Aruba ClearPass vs Forescout Platform comparison

Cancel
You must select at least 2 products to compare!
HPE Aruba Networking Logo
19,466 views|13,272 comparisons
95% willing to recommend
Forescout Logo
11,070 views|6,547 comparisons
87% willing to recommend
Comparison Buyer's Guide
Executive Summary
Updated on Sep 29, 2022

We performed a comparison between Aruba ClearPass and Forescout Platform based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.

  • Ease of Deployment: Aruba ClearPass users relate that setup can be very complex and recommend utilizing a technical specialist. Forescout Platform users indicate setup is straightforward but can be made complex based on the number or complexity of policies added to the deployment process.
  • Features: Users of both solutions feel they are very secure and provide complete transparency.

    Aruba ClearPass users like the authentication mechanisms and the complete NAC features. Many users would like to see more deployment scenarios and improvements made to the GUI as it can be a bit clunky.

    Forescout Platform users like that the solution is user friendly and can handle large capacities. They do note some anomalies with the licensing issues between WiFi and the network, which result in needing additional licenses for the same device. Forescout users would like to be able to add multiple policies at a time to improve process implementation and recommend some enhancements to the reporting structure.
  • Pricing: Users of both solutions feel that the pricing can be expensive.

  • Service and Support: Aruba ClearPass users say technical support is very good, and they are very satisfied. Forescout Platform users feel that even with tiered support, service has room for improvement.

Comparison Results: PeerSpot users feel Aruba ClearPass is flexible, versatile, and very user friendly. The licensing issues with Forescout detract a bit from its effectiveness.

To learn more, read our detailed Aruba ClearPass vs. Forescout Platform Report (Updated: March 2024).
768,246 professionals have used our research since 2012.
Q&A Highlights
Question: Comparison of Aruba Clearpass, Bradford Networks and Forescout NACs
Answer: Thank for your nice works. I am working on the similar type comparison between Fortescout, FortiNAC(Bradford) and ISE for a project in a healthcare organization.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is a very stable solution. Stability-wise, I rate the solution a ten out of ten.""Access Tracker is invaluable for troubleshooting access control incidents and quickly getting to the root cause.""The most valuable features of Aruba ClearPass are the GUI and its ease-to-do configuration. Additionally, we can troubleshoot many things in one window.""The most valuable feature, I would say, is the cost-effectiveness of the solution when compared to others.""It's a great solution with multi-vendor support. That's always useful.""The continuous server and posturing are valuable.""Gives us network access control, visibility, scalability, security, and control in what is becoming an uncontrollable, inundated BYOD and IoT world.""ClearPass's best feature is its comprehensiveness."

More Aruba ClearPass Pros →

"The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x.""Forescout Platform has granular features and one of the most impressive features is the agentless feature.""It allows for good detection of all the vendor products we have on-site.""Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it.""The interface is easy to use.""Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.""Provides a good overview of all devices on a network.""The initial setup is easy, taking no more than two or three weeks."

More Forescout Platform Pros →

Cons
"After HP, their support is the worst.""​​The AirWave Dashboard heat maps could be better designed.""It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.""The GUI of Aruba ClearPass could improve, it is not user-friendly.""The interface could be made easier and more intuitive.""This solution could be improved by making it possible to use it across different territories. Currently, if a user moves from the US to the UK, their usage and access will be restricted.""It would be good if ClearPass made it a SaaS solution.""Licensing cost is extremely high."

More Aruba ClearPass Cons →

"Multitenancy should be included in the next version so it could be used as a managed service provider.""I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy.""We experienced some detection issues when checking compliance for the Sophos agent.""The system controls could be better.""Other solutions have TACACS+, but Forescout does not. In the next release, I would like to see Forescout have accounting.""Logging would be one area for improvement. When we're troubleshooting, there are not a lot of clear things on Google that we can look up for ourselves. When we have an issue with it, we have to call the company to get the vendors involved. The logging of Forescout is horrible compared to other things that we've used.""The biggest disadvantage is the pricing.""Forescout Platform could improve the costs of integrations."

