Forescout Platform Reviews

To be able to improve security within our network. We needed Network Access Control (NAC). As such, we reviewed the available vendors who could provide this service to us and selected the Forescout CounterACT (CA) product primarily because we needed to be able to position the product in several regional locations. At the same time, we managed and controlled it locally and dynamically where we have it responding to a single control center. While we have implemented today strictly for wireless access, we will be extending that to include wired access in the future.

NAC: Forescout CounterACT has allowed us to better open our access and control wireless access globally from our HQ. This allows us to monitor the network access for every office globally. This has improved overall security, reducing risk and opening up the opportunity to provide greater end user flexibility. 

The key feature we use is AD integration. That feature needs the least amount of attention once set up. 

Monitoring and logging are the pieces that we use most day-to-day. These are used by both our network and security teams to ensure proper operation with minimal risk. Whether machines attempting access are firm managed, vendors visiting, or IoT, all are available within the CA appliance. We plan to extend the use to further support growth functionalities and new work from home initiatives going forward.

Better reporting and analysis of access (based on client) would be helpful. Also, a tool that allows tracing a user through the rules to authentication.

More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated.

Two years.

ForeScout CA has proven itself to be very solid.

It is very scalable with a lot of features that we aren't even using yet today.

Technical support has been great. They are very knowledgeable, helpful, and considerate.

We used Cisco ISE but found that it did not have the flexibility that we needed within our organization.

Setup was anything but straightforward, but this had nothing to do with Forescout. This is the nature of NAC solutions in general. 

Setup takes significant preplanning. Don't expect to just drop it in, then have it up and running, even if you already use an alternative NAC product. However, it is worth it.

We used a Professional Services engagement from Forescout, but still experienced a lot of issues.

I don't know.

The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access.

We had ISE. As that product reached EOL, we considered whether there were alternatives to a NAC that we should consider but felt that a NAC is a security requirement.

I am a freelance cybersecurity consultant. I provide and implement products for our clients.

Forescout Platform is a very good NAC solution.

It's a very good product.

The agentless visibility is definitely unmatched and outstanding. 

The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done. 

It is a good solution, Garner rated because their leadership quadrant position is responsible for their market.

As a user, if I am using a laptop that is Wi-Fi connected, Forescout identifies my port connectivity as one user license, and if I take that same laptop with the same username to a wired network, which is also the same network that is used for the Wi-Fi connection, Forescout detects it as a separate license.

At times, I am working on wireless and sometimes I enter a zone where there is no wireless connection, which forces a land connection. This is an issue that needs to be resolved because it consumes another license for the same device and the same user.

This issue has been escalated to Forscout directly.

There was integration with Microsoft SCCM previously, and have suddenly stopped the open integration module for Microsoft. Customers are not aware of what is available to them in terms of the open integration module. 

Forescout Platform advised that there are many options available and many things they can do, but they don't tell customers exactly what they are. 

They need clear documentation and direction as to what the customer can expect from the open integration module. Customers need some clarity on what they can do and what is not possible to do.

When it comes to a full open integration we need to rely on the professional services from Forescout directly, no one can implement it as there is a limited amount of knowledge available.

They need to be more considerate, and there should be good documentation available to the customer.

They need to improve their selling approach or the consultant approach.

One of their use cases is an ITM use case, and ITSS asset management, but they don't really do ITSS management. They only detect the ITSS and all the parameters around that test, but they do not have any integration with any database system where they can store all these details and act like a typical ITSS management system. 

They should remove that use case in full. They should say that we complement your ITSS management by detecting the unknown assets in your network. This would be right.

I have been familiar with the Forescout Platform for more than four years.

In terms of technical support, their engineering team is very rigid. They must provide us with some clear answers and if they exceed the time it takes to resolve the issue, they will charge for that extra time. For example, if they go one day more, they will charge for that extra day.

We have completed significant deployments which are more than 4,000 endpoints. There was a complex network architecture.

All of the implementations have gone very well and the customers are satisfied.

They base the license on the number of devices, which is quite misleading. If I am one user, it should be based on that rather than how many devices I use with the same user name. 

To base it on the number of devices it can reduce one more license from my overall license allotment. It can result in four or five licenses for one user.

I was a partner of the company who was a Forescout Platform partner and I was responsible for bringing in Forescout, and establishing the service line for the Forescout Platform sales, pre-sales, and the implementation, but I am no longer with that company.

I would rate Forescout Platform an eight out of ten.

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

We use it to prevent malicious activities on our network that potentially infiltrate it. We've been able to take out over twenty percent of our threats connected into our environment that we just never had a means to stop from connecting up to our network.

