ForeScout CounterACT Review
It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.


What is most valuable?

  • Network Access Control, it's core use
  • Asset Intelligence for deskside
  • "What port is it plugged into" intelligence for deskside
  • Patch-level Auditing
  • Emergency response, risk assessment information to get a view of the of the vulnerability
  • "What PC is a user on" for helpdesk/IT security/deskside
  • Forces PEN Testers to request permission to exist on your network

How has it helped my organization?

  • Immediate relocation of network devices to segregated "Vendor" network based on autonomous analysis. Prevents scanning, malware spread, corporate asset (i.e. printer) misuse, and reconnaissance on our network by third-party devices. Allows us to block VPN from our corporate network but still allow Vendors to establish them.
  • Better information provided by Level 1 support (helpdesk) regarding asset information as we provide them with R/O access to the tool
  • Visitor policy communication & acceptance

What needs improvement?

  • JAVA Memory management - leaving the app running for multiple days requires relaunch
  • Search - needs boolean functionality (or psudeau operand now working)

For how long have I used the solution?

5 Years

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

Stability has been good.

What do I think about the scalability of the solution?

  • It is very scalable, allowing additional strategic appliances as required in either physical or VMs.
  • We control ~250 field sites, two Oilsands mines, multiple remote platform locations, 2 Canadian Metro offices and 1 UK office with 4 appliances centrally located.

How is customer service and technical support?

Customer Service:

It's excellent! Timely and responsive.

Technical Support:

It's excellent!

Which solutions did we use previously?

No previous solution was used.

How was the initial setup?

It was straightforward, although I recommend having a strong relationship with network-asset owners to ensure SNMP rights are looked after.

What about the implementation team?

We used a vendor, Conexsys (Graham Cheng & Jerry G), who were excellent.

What's my experience with pricing, setup cost, and licensing?

Ensure you consider everything you want to monitor that has an IP. Devices with multiple IP's count multiple times against your license count.

Which other solutions did I evaluate?

This was chosen without hands-on evaluation based on reviews and industry feedback.

What other advice do I have?

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful

2 Comments

A.J. DiLorenzoReal UserELITE SQUADTOP 5

Great write-up. Quick question about the 150 field sites you mentioned. Are all of those sites networked or are you sending traffic to the ForeScouts over the Internet?

Thanks.

08 July 16
Michael VargaReal UserTOP 5POPULAR

We have a number of mpls sites, but the majority of our sites are vpn... we don't send any data to public ip addresses, it's all on internal ip space.

08 July 16
Guest
Why do you like it?

Sign Up with Email