Forescout Platform Overview

Forescout Platform is the #1 ranked solution of our top IoT Security tools. It's rated 4.4 out of 5 stars, and is most commonly compared to Cisco ISE (Identity Services Engine): Forescout Platform vs Cisco ISE (Identity Services Engine)

What is Forescout Platform?

ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings.

Forescout Platform is also known as Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT.

Forescout Platform Buyer's Guide

Download the Forescout Platform Buyer's Guide including reviews and more. Updated: April 2020

Forescout Platform Customers

NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust

Forescout Platform Video

Forescout Platform Reviews

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SecEng3904
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
Top 5Leaderboard
May 19, 2020
Identifying potentially unwanted devices on the network has saved the organization time and money

What is our primary use case?

Asset Discovery. We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

Pros and Cons

  • Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.
  • When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies.

Cost and Licensing Advice

  • It might not be the cheapest solution, but you get what you pay for.
  • Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

What other advice do I have?

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.
reviewer1348908
Senior Network Engineer at Tessy Plastics
Real User
Top 10
May 16, 2020
Our environment is significantly more secure

What is our primary use case?

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

Pros and Cons

  • Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.
  • They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous.

Cost and Licensing Advice

  • We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.
  • The ROI is priceless.

What other advice do I have?

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer.
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,718 professionals have used our research since 2012.
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Top 5Leaderboard
Sep 24, 2020
Provides good network visibility, allowing us to detect and remove unknown threats

What is our primary use case?

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution. Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit. Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

Pros and Cons

  • You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.
  • The reporting feature needs improvement.

Cost and Licensing Advice

  • Licenses are perpetual but can come with renewable support.

What other advice do I have?

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. Importantly, the vast capabilities make it worthwhile.
reviewer1363347
Product Manager - IT Security at a tech services company with 11-50 employees
Real User
Aug 13, 2020
You can configure granular controls just as you want those policies to be implemented

What is our primary use case?

Our primary use case is for device compliance and access control.

Pros and Cons

  • Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it.
  • I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy.

What other advice do I have?

On a scale of one to ten I would give Forescout Platform a nine.
reviewer1348911
Sr. Network Engineer at William Blair & Company
Real User
Top 5Leaderboard
May 13, 2020
Monitors network access globally and improves overall security while reducing risk

What is our primary use case?

To be able to improve security within our network. We needed Network Access Control (NAC). As such, we reviewed the available vendors who could provide this service to us and selected the Forescout CounterACT (CA) product primarily because we needed to be able to position the product in several regional locations. At the same time, we managed and controlled it locally and dynamically where we have it responding to a single control center. While we have implemented today strictly for wireless access, we will be extending that to include wired access in the future.

Pros and Cons

  • Forescout CounterACT has allowed us to better open our access and control wireless access globally from our HQ. This allows us to monitor the network access for every office globally. This has improved overall security, reducing risk and opening up the opportunity to provide greater end user flexibility.
  • More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated.

Cost and Licensing Advice

  • The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access.
Miguel Santiago
Owner at Securnet
Real User
Top 5Leaderboard
Mar 10, 2020
Has a valuable Bring Your Own Device feature and good usability

What is our primary use case?

We are using the Forescout Platform mostly for the Bring Your Own Device features. So we like it very much. We like the dashboard, the usability, and the Bring Your Own Device feature. That's our main usage of the Forescout.

Pros and Cons

  • We think it's simple. We think it's very useful and we really like reports and everything.
  • The biggest disadvantage is the pricing.

What other advice do I have?

I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will buy it. I would rate Forscout Device Visibility and Control Platform at a nine out of ten.
Michael Varga
IS-Operations Security Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 5Leaderboard
Feb 22, 2019
It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.

Pros and Cons

  • Emergency response, risk assessment information to get a view of the of the vulnerability.
  • Search - needs boolean functionality (or pseudo operand now working).

Cost and Licensing Advice

  • Devices with multiple IP's count multiple times against your license count.

What other advice do I have?

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.
reviewer1155042
Chief Information Security Officer at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Feb 22, 2020
Good compliance with simple user interface, and lots of plugins

What is our primary use case?

We've been able to use the solution for a couple of tasks including using it to monitor for anti-virus compliance. We also use it to monitor the health of the security history of our endpoints.

Pros and Cons

  • The user interface is quite simple.
  • The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup.

What other advice do I have?

I'd advise companies to ensure their teams are well trained in ForeScout before starting implementation of any kind. Those setting up and using the solution should have a basic background in networking. If users are comfortable with configuring, they can create processes for the environment. That way, it will be deployed properly. Teams should also test the solution first before they launch so there won't be any surprises. If they need to make changes, they need to manage the process properly. I'd rate the solution nine out of ten. If it was a bit less complex, I'd give it perfect marks.
See 10 more Forescout Platform Reviews