More Forescout Platform Cons →

Pricing and Cost Advice
  • "Licensing and pricing are extremely straightforward."
  • "Run a 90 day free Proof of Concept (POC) for each product by implementing and using it fully in your environment. This way you will be educated on its features, functionality, and manageability.​"
  • "​Cost is important. I switched because Aruba's costs were well below Cisco's."
  • "We pay an annual licensing fee for Aruba and there are no additional costs."
  • "The pricing is not bad and everything is included."
  • "It is affordable. In Lebanon, companies are small, and they do not have a big budget. They cannot invest a lot of money, and Aruba ClearPass is quite affordable for them."
  • "The licensing model is very straightforward. There are two types of licensing for Aruba ClearPass, a perpetual license, and a subscription. Both of them are straightforward. We don't need to read an ordering guide, it's very clear."
  • "Aruba is a little more expensive than other products in the market here."
  • More Aruba ClearPass Pricing and Cost Advice →

  • "Devices with multiple IP's count multiple times against your license count."
  • "The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access."
  • "We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility."
  • "The ROI is priceless."
  • "It might not be the cheapest solution, but you get what you pay for."
  • "Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money."
  • "The setup cost, pricing, and licensing are on the high side."
  • "Forescout Platform is too expensive, so the price should be reduced."
  • More Forescout Platform Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    768,246 professionals have used our research since 2012.
    Answers from the Community
    Anonymous User
    Eliu Rodriguez - PeerSpot reviewerEliu Rodriguez
    User

    Hi Nkwa,

    I did some research comparing ForeScout with ClearPass.
    Fundamentally they do the same but in a very different ways. It is important to understand these differences and how they could help you to achieve or not what you need in your organization. I will only point these differences and not every single detail. This is based on my own experience and I do not represent either ForeScout or Aruba ClearPass.

    DISCOVERY PROCESS / Profiler - METHODS.
    • NetFlow or SFlow: ForeScout do not support Sflow only NetFlow. Is this important? Yes, it is if your switches are not Cisco or any other vendor that support the NetFlow protocol.

    ForeScout says: "This capability becomes more relevant in large scale deployments, where the CounterACT packet engine is limited in its "ability to detect activity in remote sites and branch offices". Use of information reported by NetFlow improves visibility and speeds detection of new endpoints." Reference: https:\www.forescout.com\wp-content\uploads\2018\04\CounterACT_NetFlow_1.2.pdf Page 3.

    ClearPass:
    NetFlow V5/V9 and V10 aka IPFIX + sFLOW are supported.
    Reference: www.arubanetworks.com

    ORCHESTRATE = Integration/Collaboration with other Systems.
    ForeScout:

    * ForeScout
    is able to interchange contextual information with 3rd party solutions, however the most of the contextual collaboration capabilities are available using an Extended Module option and ForeScout charges separately for this.
    Reference Links:
    www.forescout.com
    www.cdw.com
    www.cdw.com

    Clear Pass:
    * 140+ Integrations are included as part of the core solution. Basically, you can integrate ClearPass to anything in your IT infrastructure at no extra cost to share contextual information. Firewalls, MDM, TicketSystem, SIEM, etc.. Using build-in Modules or APIs. You can request as well customized APIs.
    Reference Link www.arubanetworks.com
    Reference Link www.arubanetworks.com

    AGENT OR AGENTLESS?
    Basically, an agent based solution needs a software installed, while an agentless approach don't.
    Independently of what NAC solution you will use, it is important to understand if you need or not an agent.

    When a device connects to a network, the agent software performs some actions that have been defined in a central access controller or policy management platform. If persistent, the agent performs auto-remediation functions during a connection and will permanently monitor the device throughout a session to “fix” things that may change.
    The dissolvable agent: a user clicks on a web portal link to download the agent, which authenticates the user and device, checks the endpoint for compliance, and allows access to the network if policy conditions are met. It then disappears until the user runs it again.

