Forescout Platform Reviews

Forescout Platform can be deployed on the cloud or on-premise.

When we have a large enterprise environment with a lot of users, different security policies are to be applied in certain situations and locations. This is where the Forescout Platform is used. If we have some compliance requirements to have the NAC solution in place, we prefer the Forescout Platform over other solutions.

Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me. 

Forescout Platform can be much improved. The support for certain proprietary protocols from other vendors, but they are very widely used. If I can go a little bit technical here, I would say the TechEx from Cisco, if added to Forescout, then it will be a full solution for me. Additionally, the Forescout Platform can have better integration with other solutions, such as Cisco NFG firewalls. They need to integrate seamlessly.

I have been using the Forescout Platform for four years.

The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability.

The scalability of the Forescout Platformall depends on the license. For example, if you have a certain amount of users, endpoints, and anything else you need to put under governance. If you scale out to a higher number, all you need to do is increase the license.

We have five customers and a total endpoints users of approximately 15,000.

The support from the vendor we have received was good.

The initial setup is straightforward. We had to implement the solution in a short timeframe and we managed to do it in one month as a managed service.

Forescout Platform is easy to deploy. It's the fastest NAC solution that you can deploy in a large environment. There is the opportunity to improve as you go. It can be the first deployment, and you can improve as you go without any big disturbance to the environment. It's very flexible when it comes to implementing a certain security policy. You can have very complex security policies for the Forescout Platform. It makes the deployment much easier than others.

The deployment for the Forescout Platform takes two to three engineers. However, it depends on the size of the environment. The integration or the co-operation should happen with a lot of other teams. The main deployment team for the solution is from two to three persons.

We have a very clear licensing model for business. I don't have to have a Ph.D. to be able to understand the licensing model as you might need for other solutions. If I know exactly what we want, it can tell you which license you need. The solution is easy for purchasing, ordering, and ease of deployment as well.

As a managed service provider and system integrator, we are on an annual licensing model.

I highly recommend Forescout Platform, unless, there is a need to integrate with any Cisco TechEx environment. For other use cases, it should be the first choice as a NAC solution. It should come as the first option, with one exception only, if the environment has a lot of Cisco devices. The Forescout Platform does not support authentication to Cisco devices. There is a lack of some protocols on the box itself.

I rate Forescout Platforma nine out of ten.

I am a freelance cybersecurity consultant. I provide and implement products for our clients.

Forescout Platform is a very good NAC solution.

It's a very good product.

The agentless visibility is definitely unmatched and outstanding. 

The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done. 

It is a good solution, Garner rated because their leadership quadrant position is responsible for their market.

As a user, if I am using a laptop that is Wi-Fi connected, Forescout identifies my port connectivity as one user license, and if I take that same laptop with the same username to a wired network, which is also the same network that is used for the Wi-Fi connection, Forescout detects it as a separate license.

At times, I am working on wireless and sometimes I enter a zone where there is no wireless connection, which forces a land connection. This is an issue that needs to be resolved because it consumes another license for the same device and the same user.

This issue has been escalated to Forscout directly.

There was integration with Microsoft SCCM previously, and have suddenly stopped the open integration module for Microsoft. Customers are not aware of what is available to them in terms of the open integration module. 

Forescout Platform advised that there are many options available and many things they can do, but they don't tell customers exactly what they are. 

They need clear documentation and direction as to what the customer can expect from the open integration module. Customers need some clarity on what they can do and what is not possible to do.

When it comes to a full open integration we need to rely on the professional services from Forescout directly, no one can implement it as there is a limited amount of knowledge available.

They need to be more considerate, and there should be good documentation available to the customer.

They need to improve their selling approach or the consultant approach.

One of their use cases is an ITM use case, and ITSS asset management, but they don't really do ITSS management. They only detect the ITSS and all the parameters around that test, but they do not have any integration with any database system where they can store all these details and act like a typical ITSS management system. 

They should remove that use case in full. They should say that we complement your ITSS management by detecting the unknown assets in your network. This would be right.

I have been familiar with the Forescout Platform for more than four years.

In terms of technical support, their engineering team is very rigid. They must provide us with some clear answers and if they exceed the time it takes to resolve the issue, they will charge for that extra time. For example, if they go one day more, they will charge for that extra day.

We have completed significant deployments which are more than 4,000 endpoints. There was a complex network architecture.

All of the implementations have gone very well and the customers are satisfied.

They base the license on the number of devices, which is quite misleading. If I am one user, it should be based on that rather than how many devices I use with the same user name. 

To base it on the number of devices it can reduce one more license from my overall license allotment. It can result in four or five licenses for one user.

I was a partner of the company who was a Forescout Platform partner and I was responsible for bringing in Forescout, and establishing the service line for the Forescout Platform sales, pre-sales, and the implementation, but I am no longer with that company.

I would rate Forescout Platform an eight out of ten.

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.

Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.

Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.

We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.

Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.

Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.  

We have been using the Forescout Platform for about a year.

We have had no problems with stability.

It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.

Technical support is generally very good.

This is our first NAC product.

The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire. 

We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.

