutions, like Huawei. It's not compatible with Huawei at the moment. It can be deployed only on Amazon and AWS.

I've been using the solution for five years now. 

It's very stable. There are no bugs or glitches. It doesn't crash or freeze. It is reliable.

The solution can scale as necessary. You just pay more according to the number of users you are adding. 

We have about 70 users on the solution. 

We use it daily for our clients. 

The solution is very easy to set up. It's not overly complex or difficult.

I'd rate the solution a four out of five in terms of ease of setup.

The level of maintenance depends on the organization. If you are using more resources, you'll need more people. For an environment of maybe a thousand users, you can deploy one engineer. He can manage everything.

The cost of the solution is about 5000 South African rands per year for ten users. That's about $320 USD. If you want to increase usage, you can easily scale, you just pay more. 

I'd rate the solution four out of ten in terms of affordability. 

We are users and a reseller. 

I'd rate the solution nine out of ten.

We needed some protection in our environment. We use this product in some areas in our network to monitor the security of the endpoints of our users. 

The environment was easy to configure. 

The user management has been very easy for the most part.

The initial setup is pretty easy.

Technical support has been very helpful.

The stability overall is good.

The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective and it's ultimately just too costly.

We may have some problems with compatibility - specifically with Cisco switches. We have the perimeter a Check Point firewall as an alarm for VPN connections. We have users integrating the VPN Check Point with Forescout. We can't seem to scale due to compatibility issues and price.

We have been working with the solution for around two years. It hasn't been that long. That said, we are moving away from the solution.

Overall, the stability of the product has been very good. It doesn't crash or freeze. There aren't bugs or glitches. It's been set up very well. We've found it to be reliable and the performance is good.

Our issue, in terms of scalability, is that we have a brittle machine. We struggled to get the licenses loaded. We would need to change the machine in order to develop a certain level of scalability capabilities.

At the moment, we have about 100 users on the solution, however, we require more licenses. Our goal was 1000 users on devices, however, it wasn't possible. The economics were against us.

While I have never personally opened a case with technical support in the past, my colleague has. He found them to be very responsive and helpful. He was satisfied with their level of service.

We did not previously use a different solution. Forescout was our first.

We are just now migrating to Cisco ISE. The problem is that we have around 500 users and we have only 100 licenses from Forescout due to the fact that it is a little expensive for us. We are trying instead to move to Cisco ISE, which has better pricing.

The initial setup was not complex. It was pretty easy. Installation maybe takes one or two days, and the implementation in total takes around two weeks.

We have a partner from Forescout in my country. He came to my company to meet with us. He helped explain a few things and assisted with network displays. 

There were about eight people that handled deployment between our end and the technical support side.

A Forescout representative ultimately came to our company for us. They assisted a little. They understood the cloud very well and were very helpful.

The licenses are quite expensive. Ultimately, we couldn't afford the amount we needed, and therefore we are moving off the product.

We might have paid in the ballpark of $20,000 yearly for our licenses. I do not recall there being other fees over and above the standard licensing fee.

We evaluated Cisco. The difference is the compatibility with our network. Other switches are Cisco devices, and therefore the compatibility and the integration were a little easier. With Forescout we have had some issues with some other access points. With Cisco ISE, we don't have that problem.

I do not recall which version of the solution we are using. We use the on-premises deployment model, however, we also have some clients on the cloud.

I would advise other organizations that, if they have multi-vendors in their network, use Forescout. However, if most of the devices are Cisco, it is best to use Cisco ISE.

It is a great tool and solution. We looked into it with the Magic Quadrant of Gartner and we have seen that it is a leader in the space. However, for us, it just doesn't work as well in terms of compatibility.

I'd recommend the solution. I would rate it at an eight out of ten.

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

Before our implementation of Forescout, we had no Network Access Control. This allowed all users, trusted and unknown, to access our internal infrastructure. This was a burden because we are in the contract manufacturing sector where each independent contractor brings in their own infrastructure and it is up to us to secure these networks. Since implementing CounterACT, we have been able to isolate and segment all unknown devices, providing strict requirements for device on boarding. Since implementing Forescout, our environment is significantly more secure.

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

The product could be improved in different ways: 

• The speed of identification
• More guest management features (i.e. extending time frames)
• Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. 

Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.

