Forescout Platform Reviews

We've been able to use the solution for a couple of tasks including using it to monitor for anti-virus compliance. We also use it to monitor the health of the security history of our endpoints.

It's a great solution. We use it for the internet here and it's been helpful. It's a great product for our Mac PCs and we can implement it to both our wireless and our wired network.

It's very quick.

The compliance aspects of the solution are excellent and one of the solution's best features. It helps us maintain the compliance of our endpoints.

In terms of physical tools, we are very satisfied.

In our organization, the solution provides us with a sound perimeter. 

The user interface is quite simple.

The version we're currently on, 8.6, has a lot more plugins than past versions. Now you can plug in anything you want. It helps us to utilize the product more fully.

There's always room for improvement for the solution. Off the top of my head, I really can't determine anything that is lacking right now. Basically there is no room for improvement that I can describe.

The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup.

The solution has very good uptime, and we have had no issues at all in terms of stability.

We didn't have any issues with the ForeScout scalability. So far, we've agreed with the pricing required for both the hardware and the software. 

We haven't been in touch with technical support, so I can't speak to their level of service and how they interact with clients.

The solution is not that simple, however, it's not complex, either. It's a solution that does so much it needs a bit of understanding to properly use it. Once team members go for basic training, they should be able to handle it. The basic training will also give team members a networking background to be able to master the solution. It's not very difficult, but a person will have to be a bit technical.

I'd advise companies to ensure their teams are well trained in ForeScout before starting implementation of any kind. Those setting up and using the solution should have a basic background in networking. If users are comfortable with configuring, they can create processes for the environment. That way, it will be deployed properly.

Teams should also test the solution first before they launch so there won't be any surprises. If they need to make changes, they need to manage the process properly.

I'd rate the solution nine out of ten. If it was a bit less complex, I'd give it perfect marks.

The most important feature is that this solution works well without a 802.1x feature. You can use CounterACT to implement that feature and also have a very granular control of your devices, including shadow devices.

We were searching for a solution that could help us not only to detect and manage unauthorized access, but also to implement 802.1x on our infrastructure. And when we were working to reach that goal, we found other improvements from using CounterACT, such as antivirus installation, P2P control, and shadow IT -- and that's another plus for them.

The best improvement they could make would be reporting and better integration with AD. Last but not least, a management web interface would be nice in the next version/release.

We've used it for about a year.

We had no issues with the deployment.

We have an HA cluster in place that works very well. We've had no issues with stability.

We had no issues scaling it for our needs.

Fortunately, for now, we've had no need to call technical support.

We didn't have a NAC solution in place. This is the very first solution we've tried mostly because other solutions have 802.1x as a mandatory requirement.

It was not so easy to deploy in our environment, the learning curve for this solution is quite hard.

From my experience, it is impossible to implement this kind of solution in-house. You need a consultant or a trained person who can do this job.

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

With the use of the NAC solution from ForeScout, the company was able to defend against unauthorized access to the network, thereby thoroughly distinguishing who is a Corporate user and who is a Guest. Process for Guest Registration (if implemented properly) was also easy.

Detection and control of Dual-Homed devices needs to be improved, as the product sometimes gives false positives. Also, more custom policies should be made available.

I used this solution for 14 months.

There were issues of false positives whenever a new hotfix was installed even with the GA release. There was actually an issue where an upgrade to a new version of the hotfix plugin increased the CPU optimization and network bandwidth usage.

ForeScout is scalable since a management device is available to manage other CT boxes.

Technical support from ForeScout is pretty good, with escalations made promptly when needed.

No previous solution.

The initial setup was straightforward, as the steps were simple to understand. It only got complex when creating policies that are not simple.

I worked for a vendor team, and for any client ready to implement this product, I would recommend that the necessary requirements for deployment should be done before the team arrives to start implementation. This makes deployment less stressful.

No other options were evaluated.

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.

The use case is for a compliance check for the users who get into your organization. We identify the host for Windows PC, Mac, Linux, and servers. These are some of the use cases for user control and policy management. Some of the other use cases are to kill some applications and peer-to-peer applications. It's mainly for visibility and control, and we also integrate with various firewalls and other system security solutions. For example, LogRhythm, Splunk, Qreader, McAfee Orchestrator, and Trend Micro.

I work on multiple technologies and security technology. The solution is deployed on-premise. We don't use it for our own company. We are the system integrators and we deploy for various customers across the region we work with and we deploy most of the verticals.

This is far better than any other Mac solution. Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly.

When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with.

They already support some 63,000 plus vendor models. They are also upgrading it, and they have two million plus devices in a single deployment. Maybe there are some legacy tools with support. I know they're working very hard on the OT infrastructure and OT side of integration, but I'm not into OT side.

I have been using this solution for three years.