I cannot speak to ROI.

Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.

We looked at Clearpass and ISE.

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. 

Importantly, the vast capabilities make it worthwhile. 

We use the Forescout Platform to manage all of the devices connected to our network.

The interface is easy to use.

The 802.1X configuration, which is difficult for all switches, is not required. It makes it easier to work with switches and IoT devices.

Forescout Platform is too expensive, so the price should be reduced.

Although Forescout manages endpoints and network devices, there is no capability for user management. This is something that should be added. For example, if I find that something is wrong in the services and need to disable a user's access, there should be no need to go to Active Directory and disable the user there. As it is now, computers and devices can be disabled, but not users.

I have been using Forescout for one year and am preparing to get my certificate.

This is a stable solution.

The Forescout Platform is easy to scale. We have more than 200,000 endpoints and at least 150,000 users.

I am working in the Security Operations team, which does not contact Forescout technical support directly. They are not responsible for the types of problems we have, such as checking for computer compliance and installing a new computer.

The complexity of the initial setup depends on the environment. I am managing an enterprise environment, so any deployment or any implementation will not be easy. Generally, however, Forescout is not difficult to configure.

This is a good product and I recommend it.

I would rate this solution a nine out of ten.

We use the Forescout Platform for network access control and device management. The solution allows us to check the posture of our workstations to ensure they are compliant before granting them access to the network. We also use it to give people different privileges and access to our routers, switches, and firewalls based on their roles.

The solution's support is excellent. They are making an effort to attract more customers, which is reflected in their fast response times.

Forescout Platform has granular features and one of the most impressive features is the agentless feature. No agent installation is necessary for Forescout, which is amazing! It allows for agentless visibility into our network, even for Cisco devices that normally require the installation of AnyConnect.

Forescout Platform needs to improve how the device works in preventing rogue servers. Cisco has an impressive way of detecting rogue servers or rogue wireless access points to help protect the network. 

There is still room for improvement in this area with the Forescout GUI.

Integration with other products can be improved upon.

Fortinet and Cisco ISE have larger communities than the one available for Forescout Platform. The community size for the Forescout Platform can be improved. Forescout Platform doesn't have a big online community where people can go and ask questions and get solutions.

I have been using the solution for four years.

The solution is stable.

The solution is scalable.

The technical support is great. They are trying to win the hearts of the customers by responding immediately to calls.

Positive

The initial setup is straightforward. Large infra may take few days to deploy.

The price of Forescout is reasonable when compared to Cisco ISE.

I give the solution a nine out of ten.

We have around 50 people using the solution.

I would advise against investing in this solution for a small environment, as it is quite costly. For medium and enterprise-size environments, however, this is an option worth considering. The solution is much cheaper than Cisco ISE and Fortinet. 

The only community is still small.

Our primary use cases of Forescout Platform are network access control, user access control, and Wi-Fi network access control.

The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost.

Unfortunately, Forescout Platform can only be accessed by Android systems. iOS is not supported, so there are some limitations to the operating system. I would like to see all devices have access to the solution.

Forescout needs to upgrade its development in the future.

I have been using Forescout Platform for the last two years.

Forescout Platform is very stable.

The solution is scalable. It is not one box that has limitations on licenses. Forescout Platform is more capable than Aruba ClearPass. 

Customer service and support is a four out of five overall. I am satisfied with the support I receive. 

Positive

Comparing Forescout to Aruba ClearPass, the difference is in the price and the level of policy enforcement.

The initial setup of Forescout Platform is very easy because it is pre-configured. I would rate it a five of five for the ease of setup of this product.

Forescout Platform licenses include everything integrated into the system including eyesight, recovery, and valid license. All three come in one box. It is a very competitive product, being half the price of its competitors.

5,000 user licenses will cost you between seven and eight million dollars, compared to 20 million for Aruba.

Overall, I would rate Forescout an eight out of ten.

We use this solution for cyber-security purposes.

The 802.1X compliance authentication feature of this solution is very good.

We have found that the agent-based authentication, available within this solution could be improved.

The price-point for this solution is very high, which should be looked at in comparison with similar products currently on the market.

We have been using this solution for five years.

We have found this to be a stable solution.

We believe this product is easily scalable.

The technical support for this product has been good in our experience.

Neutral

The setup for this solution is very straightforward, but full deployment can take a number of years.

The cost of licensing for this product is quite high, but this cost covers all the features of the solution so it is a single payment for the term that has been selected.

I would rate this solution a seven out of ten.

The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices.

Forescout Platform could improve the vulnerability management as well as the control on the endpoint, which needs to be connected to my network.

In an upcoming release, they should add security features, such as malware and threat protection.

I have been using the Forescout Platform for approximately six years.

Forescout Platform was not a stable solution in 2015, but over the year it has become more and more stable. At this point in time, it is a stable solution.

The Forescout Platform is scalable.

The support from the Forescout Platform is great.

I rate the support from Forescout Platform a nine out of ten.

Positive

The price of the Forescout Platform is expensive. I purchased it for approximately 94 lakhs.

I rate Forescout Platform a nine out of ten.