The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.
Senior Security Engineer with 51-200 employees
The NAC engine is flexible since it doesn’t need the use of 802.1x. We use the solution to test or troubleshoot customer configurations.
What is most valuable?
How has it helped my organization?
Since my company is a systems integrator, we have ForeScout CounterACT in our lab just to test or troubleshoot customer configurations.
What needs improvement?
There isn’t a specific area to improve. It’s a good product from my point of view. Maybe the licensing and cost can be improved.
What was my experience with deployment of the solution?
No issues with deployment.
Buyer's Guide
Forescout Platform
April 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,857 professionals have used our research since 2012.
What do I think about the stability of the solution?
Haven't had issues with stability.
What do I think about the scalability of the solution?
Haven't had to scale it.
What other advice do I have?
Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VP IT Security at a financial services firm with 501-1,000 employees
The most valuable feature for us is the visibility into all connected devices.
Pros and Cons
- "The plugins are very robust -- the ability scanner, patch management system, and SQL integrator."
- "The initial setup was complex."
What is most valuable?
The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.
How has it helped my organization?
You can query a lot of information from the connected device, including their compliance statuses.
What was my experience with deployment of the solution?
We've had no issues with deployment.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
There have been no issues with scaling it.
How was the initial setup?
The initial setup was complex, but that was due to the nature of the network architecture.
Which other solutions did I evaluate?
We didn't look for other solutions.
What other advice do I have?
Have a clear understanding and document the network architecture before you deploy it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Forescout Platform
April 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,857 professionals have used our research since 2012.
Information Security Manager at a legal firm with 1,001-5,000 employees
The most valuable feature for us is the real-time alerting of newly connected devices. The reporting could be a bit more intuitive and user friendly.
What is most valuable?
The most valuable feature for us is the real-time alerting of newly connected devices, whether they are approved or unapproved devices on our network.
How has it helped my organization?
Since our implementation of CounterACT, it has kept us aware of unapproved devices attempting to connect to our network which pose security threats.
What needs improvement?
The reporting could be a bit more intuitive and user friendly.
For how long have I used the solution?
I have used CounterACT for two years.
What was my experience with deployment of the solution?
There were many issues with deployment, but these were largely due to our own network architecture issues.
What do I think about the stability of the solution?
There were many issues with stability, but these were largely due to our own network architecture issues.
What do I think about the scalability of the solution?
There were many issues with scalability, but these were largely due to our own network architecture issues.
How are customer service and technical support?
I'd rate ForeScout's technical support as fair-to-good.
Which solution did I use previously and why did I switch?
We did not have a previous NAC solution in place prior to CounterACT.
How was the initial setup?
The initial setup was complex.
What about the implementation team?
We used a vendor team for the implementation.
What other advice do I have?
Do your homework ahead of time. Ensure that you have up-to-date network maps and that understand your network's architecture.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Architect at a financial services firm with 1,001-5,000 employees
The most valuable features for us include antivirus compliance monitoring and guest management.
Valuable Features
- Guest management
- Antivirus compliance monitoring
- USB connection management
Improvements to My Organization
The bank has been able to manage host connection on the network, manage antivirus, and restrict the use of USB on the bank’s systems.
Room for Improvement
The patch management ability of the solution needs to be re-examined.
Use of Solution
We've used it for five years.
Deployment Issues
There have been no issues with the deployment.
Stability Issues
There have been no issues with the stability.
Scalability Issues
There have been no issues with scaling it.
Customer Service and Technical Support
Customer Service:
Customer service is above average.
Technical Support:Technical support is above average.
Initial Setup
It's straightforward to set up.
Implementation Team
We used a vendor team alongside an in-house one.
ROI
The ROI is commensurate with the price.
Pricing, Setup Cost and Licensing
The product is expensive.
Other Advice
To get the best out of the solution, the organization’s networks team must be willing to take ownership and provide assistance where required. Use tools like Gigamon during deployment and avoid spanning directly from Cisco switches.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Security Engineer at a financial services firm with 1,001-5,000 employees
It provides us with real-time visibility and control of devices accessing our network, although false positives should be reduced.
Valuable Features
- Rogue detection and blocking
- Guest registration
- Full visibility of network hosts
- Threat protection
Improvements to My Organization
We are provided with real-time visibility and control of devices accessing our network.
Room for Improvement
- Reduce false positives
- Reduce bugs
- Improve on host classification
- Increase the Nigerian partner base
Use of Solution
We've been using it for over two years.
Deployment Issues
No major issues.
Stability Issues
No major issues.
Scalability Issues
No major issues.
Customer Service and Technical Support
It's good, but certainly it needs improvement especially on the side of the partners.
Initial Setup
Initial setup was straightforward. All it required was to integrate traffic sniffing/monitoring and management ports into our core switch, and instruct the core switch to mirror every traffic to the device through the sniffing port. The rest was simply to define all our network segments on the device and integrate all access switches via SNMP.
Implementation Team
We implemented it through ForeScout's only Nigerian partner, and this is what I would advise everyone interested in the solution to do.
Pricing, Setup Cost and Licensing
It is quite expensive, but there are specs for small companies as well.
Other Solutions Considered
Cisco ISE was also evaluated, but the CT10000 was easier to implement and integrate into our environment.
Other Advice
You can go ahead, but you will need good network skills to get the maximum benefits from it.
I would also advise that you don't activate all the add-on features, but use it solely for its primary function - visibility and rogue detection/blocking.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2024
Product Categories
Network Access Control (NAC) IoT Security Endpoint Compliance Extended Detection and Response (XDR)Popular Comparisons
Microsoft Intune
CrowdStrike Falcon
Cisco Umbrella
SentinelOne Singularity Complete
Microsoft Defender for Cloud
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
Cisco ISE (Identity Services Engine)
Qualys VMDR
Trend Micro Apex One
Tenable Security Center
Aruba ClearPass
Trellix Endpoint Security
Rapid7 InsightVM
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- PRICING FOR FORESCOUT CT10K APPLIANCE
- ForeScout vs. Cisco ISE
- What are the main differences between Cisco ISE and Forescout Platform?
- Comparison of Aruba Clearpass, Bradford Networks and Forescout NACs
- How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
- PRICING FOR FORESCOUT CT10K APPLIANCE
- When evaluating Network Access Control, what aspect do you think is the most important to look for?
- Which is the best choice of Zero Trust Network Access (ZTNA)?
- What is your recommended Network Access Control (NAC) solution for an enterprise?
- Cisco ISE (Identity Services Engine) vs Fortinet FortiNAC: which solution is better and why?
Thanks :).. your points are well noted and taken.. i know who you are but i wanna keep it anonymous and i wish you the best in your new place..