Forescout Platform Reviews

It's a Network Access Control tool.

The ability to control to identify devices and control the actual devices was great.

It is easy to set up.

It's stable and reliable.

The scalability is good. 

It is an affordable solution. 

The product is easily deployable and it is agentless.

Custom integrations need to be better. I'd like to have the option, for example, to integrate the Forescout Platform with a customized application or any other software out there that I am using at the same time.

I would like the Forescout Platform to be deployable on cloud solutions, like Huawei. It's not compatible with Huawei at the moment. It can be deployed only on Amazon and AWS.

I've been using the solution for five years now. 

It's very stable. There are no bugs or glitches. It doesn't crash or freeze. It is reliable.

The solution can scale as necessary. You just pay more according to the number of users you are adding. 

We have about 70 users on the solution. 

We use it daily for our clients. 

The solution is very easy to set up. It's not overly complex or difficult.

I'd rate the solution a four out of five in terms of ease of setup.

The level of maintenance depends on the organization. If you are using more resources, you'll need more people. For an environment of maybe a thousand users, you can deploy one engineer. He can manage everything.

The cost of the solution is about 5000 South African rands per year for ten users. That's about $320 USD. If you want to increase usage, you can easily scale, you just pay more. 

I'd rate the solution four out of ten in terms of affordability. 

We are users and a reseller. 

I'd rate the solution nine out of ten.

Our primary use case of this solution was to control which of our devices were connected to the network. I'm a senior architect advisor. We were customers of Forescout. 

As a result of using Forescout, we had a better overview of all the devices, known and unknown, that were connected to our network; it was a real advantage.

A very valuable feature is the discovery mode. It covers all types of devices on the network, which we didn't know existed.

I don't think we tested the full potential of Forescout. We had some delay implementing it into our organization, due internal organizational issues and also due to a lack of device registrations. Meanwhile we decided to switch to a new network provider that doesn't have Forescout in its portfolio. We favour one-stop shopping for network and security services, and will migrate to Aruba ClearPass (portfolio). 

I used this solution for the past year. 

The solution is stable. 

The product seems to be scalable although we didn't fully test it. 

I think the initial setup was fairly straightforward although I was not involved on a technical level. We had the advantage that the technical engineers knew our networks and how to carry out the implementation and we also had some assistance from British Telecom. We initially focused on our main plant or main location, and then moved to our other locations, which are far smaller, and have a lower risk profile. That was our strategy and implementation took around nine months after the initial implementation which took about a week. At that point, we realized there were more devices than we thought and the process became more complicated. It took a while to get a handle on everything. There were just a couple of us involved in deployment. 

This product demonstrates the possibilities of network access control for the organization. As a pilot project, it changed the minds of people because they could see the potential which included enrolling policies so that all devices can connect to the network. People are more aware now of the security risks when there is no network access control.

Forescout is affordable in terms of the end goal, which is control. We only looked at it in terms of discovery modes and I think it's too expensive to use for that purpose alone. We took a package, managed by British Telecom, which gave us some additional services without additional costs. 

We evaluated a couple of options. We first planned to use Radius which is more of a Microsoft-ended solution. We also looked at Cisco ISE but that's very expensive and I've seen reviews on your site about the difficulty of implementation. 

I would recommend this solution because it has a lot of different ways of discovering different devices and showing networks. It's very flexible. I believe the reason we didn't reach our goal is because of our company decisions and not because of the solution. 

I rate this solution eight out of 10. 

On-premises

We are using the Forescout Platform for authentication and for 100% device visibility.

Forescout Platform provides multiple features. They have a very effective device fingerprinting in their cloud. You do not need to add any devices manually, such as in Mac devices. Other solutions you have to add IoT devices and OT devices manually. This is one of the major areas that Forescout Platform is excelling in.

There are features that you can protect your organization.

I have been working with Forescout Platform for approximately eight months.

I have observed the solution to be stable.

