What is our primary use case?
We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.
Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.
Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.
How has it helped my organization?
With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.
We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.
Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.
What is most valuable?
I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.
You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.
Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.
What needs improvement?
The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.
Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.
For how long have I used the solution?
We have been using the Forescout Platform for about a year.
What do I think about the stability of the solution?
We have had no problems with stability.
What do I think about the scalability of the solution?
It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.
How are customer service and technical support?
Technical support is generally very good.
Which solution did I use previously and why did I switch?
This is our first NAC product.
How was the initial setup?
The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire.
What about the implementation team?
We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.
Which other solutions did I evaluate?
We looked at Clearpass and ISE.
What other advice do I have?
It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product.
Importantly, the vast capabilities make it worthwhile.
Which deployment model are you using for this solution?