What is most valuable?
As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.
How has it helped my organization?
ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.
What needs improvement?
The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.
The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.
For how long have I used the solution?
We have used ForeScout since summer of 2012.
What was my experience with deployment of the solution?
Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.
What do I think about the stability of the solution?
Stability has been like a rock, and it is a product that just seems to work.
What do I think about the scalability of the solution?
We have had no issues with scaling it for our needs.
How are customer service and technical support?
We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.
Which solution did I use previously and why did I switch?
We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.
How was the initial setup?
The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.
Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.
What about the implementation team?
We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.
What other advice do I have?
The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.
ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.