Forescout Platform is a scalable solution and it is easy to scale.

Forescout Platform is new to the market here in Pakistan and customers prefer Cisco. We recommend the Forescout Platform to our customers because they are comparable solutions. Many of them are considering the Forescout Platform for their upcoming project. Customers in the financial sector have been interested in the solution.

I have been satisfied with their support. Their response to all of our queries has been very helpful.

I have previously used Cisco ISE.

The initial setup of the Forescout Platform is very straightforward when compared to Cisco.  Cisco ISE is very complex.

The time it takes for the deployment depends on the availability of the customer, and the team. If the customer can provide some information as soon as possible then the deployment can be done within 60 days for a large organization. This can be between 1,000 to 20,000 endpoints.

The cost of the solution depends on the customer's requirement because the customer is asking for different integration with a different product. Forescout Platform's price would start to get a bit higher. However, overall the price is a little expensive. It's can fit within the customer budget.

My advice for someone looking to implement the Forescout Platform, it is a product that tells you what are the devices connecting your network. Without installing agents or without doing manual work, you can automatically know the inventory of your devices in your organization.  It's a very good feature that you can discover all devices connected to the network, such as printers or iPhones. You do not need to categorize the devices or find the MAC address of the devices connected on the remote side.

I rate Forescout Platform a nine out of ten.

If the price was cheaper then I would rate the solution a ten.

On-premises

We needed some protection in our environment. We use this product in some areas in our network to monitor the security of the endpoints of our users. 

The environment was easy to configure. 

The user management has been very easy for the most part.

The initial setup is pretty easy.

Technical support has been very helpful.

The stability overall is good.

The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective and it's ultimately just too costly.

We may have some problems with compatibility - specifically with Cisco switches. We have the perimeter a Check Point firewall as an alarm for VPN connections. We have users integrating the VPN Check Point with Forescout. We can't seem to scale due to compatibility issues and price.

We have been working with the solution for around two years. It hasn't been that long. That said, we are moving away from the solution.

Overall, the stability of the product has been very good. It doesn't crash or freeze. There aren't bugs or glitches. It's been set up very well. We've found it to be reliable and the performance is good.

Our issue, in terms of scalability, is that we have a brittle machine. We struggled to get the licenses loaded. We would need to change the machine in order to develop a certain level of scalability capabilities.

At the moment, we have about 100 users on the solution, however, we require more licenses. Our goal was 1000 users on devices, however, it wasn't possible. The economics were against us.

While I have never personally opened a case with technical support in the past, my colleague has. He found them to be very responsive and helpful. He was satisfied with their level of service.

We did not previously use a different solution. Forescout was our first.

We are just now migrating to Cisco ISE. The problem is that we have around 500 users and we have only 100 licenses from Forescout due to the fact that it is a little expensive for us. We are trying instead to move to Cisco ISE, which has better pricing.

The initial setup was not complex. It was pretty easy. Installation maybe takes one or two days, and the implementation in total takes around two weeks.

We have a partner from Forescout in my country. He came to my company to meet with us. He helped explain a few things and assisted with network displays. 

There were about eight people that handled deployment between our end and the technical support side.

A Forescout representative ultimately came to our company for us. They assisted a little. They understood the cloud very well and were very helpful.

The licenses are quite expensive. Ultimately, we couldn't afford the amount we needed, and therefore we are moving off the product.

We might have paid in the ballpark of $20,000 yearly for our licenses. I do not recall there being other fees over and above the standard licensing fee.

We evaluated Cisco. The difference is the compatibility with our network. Other switches are Cisco devices, and therefore the compatibility and the integration were a little easier. With Forescout we have had some issues with some other access points. With Cisco ISE, we don't have that problem.

I do not recall which version of the solution we are using. We use the on-premises deployment model, however, we also have some clients on the cloud.

I would advise other organizations that, if they have multi-vendors in their network, use Forescout. However, if most of the devices are Cisco, it is best to use Cisco ISE.