We have been using Forescout CounterACT for over a year now. We have been very impressed.

Forescout is one of the most stable pieces of software that I have ever worked with. Their updates are timely, and their software has an assortment of plugins and bolt-ons. Having a software this flexible would normally present itself with bugs, but we have not run into any software issues with their plugins, modules, or software in general.

We run virtual appliances. We have needed to bring up a fully functional data center in less than 15 weeks. Forescout takes less than a day to implement. Their product is very scalable.

Tech support is very good and knowledgeable. 

They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous. In addition to the support, they can take their time getting to you, which is another frustrating item.

The initial setup is very simple. The logic behind policies makes it very straightforward. With that being said, policies can be very complex, and if you are not careful, they could have unintended results.

Brite Computers was a phenomenal asset. I would rate them as a 10 out of 10.

The ROI is priceless. How can you put a price on someone's privacy?

We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.

We primarily evaluated Cisco ISE. We looked at Cisco ISE and were in the process of demoing it. We looked elsewhere because the MAC Authentication Bypass feature was not a workaround that we wanted to implement for over half of our environment.

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer. 

The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x. Many network devices are not ready to do 802.1x. Lots of endpoints are not ready to do it, or they're poor at it, so having a non-.1x solution is critical for maintaining stability on our network.

We did not have a NAC prior to ForeScout. It provides constant monitoring of the endpoints either through an agent or periodic monitoring with a local admin account. This makes posturing very easy to do. Once the device is on the network, we're able to determine, does it continue to meet the requirements that we need for a device to stay on the network?

Definitely, having more third-party integration would be an improvement. This is something that they're doing. Other products that we have on our network, if we're able to get ForeScout to talk with them, we'll get much better information to those products, things like Splunk and other data gathering.

Also, I think we have Rapid7, so all these different programs that want to collect a lot of information, ForeScout is able to do that. So having it being able to talk to them, the more it can talk to, the better it is.

I think there are some product maturity issues in terms of the web interfaces that its able to present for end users. They're working on those. Those are improving, and just other features that come along with them growing into this space that they have. They're getting feedback from us, and they're getting feedback from other very large customers on what to do to improve, and they respond very well.

2 years

We've had no issues with deployment.

We had a few issues that were unique to our environment, but ForeScout tech support has been very timely in being able to respond to them and getting us support we needed. We have had to have a few reboots due to some outages, but again, these are things that were able to be resolve very quickly. Overall, I would say that this is a stable solution.

We're a huge company, over 100,000 employees, and it does require that we have done our homework ahead of time -- that we know where our address space is, that we know what's out there, and being able to come up with a deployment plan is our responsibility. Once we had that, we were able to go with it, and it works very well.

Very good.

Very good.

Device setup is straightforward - NAC itself is always a complex thing due to its profiling of EVERY device that connects to the network.

The ForeScout engineers were there to help us without the standard, "Oh, you have over 100,000 endpoints? Well here's what every 100,000-endpoint company does."

We compared ForeScout to Cisco ISE. There were some other vendors in this space, but we felt they were for mid-sized companies at largest. Cisco looked like they had an offering that would be able to compete head-to-head with it in terms of size. The reason we picked this over ISE was because ForeScout had a non-802.1x solution for the wired network. We would avoid a lot of chaos and a lot of destruction if we go that route. Also, ForeScout had fewer vulnerabilities whereas Cisco ISE had several level-10 vulnerabilities that have been observed over the years. While we were testing it, two of them came out.

ForeScout has never had a vulnerability above 7.0, so when we look at the security of the system, it definitely meets that requirement where this is not something that's going to be compromised the way it looked, as though Cisco ISE had some potential for that. Much less disruptive, both Cisco ISE and ForeScout really require a client to get the full features of the system. They say that it can run client-less, but having the client gives a lot better functionality, and the ForeScout client just worked a lot better for us on our endpoints.

The most important thing would be that a NAC project involves more than just the network. You've got to have client people, PKI people, active directory people all working together with the network to make this product work and make it happen. There's so many ways that it could interrelate. If you're in a very large company, you've got to break down the silo walls and get everybody together from the beginning to make this thing work out, but once you have those people together, this is something that every group wants to have. Desktop people want it, the mobile people want it, the scanning people. Everybody wants it once they see it, so it does sell itself, but you've got to have that education meeting up front.