    ForeScout
    ForeScout is proud to claim that they don’t require an agent (agentless approach NAC) but this is not completely true. ForeScout needs a “dissolvable agent” for authorization & compliance of unmanaged assets e.g. Employee BYOD, Contractor Laptops, printers, CCTV cameras, Smart TVs, etc. Agentless is fine when all your devices are Windows and all of them are under your management. For none windows devices you will need the dissolvable agent to perform health check and remediation.
    Based on this explanation having an agent or not is irrelevant for most of the cases. there many identities sources from where you can extract contextual information to help the NAC to do his work, examples are: AD, Wireless AP, End-Point protection software, SCCM, MDM, the Switches, the Firewall, etc...
    To do this you need integration, this is possible with ForeScout using the extended module /Plugins and normally paying the extra cost.
    Reference Link: www.forescout.com

    ClearPass
    Clear pass can run with an agent and without the agent. It hast the persistence option, the dissolvable option for BYOD and Guest devices. It can be easily integrated to the mentioned identity stores at no extra cost.

    www.bradfordnetworks.com
    community.arubanetworks.com
    community.extremenetworks.com

    802.1X RADIUS AUTHENTICATION OR NOT

    Here is one of the major differences. Both support Radius authentication. ClearPass see it like the most secure way to protect your network and ForeScout see it like something complex that you should try to avoid if possible, in my opinion.

    ForeScout

    * says: 802.1X presents several deployments, operational and troubleshooting challenges, particularly on wired networks.
    * To perform RADIUS-based network authentication you need a “Plugin” to forward the authentication requests to an external authentication Sever, like the Microsoft NPS. Page 10, Reference link , you will need as well a Switch Plugin for wired network RADIUS-based deployment and a Wireless plugin for wireless network RADIUS-based deployment. All this sounds like a complexity to me.

    * By not having 802.1x configured you save also configuring all switches on your network. Which is not a big problem because you do this once during the useful life of the switch.

    * Not build-in TACACS+ - centralized remote authentication to network devices like switches, routers, etc.
    Reference Link:
    www.forescout.com

    ClearPass:
    * Is build-in CA and if you like you can use an external CA as well.
    * Centralizing the radius authentication make the administration and configuration very easy because you don’t have to manage the NAC and the CA separated.
    * No plugin is needed for non-802.1x Auth and non-domain joined devices. In this case you can enforce machine authentication and many other security layers to allow non-domain devices to safely connect without a certificate.
    * non-domain devices can automatically or manually be provisioned using a guest network and dissolvable agent.
    * Integration with the Aruba Wireless system for Radius Authentication is very easy (if you own an Aruba Wireless Infrastructure) and no extra cost.

    You must configure your switches to work with 802.1x. This can be easily done using a template on HPE IMC.
    • Build in TACACS+

    DEPLOYMENT AND INITIAL POLICY SETUP:

    ForeScout: preferred method is: I let you in then I find out who you are.

    • ForeScout CounterACT propose the Post-connect deployment strategy for network visibility and access control in which endpoints are initially allowed access to the network while CounterACT profiles them to determine ownership and compliance. Access to the network is then adjusted based on profiling results and security policy.
    Reference link: www.forescout.com

    This makes sense on new deployments because the NAC can be configured transparent to the end user with no dramatic impact. My question is: What is the process after deployment? Do I let you in then I find a good policy for you?

    ClearPass: preferred method is: I let you in if you tell me something about you. Then depending on the roles/policies this unknown device will be moved to a quarantine VLAN for remediation or moved to a dead end VLAN. At the same time this will trigger a ticket to helpdesk and a message to the user to know what is happening and what is the next step.

    SUPPORT, SERVICE and DOCUMENTATION:

    ForeScout:
    • The references are very good everywhere you read in internet. Also, the expertise of their engineers. You can browse a little and it won't be hard to find references.
    Online support, documentation, communities (forescout Chatter), etc.

    Aruba/HPE
    The references are very good everywhere you read in internet. Also, the expertise of their engineers. You can browse anywhere on internet and it won't be hard to find references.
    Online support, documentation, communities (aruba airheads), etc.

