Forescout Platform Reviews

• Immediate relocation of network devices to segregated "Vendor" network based on autonomous analysis. Prevents scanning, malware spread, corporate asset (i.e. printer) misuse, and reconnaissance on our network by third-party devices. Allows us to block VPN from our corporate network but still allow Vendors to establish them.
• Better information provided by Level 1 support (helpdesk) regarding asset information as we provide them with R/O access to the tool
• Visitor policy communication & acceptance

• Network Access Control, its core use
• Asset Intelligence for deskside
• "What port is it plugged into" intelligence for deskside
• Patch-level Auditing
• Emergency response, risk assessment information to get a view of the vulnerability
• "What PC is a user on" for helpdesk/IT security/deskside
• Forces PEN Testers to request permission to exist on your network

• JAVA Memory management - leaving the app running for multiple days requires relaunch
• Search - needs boolean functionality (or psudeau operand now working)

Stability has been good.

• It is very scalable, allowing additional strategic appliances as required in either physical or VM format.
• We control >400 field sites, two Oilsands mines, multiple remote platform locations, 2 Canadian Metro offices and 1 UK office with 4 appliances centrally located.

Customer Service:

It's excellent! 

Technical Support:

It's excellent!

No previous solution was used.

It was straightforward, although I recommend having a strong relationship with network-asset owners to ensure SNMP rights are looked after.

We used a vendor, Conexsys (Graham Cheng & Jerry G), who were excellent.

Forescout's flex licensing has made our deployment more agile and helps us adapt our environment without buying more hardware.  

Under their old model, licensing was tied to 4k and 10k appliances which strained under the new v7 and v8 Forescout OS when nearing their designed capacity.  To acquire a new appliance, physical or virtual, meant buying licensing for that size of appliance.

Under the new flex licensing model, we've been able to deploy VM appliances, responsible for host interrogation and management, while retaining our physical appliances for SNMP switch management, and span aggregation.  

Under the flex licencing model, we've deployed to our ICS segments, and are deploying VMs to our DCS environment, allowing for full visibility under one 'pane of glass' of nearly every host on our network.

Ensure you consider everything you want to monitor that has an IP. Devices with multiple IP's count multiple times against your license count.

This was chosen without hands-on evaluation based on reviews and industry feedback.

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.

The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.

The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it. 

We never had a problem with this product. It has worked very well.

It's very simple to scale and to implement more devices and licenses. It's easy to grow.

We haven't had to use their technical support. 

We switched because ForeScout is the best tool for Mac. 

The initial setup was very easy, very simple to deploy. We didn't have problems or difficulties with the implementation.

We also looked at Fortinet. 

I would rate this solution an eight out of ten because it's the best solution. 

I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

• SNMP Traps on switches
• Getting the MAC address of the host from the ARP table of the switch and applying policy.

• Battled with the use of SNMP v1 instead of v2c
• Direct web interface rather than installation of a client.

Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.

The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

Multitenancy should be included in the next version so it could be used as a managed service provider.

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

You can query a lot of information from the connected device, including their compliance statuses.

We've had no issues with deployment.

It's a stable solution.

There have been no issues with scaling it.

The initial setup was complex, but that was due to the nature of the network architecture.

We didn't look for other solutions.

Have a clear understanding and document the network architecture before you deploy it.

The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x. Many network devices are not ready to do 802.1x. Lots of endpoints are not ready to do it, or they're poor at it, so having a non-.1x solution is critical for maintaining stability on our network.

We did not have a NAC prior to ForeScout. It provides constant monitoring of the endpoints either through an agent or periodic monitoring with a local admin account. This makes posturing very easy to do. Once the device is on the network, we're able to determine, does it continue to meet the requirements that we need for a device to stay on the network?

Definitely, having more third-party integration would be an improvement. This is something that they're doing. Other products that we have on our network, if we're able to get ForeScout to talk with them, we'll get much better information to those products, things like Splunk and other data gathering.

Also, I think we have Rapid7, so all these different programs that want to collect a lot of information, ForeScout is able to do that. So having it being able to talk to them, the more it can talk to, the better it is.

I think there are some product maturity issues in terms of the web interfaces that its able to present for end users. They're working on those. Those are improving, and just other features that come along with them growing into this space that they have. They're getting feedback from us, and they're getting feedback from other very large customers on what to do to improve, and they respond very well.

2 years

We've had no issues with deployment.

We had a few issues that were unique to our environment, but ForeScout tech support has been very timely in being able to respond to them and getting us support we needed. We have had to have a few reboots due to some outages, but again, these are things that were able to be resolve very quickly. Overall, I would say that this is a stable solution.

We're a huge company, over 100,000 employees, and it does require that we have done our homework ahead of time -- that we know where our address space is, that we know what's out there, and being able to come up with a deployment plan is our responsibility. Once we had that, we were able to go with it, and it works very well.

Very good.

Very good.

Device setup is straightforward - NAC itself is always a complex thing due to its profiling of EVERY device that connects to the network.

The ForeScout engineers were there to help us without the standard, "Oh, you have over 100,000 endpoints? Well here's what every 100,000-endpoint company does."

We compared ForeScout to Cisco ISE. There were some other vendors in this space, but we felt they were for mid-sized companies at largest. Cisco looked like they had an offering that would be able to compete head-to-head with it in terms of size. The reason we picked this over ISE was because ForeScout had a non-802.1x solution for the wired network. We would avoid a lot of chaos and a lot of destruction if we go that route. Also, ForeScout had fewer vulnerabilities whereas Cisco ISE had several level-10 vulnerabilities that have been observed over the years. While we were testing it, two of them came out.

ForeScout has never had a vulnerability above 7.0, so when we look at the security of the system, it definitely meets that requirement where this is not something that's going to be compromised the way it looked, as though Cisco ISE had some potential for that. Much less disruptive, both Cisco ISE and ForeScout really require a client to get the full features of the system. They say that it can run client-less, but having the client gives a lot better functionality, and the ForeScout client just worked a lot better for us on our endpoints.

The most important thing would be that a NAC project involves more than just the network. You've got to have client people, PKI people, active directory people all working together with the network to make this product work and make it happen. There's so many ways that it could interrelate. If you're in a very large company, you've got to break down the silo walls and get everybody together from the beginning to make this thing work out, but once you have those people together, this is something that every group wants to have. Desktop people want it, the mobile people want it, the scanning people. Everybody wants it once they see it, so it does sell itself, but you've got to have that education meeting up front.

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.

The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.

The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.

We have used ForeScout since summer of 2012.

Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.

Stability has been like a rock, and it is a product that just seems to work.

We have had no issues with scaling it for our needs.

We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.

We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.

The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.

Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.

We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.

ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.

The most valuable feature for us is the real-time alerting of newly connected devices, whether they are approved or unapproved devices on our network.

Since our implementation of CounterACT, it has kept us aware of unapproved devices attempting to connect to our network which pose security threats.

The reporting could be a bit more intuitive and user friendly.

I have used CounterACT for two years.

There were many issues with deployment, but these were largely due to our own network architecture issues.

There were many issues with stability, but these were largely due to our own network architecture issues.

There were many issues with scalability, but these were largely due to our own network architecture issues.

I'd rate ForeScout's technical support as fair-to-good.

We did not have a previous NAC solution in place prior to CounterACT.

The initial setup was complex.

We used a vendor team for the implementation.

Do your homework ahead of time. Ensure that you have up-to-date network maps and that understand your network's architecture.