It is a great tool and solution. We looked into it with the Magic Quadrant of Gartner and we have seen that it is a leader in the space. However, for us, it just doesn't work as well in terms of compatibility.

I'd recommend the solution. I would rate it at an eight out of ten.

On-premises

Asset Discovery. 

We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. 

We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.

There are so many to list: 

• The policies and what you can do with them is amazing. 
• The ability to narrow down devices online versus offline.
• Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
• The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.

Just a few months.

In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.

It is highly scalable and easy to implement.

Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.

We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.

Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.

We implemented with Professional Services from Forescout.

Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

It might not be the cheapest solution, but you get what you pay for.

Senior management used this product before and already did a comparison of other products.

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.

On-premises

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

Before our implementation of Forescout, we had no Network Access Control. This allowed all users, trusted and unknown, to access our internal infrastructure. This was a burden because we are in the contract manufacturing sector where each independent contractor brings in their own infrastructure and it is up to us to secure these networks. Since implementing CounterACT, we have been able to isolate and segment all unknown devices, providing strict requirements for device on boarding. Since implementing Forescout, our environment is significantly more secure.

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

The product could be improved in different ways: 

• The speed of identification
• More guest management features (i.e. extending time frames)
• Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. 

Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.

We have been using Forescout CounterACT for over a year now. We have been very impressed.

Forescout is one of the most stable pieces of software that I have ever worked with. Their updates are timely, and their software has an assortment of plugins and bolt-ons. Having a software this flexible would normally present itself with bugs, but we have not run into any software issues with their plugins, modules, or software in general.

We run virtual appliances. We have needed to bring up a fully functional data center in less than 15 weeks. Forescout takes less than a day to implement. Their product is very scalable.

Tech support is very good and knowledgeable. 

They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous. In addition to the support, they can take their time getting to you, which is another frustrating item.

The initial setup is very simple. The logic behind policies makes it very straightforward. With that being said, policies can be very complex, and if you are not careful, they could have unintended results.

Brite Computers was a phenomenal asset. I would rate them as a 10 out of 10.

The ROI is priceless. How can you put a price on someone's privacy?

We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.

We primarily evaluated Cisco ISE. We looked at Cisco ISE and were in the process of demoing it. We looked elsewhere because the MAC Authentication Bypass feature was not a workaround that we wanted to implement for over half of our environment.

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer. 

On-premises

The feature has been most effective in managing network access for our primary use cases in the organization.

Forescout Platform's compliance enforcement has delivered significant cost savings for our organization.

The most effective feature has been network access management, which has been crucial for our primary use cases in the organization.

The compliance enforcement functionality has delivered significant cost savings for our organization.

The technical support could be improved in terms of response time and first-level support quality.

Forescout Platform could enhance its integration of AI to improve IoT and OT device security to better meet our needs.

I have been working with Forescout Platform as a consultant or developer.

We have had experience with their technical support and must pay additionally for maintenance, support, and regional service.

The overall pricing of Forescout Platform is reasonable for the functionality it provides.

We are not currently looking into other options to switch in the future. I would recommend Forescout Platform to others.

Forescout Platform is working effectively for our organization. I am currently working as an IT head for Sanad with the email address jdhakan@sanad.ae.

We use the tool for security in the banking and insurance industry. 

I help customers use the Forescout Platform for compliance enforcement. We can specify what needs to be installed on devices connecting to the network, like antivirus, updates, and security software.

For improvements, I think technical support could be enhanced. The time zone difference makes remote support difficult - I'm in Indonesia, and they're in the US. Maybe the Forescout Platform could provide engineers from Asia Pacific.

I have been working with the product for two to three years. 

I help customers implement the product. Sometimes, it has difficulties, especially with internal networks. We can face challenges integrating with firewalls. Implementation usually takes 1-3 months with two people. The product needs maintenance after deployment.

I rate the solution a seven out of ten. I usually recommend it to bigger companies, not smaller ones.

On-premises