ForeScout CounterACT Review

We like that it can do network access control either with 802.1x or without 802.1x since many network devices are not ready to do 802.1x.


What is most valuable?

The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x. Many network devices are not ready to do 802.1x. Lots of endpoints are not ready to do it, or they're poor at it, so having a non-.1x solution is critical for maintaining stability on our network.

How has it helped my organization?

We did not have a NAC prior to ForeScout. It provides constant monitoring of the endpoints either through an agent or periodic monitoring with a local admin account. This makes posturing very easy to do. Once the device is on the network, we're able to determine, does it continue to meet the requirements that we need for a device to stay on the network?

What needs improvement?

Definitely, having more third-party integration would be an improvement. This is something that they're doing. Other products that we have on our network, if we're able to get ForeScout to talk with them, we'll get much better information to those products, things like Splunk and other data gathering.

Also, I think we have Rapid7, so all these different programs that want to collect a lot of information, ForeScout is able to do that. So having it being able to talk to them, the more it can talk to, the better it is.

I think there are some product maturity issues in terms of the web interfaces that its able to present for end users. They're working on those. Those are improving, and just other features that come along with them growing into this space that they have. They're getting feedback from us, and they're getting feedback from other very large customers on what to do to improve, and they respond very well.

For how long have I used the solution?

2 years

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

We had a few issues that were unique to our environment, but ForeScout tech support has been very timely in being able to respond to them and getting us support we needed. We have had to have a few reboots due to some outages, but again, these are things that were able to be resolve very quickly. Overall, I would say that this is a stable solution.

What do I think about the scalability of the solution?

We're a huge company, over 100,000 employees, and it does require that we have done our homework ahead of time -- that we know where our address space is, that we know what's out there, and being able to come up with a deployment plan is our responsibility. Once we had that, we were able to go with it, and it works very well.

How is customer service and technical support?

Customer Service:

Very good.

Technical Support:

Very good.

How was the initial setup?

Device setup is straightforward - NAC itself is always a complex thing due to its profiling of EVERY device that connects to the network.

What about the implementation team?

The ForeScout engineers were there to help us without the standard, "Oh, you have over 100,000 endpoints? Well here's what every 100,000-endpoint company does."

Which other solutions did I evaluate?

We compared ForeScout to Cisco ISE. There were some other vendors in this space, but we felt they were for mid-sized companies at largest. Cisco looked like they had an offering that would be able to compete head-to-head with it in terms of size. The reason we picked this over ISE was because ForeScout had a non-802.1x solution for the wired network. We would avoid a lot of chaos and a lot of destruction if we go that route. Also, ForeScout had fewer vulnerabilities whereas Cisco ISE had several level-10 vulnerabilities that have been observed over the years. While we were testing it, two of them came out.

ForeScout has never had a vulnerability above 7.0, so when we look at the security of the system, it definitely meets that requirement where this is not something that's going to be compromised the way it looked, as though Cisco ISE had some potential for that. Much less disruptive, both Cisco ISE and ForeScout really require a client to get the full features of the system. They say that it can run client-less, but having the client gives a lot better functionality, and the ForeScout client just worked a lot better for us on our endpoints.

What other advice do I have?

The most important thing would be that a NAC project involves more than just the network. You've got to have client people, PKI people, active directory people all working together with the network to make this product work and make it happen. There's so many ways that it could interrelate. If you're in a very large company, you've got to break down the silo walls and get everybody together from the beginning to make this thing work out, but once you have those people together, this is something that every group wants to have. Desktop people want it, the mobile people want it, the scanning people. Everybody wants it once they see it, so it does sell itself, but you've got to have that education meeting up front.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
4 visitors found this review helpful
2 Comments
Michael VargaReal UserTOP 5LEADERBOARD

Great review! For 3rd party integrations, their plugins are extensive. They have one for Splunk but of course will feed syslog without anything additional.

15 March 16
Peter NewmeyerReal UserTOP 20

What is the difference between ForeScout's Centralized License and Appliance License structure/model?

07 May 18
Guest
Sign Up with Email