I don't see any issue with stability. I'm not hearing from any customers who are reporting any issues about stability. They are mostly looking for compliance and operation security.

The solution is absolutely scalable.

Technical support is good. I don't see any issues. The type of support you get depends on the contract that you sign. They're timely and the support is good.

The amount of time it takes for deployment depends on how many branches you have, whether it's a central deployment or a hybrid. It depends on how you want to use the solution. It varies but if it is only central deployment for a couple of branches, we can do it in a minimum of one month.

The number of people it takes for deployment just depends. One engineer can do it, but you also need support from the customer. You should have very good system administrators, or some network engineers to support you in terms of various authentication integrations. There should be a minimum of one from the deployment side, two from the customer side.

I would rate this solution 7 out of 10. I'm not sure about the OT side, but the visibility, control, orchestration, dashboard, and reporting are all good.

My advice is that you really need to understand the prerequisites of the use cases if you want to deploy the solution. You should also understand what kind of services they should open and the security rules—a firewall. They should have a clear understanding of how it is being designed and the architecture. If you know, it's easy for deployment, otherwise you will get stuck.

Our primary use case is for device compliance and access control.

Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it. 

The pricing, technical support, stability, scalability, initial set up, interface, dashboards, management, and monitoring are fantastic. They are excellent. 

The licensing of the solution is pretty simple. The process of deploying the solution is pretty straightforward. The dashboard, in terms of monitoring and management, is pretty simple. Maybe because I have a very robust technological background is why I don't struggle with these things. In terms of management, deployment, and support, although I really don't require their support, so far, so good.

Truth be told, I'm good with it. I'm yet to have something with the solution that I don't feel comfortable with. It's fine. I've not seen a cause or a reason why I should want something to be changed, but that doesn't take out the fact that there's always room for improvement. What I would love to see is a situation where my Forescout can integrate with different security technologies. Where it can share contextual information bidirectionally. I had written to Forescout about this and they told me they have that functionality already. So I think that settles it. They can share device context with the security technology and that technology can also be shared with Forescout. To build a form of connective strategy towards security. They have a dedicated module for the security technology I'm concerned about.

But with that software, I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy I talked about. So far, it's good. It meets my requirements that I had concern about.

I have been using Forescout Platform for one year.

In terms of scalability, my deployment architecture is central, so it scales with respect to the number of devices I have to add to my network. The licensing is based on the number of devices you have currently with regards to the future growth in the number of connected devices to your IT network or to your IT infrastructure. That gives you room to scale. So if I know that in the next two years, I would have an additional 50 or 100 users connecting to my network, either directly or remotely, I go for an appliance that accommodates that growth. Which is what I currently have.

So there's room to scale. Then the licensing is based on the number of devices you have currently. So if I have more devices come to my network, I can just acquire more licenses to take care of them. So I think that's fine.

I've been very conversant with the technology for areas where I've experienced some challenges and I had to fix it up myself, but it's straightforward.

In terms of support, I've had to reach out to technical support. He was readily available and we made progress. So support is also good. My experience so far has been good. That's why I told you earlier that it's difficult for me to really point to somewhere where I could make an improvement.

On a scale of one to ten I would give Forescout Platform a nine.

To find out what devices are in the network for our clients. We manage client's networks, so we have it on the client's network and they use it so they can make sure they know who's on the network and if it's secure.

We really like that we get full visibility of devices in the local network.

It could be better, they could work on the wide-area network and easier because it's a bit clumsy at the moment when we go on to a remote site. It works well in the head office but we've had challenges trying to install it across other sites. So pricing and support for branch offices. The interface is okay for the local office, but it's hard to get visibility from remote branches.

We have been using the Forescout Device and Visibility Control Platform for about two years.

The Forescout Platform is very stable.

It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch.

We have used technical support, it's been fine.

The initial setup of Forescout Device and Visibility Control Platform is fairly complex.

The Forescout Device and Visibility Control Platform is quite expensive. I would recommend it depending on the environment, but I would tell them to look at things that depend on their environment. There is other software as well.

I would rate the Forescout Device and Visibility Control Platform at a six out of ten.

The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.

The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it. 

We never had a problem with this product. It has worked very well.

It's very simple to scale and to implement more devices and licenses. It's easy to grow.

We haven't had to use their technical support. 

We switched because ForeScout is the best tool for Mac. 

The initial setup was very easy, very simple to deploy. We didn't have problems or difficulties with the implementation.

We also looked at Fortinet. 

I would rate this solution an eight out of ten because it's the best solution. 

I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

• SNMP Traps on switches
• Getting the MAC address of the host from the ARP table of the switch and applying policy.

• Battled with the use of SNMP v1 instead of v2c
• Direct web interface rather than installation of a client.