    PRICE:
    This will depend on many factors. I would suggest that you consult both and make your own decision.

    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    Top Answer:I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless… more »
    Top Answer:If you are looking at the base installation, then it was a very straightforward process, which I would rate an eight or nine out of ten.
    Top Answer:Forescout is a very powerful NAC product that does not rely on port level configuration. It can detect and block unauthorized devices very quickly. But it has a lot of capabilities and really would… more »
    Top Answer:I would rate the Forescout Device and Visibility Control Platform at a six out of ten.
    Top Answer:I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will… more »
    Ranking
    Views
    19,466
    Comparisons
    13,272
    Reviews
    29
    Average Words per Review
    428
    Rating
    8.4
    Views
    11,070
    Comparisons
    6,547
    Reviews
    21
    Average Words per Review
    439
    Rating
    8.3
    Comparisons
    Also Known As
    Avenda eTIPS
    Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT
    Learn More
    Overview

    Aruba ClearPass is a network access control (NAC) solution that provides a range of security and access management capabilities for wired, wireless, and VPN networks. ClearPass enables organizations to secure their networks and devices, enforce security policies, and provide secure access to network resources.

    Aruba ClearPass Features

    Aruba ClearPass has many valuable key features. Some of the most useful ones include:

    • Device profiling: Aruba ClearPass automatically profiles and classifies network devices based on type, manufacturer, operating system, and more, to help organizations secure their networks.
    • Guest management: The solution provides a secure and easy-to-use guest management system for organizations to provide guest access to their networks.
    • User-friendly interface: The Aruba ClearPass includes a user-friendly interface, enabling administrators to easily manage and enforce security policies, monitor network activity, and respond to security threats.
    • Policy enforcement: Users can enforce security policies based on device type, user role, and other factors, to help secure their networks and devices.
    • Threat detection and response: With its real-time monitoring and threat detection capabilities, organizations are able to quickly identify and respond to security threats.
    • Authentication and authorization: Aruba ClearPass offers a range of authentication and authorization methods, including certificate-based authentication and 802.1X, to provide secure access to network resources.
    • Reporting and analytics: The solution Includes real-time reporting and analytics capabilities, enabling administrators to monitor network activity, track security incidents, and improve security over time.

    Aruba ClearPass Benefits

    There are many benefits to implementing Aruba ClearPass. Some of the biggest advantages the solution offers include:

    • Comprehensive solution: Aruba ClearPass integrates with a range of network security technologies, including firewalls, intrusion detection and prevention systems, and VPN gateways, to provide a comprehensive security solution.
    • Scalability: Designed to scale from small to large organizations, ClearPass provides a solution that can grow with an organization's needs.
    • Increased visibility: By implementing Aruba ClearPass, administrators can monitor network activity, track security incidents, and improve security over time.
    • Improved user productivity: The solution’s secure and seamless access to network resources helps users be more productive and access the resources they need, when they need them.
    • Better business agility: With the solution, organizations can quickly respond to security threats and enforce security policies, improving overall business agility.

    Reviews from Real Users

    Aruba ClearPass is a solution that stands out when compared to many of its competitors. Some of its major advantages are that it’s easy to use, has a valuable Guest Captive Portal and virtual security enforcement, and has a good web dashboard and policy manager.

    “It is easy to use and more integrated with the Aruba wireless networks,” says Muhammad N., Network & Information Security Engineer at a healthcare company.

    Ammar F., Head of IT at Hubtech, explains, “What I like most about Aruba ClearPass is that it has the best enforcement feature for the network. I also like its Guest Captive Portal and virtual security enforcement features, but the virtual security enforcement feature is still under testing by my company. Aruba ClearPass also has a wonderful UI which I find valuable."

    Another PeerSpot reviewer mentions, "The web dashboard and the policy manager are very intuitive and very easy for the engineers to use."

