Forescout Platform Review

It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.

How has it helped my organization?

  • Immediate relocation of network devices to segregated "Vendor" network based on autonomous analysis. Prevents scanning, malware spread, corporate asset (i.e. printer) misuse, and reconnaissance on our network by third-party devices. Allows us to block VPN from our corporate network but still allow Vendors to establish them.
  • Better information provided by Level 1 support (helpdesk) regarding asset information as we provide them with R/O access to the tool
  • Visitor policy communication & acceptance

What is most valuable?

  • Network Access Control, its core use
  • Asset Intelligence for deskside
  • "What port is it plugged into" intelligence for deskside
  • Patch-level Auditing
  • Emergency response, risk assessment information to get a view of the vulnerability
  • "What PC is a user on" for helpdesk/IT security/deskside
  • Forces PEN Testers to request permission to exist on your network

What needs improvement?

  • JAVA Memory management - leaving the app running for multiple days requires relaunch
  • Search - needs boolean functionality (or psudeau operand now working)

What do I think about the stability of the solution?

Stability has been good.

What do I think about the scalability of the solution?

  • It is very scalable, allowing additional strategic appliances as required in either physical or VM format.
  • We control >400 field sites, two Oilsands mines, multiple remote platform locations, 2 Canadian Metro offices and 1 UK office with 4 appliances centrally located.

How are customer service and technical support?

Customer Service:

It's excellent! 

Technical Support:

It's excellent!

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

It was straightforward, although I recommend having a strong relationship with network-asset owners to ensure SNMP rights are looked after.

What about the implementation team?

We used a vendor, Conexsys (Graham Cheng & Jerry G), who were excellent.

What's my experience with pricing, setup cost, and licensing?

Forescout's flex licensing has made our deployment more agile and helps us adapt our environment without buying more hardware.  

Under their old model, licensing was tied to 4k and 10k appliances which strained under the new v7 and v8 Forescout OS when nearing their designed capacity.  To acquire a new appliance, physical or virtual, meant buying licensing for that size of appliance.

Under the new flex licensing model, we've been able to deploy VM appliances, responsible for host interrogation and management, while retaining our physical appliances for SNMP switch management, and span aggregation.  

Under the flex licencing model, we've deployed to our ICS segments, and are deploying VMs to our DCS environment, allowing for full visibility under one 'pane of glass' of nearly every host on our network.

Ensure you consider everything you want to monitor that has an IP. Devices with multiple IP's count multiple times against your license count.

Which other solutions did I evaluate?

This was chosen without hands-on evaluation based on reviews and industry feedback.

What other advice do I have?

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Forescout Platform reviews from users
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.
Add a Comment

author avatarA.J. DiLorenzo
Top 5Real User

Great write-up. Quick question about the 150 field sites you mentioned. Are all of those sites networked or are you sending traffic to the ForeScouts over the Internet?


author avatarMichael Varga
Top 5LeaderboardReal User

We have a number of mpls sites, but the majority of our sites are vpn... we don't send any data to public ip addresses, it's all on internal ip space.

author avatarSecEng3904 (Senior Security Engineer at a healthcare company with 10,001+ employees)
Top 5LeaderboardReal User

Nice write up. I agree with the Customer support they are quick to reply and are able to get things resolved quickly.