What is our primary use case?
We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset.
We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.
How has it helped my organization?
We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.
What is most valuable?
There are so many to list:
- The policies and what you can do with them is amazing.
- The ability to narrow down devices online versus offline.
- Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed.
- The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.
What needs improvement?
When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.
For how long have I used the solution?
What do I think about the stability of the solution?
In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.
What do I think about the scalability of the solution?
It is highly scalable and easy to implement.
How are customer service and technical support?
Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.
Which solution did I use previously and why did I switch?
We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.
How was the initial setup?
Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.
What about the implementation team?
We implemented with Professional Services from Forescout.
What was our ROI?
Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.
What's my experience with pricing, setup cost, and licensing?
It might not be the cheapest solution, but you get what you pay for.
Which other solutions did I evaluate?
Senior management used this product before and already did a comparison of other products.
What other advice do I have?
The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?