    Forescout Platform provides today’s busy enterprise organizations with policy and protocol management, workflow coordination, streamlining, and complete device and infrastructure visibility to improve overall network security. The solution also provides concise real-time intelligence of all devices and users on the network. Policy and protocols are delineated using gathered intelligence to facilitate the appropriate levels of remediation, compliance, network access, and all service operations. Forescout Platform is very flexible, integrates well with most of today’s leading network security products, and is a very cost-effective solution.

    Forescout Platform Features

    • Real-time complete visibility: With Forescout eyeSight, each and every device is classified when any attempt to access your network has been made. This includes - but is not limited to - desktops, laptops, android devices, virtual machines, switches, VoIP phones, USB memory sticks, webcams, IoT devices, and more.

    • Policy-based and manual controls: In today’s busy robust environment, networks are continually changing; there are different types and amounts of devices connected, various software applications, network compliance requirements, and the constant potential for risk make managing an IT network a very daunting challenge. The Forescout Console is used to simplify the administration and management of important alerts, remediation, and access controls to keep the network secure.

    • Intuitive real-time dashboards: Forescout Dashboards, a component of Forescout WebClient, is a comprehensive web-based intelligence center that gives full visibility and real-time insight of the complete network using both out-of-the-box and user-created widgets. The dashboards are very intuitive and deliver robust, easy-to-understand information about device visibility, compliance, health monitoring, and more.

    • Advanced reporting capabilities: The Forescout Reports Plugin will generate numerous valuable reports indicating real-time and overall status information about endpoint compliance, device details, networks guests, protocols, and more. The reports help to ensure IT administrators, executives, security teams, and other important shareholders stay well-informed about all network activity at all times.

    • Comprehensive third-party overview: Forescout eyeExtend facilitates seamless information sharing with third-party vendors, networks, and IT management solutions supporting improved automated workflows, productivity, cost-effectiveness, and overall security.

    Real User Reviews

    An important main feature of Forescout is the visibility the solution offers.

    One reviewer who is a Consultant at a tech services company, says, "Within three or four days, you can have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."

    Users also appreciate that the user interface is clear and easy to understand.

    An Instructor at a tech services company, shares, "The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good."

    Sample Customers
    Consulate Health Care, Los Angeles Unified School District, Science Applications International Corp (SAIC), San Diego State University, KFC, ACTS Retirement-Life Communities
    NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust
    Top Industries
    REVIEWERS
    Comms Service Provider18%
    Computer Software Company18%
    Manufacturing Company11%
    Healthcare Company11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government9%
    Manufacturing Company7%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm17%
    Government12%
    Manufacturing Company10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Educational Organization29%
    Computer Software Company11%
    Government8%
    Financial Services Firm7%
    Company Size
    REVIEWERS
    Small Business42%
    Midsize Enterprise23%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise17%
    Large Enterprise60%
    REVIEWERS
    Small Business37%
    Midsize Enterprise12%
    Large Enterprise51%
    VISITORS READING REVIEWS
    Small Business13%
    Midsize Enterprise36%
    Large Enterprise50%
    Buyer's Guide
    Aruba ClearPass vs. Forescout Platform
    March 2024
    Find out what your peers are saying about Aruba ClearPass vs. Forescout Platform and other solutions. Updated: March 2024.
    768,246 professionals have used our research since 2012.

    Aruba ClearPass is ranked 2nd in Network Access Control (NAC) with 75 reviews while Forescout Platform is ranked 4th in Network Access Control (NAC) with 69 reviews. Aruba ClearPass is rated 8.6, while Forescout Platform is rated 8.4. The top reviewer of Aruba ClearPass writes "Easy to use, multifeatured, and reliable policy management platform for identity authentication and new device onboarding". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Aruba ClearPass is most compared with Cisco ISE (Identity Services Engine), Fortinet FortiNAC, Microsoft Intune, Ruckus Cloudpath and macmon Network Access Control, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Fortinet FortiNAC, Nozomi Networks, Armis and Tenable Security Center. See our Aruba ClearPass vs. Forescout Platform report.

    See our list of best Network Access Control (NAC) vendors.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.