Forescout Platform Reviews

The most important feature is that this solution works well without a 802.1x feature. You can use CounterACT to implement that feature and also have a very granular control of your devices, including shadow devices.

We were searching for a solution that could help us not only to detect and manage unauthorized access, but also to implement 802.1x on our infrastructure. And when we were working to reach that goal, we found other improvements from using CounterACT, such as antivirus installation, P2P control, and shadow IT -- and that's another plus for them.

The best improvement they could make would be reporting and better integration with AD. Last but not least, a management web interface would be nice in the next version/release.

We've used it for about a year.

We had no issues with the deployment.

We have an HA cluster in place that works very well. We've had no issues with stability.

We had no issues scaling it for our needs.

Fortunately, for now, we've had no need to call technical support.

We didn't have a NAC solution in place. This is the very first solution we've tried mostly because other solutions have 802.1x as a mandatory requirement.

It was not so easy to deploy in our environment, the learning curve for this solution is quite hard.

From my experience, it is impossible to implement this kind of solution in-house. You need a consultant or a trained person who can do this job.

• Alerting as to non-compliant machines
• Ability to quarantine infected machines
• Ability to determine if patches are not up to date

If a machine becomes infected by a user accessing the web, ForeScout has the ability to immediately quarantine that machine, isolating it from the network. Before this, someone would literally have to run down the hall and shut off a machine in the event of a breach and infection by malware.

It needs enhanced mobile support, but I have heard that this is coming.

We've used it for six months.

It took some time to get the policies set up and applied once ForeScout was physically in place. A dedicated resource and timely decisions from management can make this deployment faster. Make sure you account for anything and everything in your environment which has an IP address. We also had one device that was DOA but it was quickly replaced.

We have had no stability issues.

Scalability was not a problem for this site as we have less than 1000 endpoints.

Excellent. Our support engineer was extremely helpful and available.

This was the first of its kind in the environment.

With the assistance of the support engineer, it wasn't too bad. But it depends upon the state of your network. If everything is set up correctly, it will go much smoother. For example, having SNMPv3 activated everywhere is a requirement so that ForeScout can see everything.

We used our in-house personnel with the support engineer guiding us along via WebEx.

They are competitively priced for a medium-to-large sized organization.

This is not a very crowded segment for this kind of a product, and ForeScout is the best known of this small field.

They also offer a monitoring service which is a good value if you do not have someone in house to monitor ForeScout on site. This can be full or part time. ForeScout is a powerful network access control tool that has some features found in insider threat solutions, though it is not exactly made for that.

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

We've been using for over seven years since the beginning of the SOC.

We've had no issues with deployment.

It's been very stable. We've had no issues with stability.

We probably have 172,000 users in our department, so I would say that it's scalable. It's in the SOC. We'll probably need to scale it further as we expand it to our 20 other departments.

I've never had to use technical support.

We also use FireEye, NetWitness, Blue Coat, and a few others I can't remember.

I joined the department when it was all setup already.

Go for it.

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

We use it to prevent malicious activities on our network that potentially infiltrate it. We've been able to take out over twenty percent of our threats connected into our environment that we just never had a means to stop from connecting up to our network.

We've discovered regular assets. Let's say you had a mobile device, you walked into our network, and you said "hey, I need to connect up to the network. I'm a contractor here for you all and I'm going to add in one device". You immediately now have access into our environment.

It needs easier integration to other partners that automate functions within the security phase. There's no difference because you're not going to be able to fill the places fast enough for all these security people. So how do you get it to be able to manage more with less people by automating some of the functions? So when, for instance, NetScout discovers something and installs a ticketing system instead of sending an alert to a person, it automatically opens a ticket with the appropriate levels and automates that stuff.

We've had no issues with deployment.

It has been stable. The benefit wasn't around stability, it was more around preventing instability. What we were fearful about is whether or not customers would get impacted by the restriction of them not being able to connect to the network.

For instance: you're an employee, your laptop was part of our asset, but your phone was not and your tablet was not. All of the sudden, now all three of those devices were all connected into environment. Well, I only want your laptop to be connected. Your mobile devices, I really don't care to because when you go, you surf wherever you want on your stuff. You could probably pull up malware and then plug it in as soon as you put in your credentials into our network. So we want to keep that one off and allow you to connect to the network but connect to the internet, but not to my infrastructure.

We haven't scaled it all the way up, but we started to pilot, grew it to a couple of floors, and then grew it to an entire building.

I've never had to use it.

My understanding is that it was complex simply because my mandate is to zero-in back to the user.

We did look at multiple partners and we ended up with ForeScout.

Definitely use it. It's a good protection tool.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

We've had no issues with deploying it.

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

The network access control is a valuable feature for us. It provides endpoint visibility of our network and controls who can access network resources. That's really powerful.