We've discovered regular assets. Let's say you had a mobile device, you walked into our network, and you said "hey, I need to connect up to the network. I'm a contractor here for you all and I'm going to add in one device". You immediately now have access into our environment.

It needs easier integration to other partners that automate functions within the security phase. There's no difference because you're not going to be able to fill the places fast enough for all these security people. So how do you get it to be able to manage more with less people by automating some of the functions? So when, for instance, NetScout discovers something and installs a ticketing system instead of sending an alert to a person, it automatically opens a ticket with the appropriate levels and automates that stuff.

We've had no issues with deployment.

It has been stable. The benefit wasn't around stability, it was more around preventing instability. What we were fearful about is whether or not customers would get impacted by the restriction of them not being able to connect to the network.

For instance: you're an employee, your laptop was part of our asset, but your phone was not and your tablet was not. All of the sudden, now all three of those devices were all connected into environment. Well, I only want your laptop to be connected. Your mobile devices, I really don't care to because when you go, you surf wherever you want on your stuff. You could probably pull up malware and then plug it in as soon as you put in your credentials into our network. So we want to keep that one off and allow you to connect to the network but connect to the internet, but not to my infrastructure.

We haven't scaled it all the way up, but we started to pilot, grew it to a couple of floors, and then grew it to an entire building.

I've never had to use it.

My understanding is that it was complex simply because my mandate is to zero-in back to the user.

We did look at multiple partners and we ended up with ForeScout.

Definitely use it. It's a good protection tool.

We're Forescout partners and offer this as a solution to our clients.

The solution's most valuable aspects are its network visibility and its ability to extend into other solutions for integration purposes. 

The initial setup is quite simple. It's not too complex or difficult to set up.

The solution needs more definitive pricing. The costs are hard to nail down.

I've been using the solution for less than two years. It's been one and a half years at this point. It hasn't been too long.

The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't crash.

The solution is scalable. If an organization needs to expand it out, they are able to fairly easily.

We tend to use this solution for different sized companies in various markets.

Technical support is great. We find them to be quite knowledgeable and responsive. We're very satisfied with the level of support we receive.

The initial setup is not complex at all. It's straightforward. It's pretty easy to manage.

We implement and deploy the solution for our clients.

The pricing is very important in Sri Lanka. We're sensitive to pricing. We'd like it if the solution was more clear on their pricing and if they were able to lower it.

We try to always use the latest version of the solution.

We're a partner. We use various deployment models, depending on the company we are implementing the solution for. We use both cloud and on-premises deployment models.

I'd recommend the solution to other users and companies. We've been quite pleased with the solution so far.

The customers seem to be very happy with the product as a whole. It's just the pricing that worries everyone. There's the competition to consider. If others can offer better pricing, I believe we would probably consider deploying it instead.

That said, overall, I'd rate the solution nine out of ten.

My company is in the financial services industry. The primary use case is Network Access Control and control endpoint access to network. The environment is used to process sensitive data. We want to ensure that rogue devices and unauthorized devices are unable to join the network. This will reduce our exposure to attacks.

It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation. 

It has provided visibility into the workings of our routers and switches. We also extended this capability to our branch offices through a WAN connection.

Access control: Being able to set policies that determine how devices join our network and how they are expected to behave while on the network. The fact that we are able to access the hygiene of our endpoint and monitor it continuously makes it fit for purpose.

I would advise Forescout through their research and development to look for features that they can add. Also, based on the what other competition may be selling, if they find any useful feature, they should add those to their product.

The last three months.

It is stable and reliable.

It is a good product that is fit for purpose.

Fantastic

No.

The initial setup is a bit complex.

Not applicable.

The setup cost, pricing, and licensing are on the high side.

No. I heard of Forescout, then went ahead and bought it.

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.

The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.

The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.

We have used ForeScout since summer of 2012.

Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.

Stability has been like a rock, and it is a product that just seems to work.

We have had no issues with scaling it for our needs.

We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.

We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.

The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.

Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.

We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.

ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

We've had no issues with deploying it.

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

We use this solution for cyber-security purposes.

The 802.1X compliance authentication feature of this solution is very good.

We have found that the agent-based authentication, available within this solution could be improved.

The price-point for this solution is very high, which should be looked at in comparison with similar products currently on the market.

We have been using this solution for five years.

We have found this to be a stable solution.

We believe this product is easily scalable.

The technical support for this product has been good in our experience.

Neutral

The setup for this solution is very straightforward, but full deployment can take a number of years.

The cost of licensing for this product is quite high, but this cost covers all the features of the solution so it is a single payment for the term that has been selected.

I would rate this solution a seven out of ten.