The problem with vendors like Cisco is that their solutions are limited their to own ecosystem, and in general they don't work well with other vendors. With virtual machines, it can actually collect data from a variety of different network solutions, such as Cisco, Bloomberg, etc. Any routing platform out there, you can import it today. It can basically integrate these products and you can use it for enforcement. You can use them to collect the data. 

The other one is obviously that CounterACT can provide you with virtual ability to control who gets access to the network. It can act as a super-based machine and provide a level of security. It is integrated more easily than other vendors.

The integration with Sync can be improved. We would like to see better integration with some other popular vendors. 

Also, the reporting needs improvement, as well as integration with PAL services. It also needs more options for different sizes of customers. It does really work well in the big departments. For smaller organizations it might be a little overkill of a solution.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

It's a little bit too complex. A little bit of simplification when it comes to deployment might actually be better.

I think it is a good product and definitely fills the gap. I don't think we have many competitors at this stage. The major competitor is Cisco, but the biggest advantage of CounterACT is vendor agnostic. It means that it can work with a variety of different products. That is the biggest advantage.

CounterACT is a very flexible product in terms of deployment where the users will have a Layer 2 or Layer 3 deployment depending on their network infrastructure while maintaining the product's features regardless of which deployment. For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Besides that, deploying CounterACT introduces almost little-to-no network infrastructure changes.

Integration with third-party products is also an important feature of CounterACT. While many of their competitors' products can only be integrated within their own portfolio, CounterACT manages to integrate with today's top security products to cover the security gaps that many solutions may introduce. CounterACT also provides a ControlFabric platform which may allow the users to integrate all of their security and network solutions into CounterACT.

As a distributor's engineer working on CounterACT, there are a few vast changes that I have seen after deploying CounterACT for our customers. A few of our customers reportedly had an easier time with their auditors on endpoint compliance, where they would only need to generate and turn in CounterACT's report. This saves both the customer's and the auditor's time.

Another improvement that we can see is automated security, where the customers would not need to manually turn on and off the switch ports for their guests. CounterACT automatically recognizes these guest and provides a self-registration feature to their guest while still maintaining the customer's network security posture.

There are few areas which will need vast improvements. The CounterACT graphical user interface could use a revamp as it may not look appealing enough to the end users.

Another area which the CounterACT should improve is their ability to deliver a more precise error messages to their users. At times, the error messages are not clear enough and are too technical to understand. Some of their error messages are not generic, as they are only understandable by the ForeScout engineers.

I've used it for three years.

There were no issues with deployment.

There are few issues with CounterACT that need more attention, mainly it's ability to process and perform discovery faster. At times, CounterACT takes too long to determine the endpoints, which may cause delays to the end users.

CounterACT could also use a more stable management console interface. This is because there will be times where CounterACT takes too long to login to its management console.

Another issue with CounterACT is that it does not provide very meaningful error messages when some error occurs. The error messages are hidden and it does not show unless the users click on a specific button or mouse over to the problematic elements.

There have been no issues scaling it.

The Customer Service is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

The Technical Support is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

Initial setup is very straightforward because there are only a few network configurations needed to be done. It does not require any downtime and could be deployed at any time during production hour. There are a few endpoint configurations that need to be done, which users can do so through their Microsoft ActiveDirectory or desktop management tools or software.

We implemented the solutions with our S.I. To ensure a smooth implementation, it is crucial to have all the endpoints and network requirements ready and configured before CounterACT is installed. It is recommended to start with the default policies and work on these policies to meet customers' requirements.

As we are an implementer, we do have an ROI for all our products.

For pricing and licensing, CounterACT is not an overly expensive product. They can fit most of our customers' budgets.

We managed to evaluate Cisco ISE. Cisco ISE is a complex solutions to deploy where it only supports users who use Cisco switches.

ForeScout CounterACT is a much more appealing product because of the market here in Malaysia, where the users uses multiple brands of switches with complex network infrastructure. CounterACT could easily adapt to these environments without any changes made to the customer's network infrastructure.

ForeScout CounterACT is like a Pandora's box, which contains a lot of functionalities that can be used to improve the customer's daily operation tasks and reduces manual workforce. It is recommended that the implementer understand what CounterACT can be used to do as different customers' business functions could use different functions of CounterACT.

• Guest management
• Antivirus compliance monitoring
• USB connection management

The bank has been able to manage host connection on the network, manage antivirus, and restrict the use of USB on the bank’s systems.

The patch management ability of the solution needs to be re-examined.

We've used it for five years.

There have been no issues with the deployment.

There have been no issues with the stability.

There have been no issues with scaling it.

Customer service is above average.

Technical support is above average.

It's straightforward to set up.

We used a vendor team alongside an in-house one.

The ROI is commensurate with the price.

The product is expensive.

To get the best out of the solution, the organization’s networks team must be willing to take ownership and provide assistance where required. Use tools like Gigamon during deployment and avoid spanning directly from Cisco switches.