We like pretty much everything that it does. Vulnerability remediation is valuable. We can narrow down a system and its properties. We can go granular on the properties of each endpoint, such as which operating system you're using. 

This is clearly the best product for the NAC use cases in this field for Forescout. It is difficult to implement. I wouldn't say it's complicated in that sense. It all depends on who is using it. 

If people don't understand the product, it's obviously complicated because it has multiple components that are difficult to mix and match and bring into the environment, which we faced a couple of years ago. But now that we know how the products and different licensing models work, we can bring in the right components, such as modules and all. It's kind of like once you know the product is simple.  Otherwise, you must understand that this is somewhat complicated.

The most valuable feature of the Forescout Platform it's highly customizable and flexible.

Forescout Platform's best feature is asset management.

Forescout Platform's most valuable features are that it is very granular. We are able to cull out a lot of information about our particular device or endpoint. The configuration and the visibility are very seamless. Overall the solution is very easy to handle and it's very comprehensive.

We have visibility of all the hidden assets and there are various versions of implementations of an AV in our environment. From the Forescout Platform, we have clarity of the device, and all the different versions reported in a simple dashboard. The number of attacks has been minimal. After this installation, we didn't have any kind of noticeable incident.

We use the Forescout Platform for device visibility and control in our network. It's very helpful for tracking malicious or unusual activity. We use it to track which ports are open, which machines are running specific services, and to identify vulnerabilities. For example, there was a vulnerability related to SMB, and we could use the product to determine which machines inside our organization were allowing SMB traffic.

The tool's most valuable feature is its ease of configuring and controlling endpoints, particularly in building policies for endpoint management. Its interface is simple to use and offers good visibility.

When compared with other solutions, the Forescout Platform's standout feature is its ability to integrate with various systems. This capability is particularly valuable as it supports the implementation of a zero-trust architecture. We are currently in the process of constructing our zero-trust architecture, wherein the tool serves as a pivotal component.

The solution's compliance capabilities have indeed been very beneficial for our organization. Unlike other solutions, it allows us to implement controls swiftly. Typically, transitioning to a blocking mode with other solutions would take around six months. However, we achieved this with the Forescout Platform within just one month.

Forescout has a feature that blocks the endpoint at the point of collection. It sets preconditions and will block the system if those aren't met. 

The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain.

The most valuable feature of the solution is that it is not dependent on whatever suite or product you use.

The product is very easy to work with and easy to deploy.

I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks.

The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches. In addition to its comprehensive feature set, it focuses on AAA for enhanced security and network control.

There are so many to list: 

• The policies and what you can do with them is amazing. 
• The ability to narrow down devices online versus offline.
• Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
• The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

The solution's implementation and operation are very easy. The solution's GUI is very user-friendly. It doesn't have a lot of components. It has only one device or a few devices connected to one management with only one agent.

Firstly, I like the stability. Secondly, the ease of deployment— it's not complex. Thirdly, there's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Fourthly, good documentation is available. We have detailed information about the product.

Forescout Platform's best feature is plug-in integration.

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

The interface is easy to use.

The 802.1X configuration, which is difficult for all switches, is not required. It makes it easier to work with switches and IoT devices.

Forescout is easy to integrate with a lot of end systems.

It is very simple to set up.

We can scale the product.

It's stable.

Pre-sales is very helpful. 

The ability to control to identify devices and control the actual devices was great.

It is easy to set up.

It's stable and reliable.

The scalability is good. 

It is an affordable solution. 

The product is easily deployable and it is agentless.

The environment was easy to configure. 

The user management has been very easy for the most part.

The initial setup is pretty easy.

Technical support has been very helpful.

The stability overall is good.

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x. Many network devices are not ready to do 802.1x. Lots of endpoints are not ready to do it, or they're poor at it, so having a non-.1x solution is critical for maintaining stability on our network.

• Network Access Control, its core use
• Asset Intelligence for deskside
• "What port is it plugged into" intelligence for deskside
• Patch-level Auditing
• Emergency response, risk assessment information to get a view of the vulnerability
• "What PC is a user on" for helpdesk/IT security/deskside
• Forces PEN Testers to request permission to exist on your network

The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost.

Endpoint visibility, policy flexibility, compatibility and integration with other products.

The solution's support is excellent. They are making an effort to attract more customers, which is reflected in their fast response times.

Forescout Platform has granular features and one of the most impressive features is the agentless feature. No agent installation is necessary for Forescout, which is amazing! It allows for agentless visibility into our network, even for Cisco devices that normally require the installation of AnyConnect.

The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices.

The best parts of Forescout Platform are its orchestration features, discovery capabilities, classification buckets, and flexibility in creating policies.

A very valuable feature is the discovery mode. It covers all types of devices on the network, which we didn't know existed.

The key feature we use is AD integration. That feature needs the least amount of attention once set up. 

Monitoring and logging are the pieces that we use most day-to-day. These are used by both our network and security teams to ensure proper operation with minimal risk. Whether machines attempting access are firm managed, vendors visiting, or IoT, all are available within the CA appliance. We plan to extend the use to further support growth functionalities and new work from home initiatives going forward.

Forescout Platform is a very good NAC solution.

It's a very good product.

The agentless visibility is definitely unmatched and outstanding. 

The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done. 

It is a good solution, Garner rated because their leadership quadrant position is responsible for their market.

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

The solution's most valuable aspects are its network visibility and its ability to extend into other solutions for integration purposes. 

The initial setup is quite simple. It's not too complex or difficult to set up.

Access control: Being able to set policies that determine how devices join our network and how they are expected to behave while on the network. The fact that we are able to access the hygiene of our endpoint and monitor it continuously makes it fit for purpose.

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

The 802.1X compliance authentication feature of this solution is very good.

The last two or three versions that have been released on CounterACT Forescout have allowed for the possibility to search for any kind of device. Before that, I could only search for guest domain users.

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

The network access control is a valuable feature for us. It provides endpoint visibility of our network and controls who can access network resources. That's really powerful.

• Alerting as to non-compliant machines
• Ability to quarantine infected machines
• Ability to determine if patches are not up to date

The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good.

Forescout Platform provides multiple features. They have a very effective device fingerprinting in their cloud. You do not need to add any devices manually, such as in Mac devices. Other solutions you have to add IoT devices and OT devices manually. This is one of the major areas that Forescout Platform is excelling in.

There are features that you can protect your organization.

The virtual firewall available on this solution is great and assists us in securing our servers. Additionally, the threat prevention feature provides complete visibility. It is very helpful in detecting, blocking and monitoring heavy scanning on the system.

The most valuable feature is the ease of deployment, which does not require the use of an agent.

We are satisfied with the interface.

The most valuable feature is the blocking of USB devices.

Now that I'm used to it I don't see many places to improve it. We really like it as it is. We think it's simple. We think it's very useful and we really like reports and everything. We like it very much.

The most valuable features are remote access and administration scripts.

CounterACT is a very flexible product in terms of deployment where the users will have a Layer 2 or Layer 3 deployment depending on their network infrastructure while maintaining the product's features regardless of which deployment. For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Besides that, deploying CounterACT introduces almost little-to-no network infrastructure changes.

Integration with third-party products is also an important feature of CounterACT. While many of their competitors' products can only be integrated within their own portfolio, CounterACT manages to integrate with today's top security products to cover the security gaps that many solutions may introduce. CounterACT also provides a ControlFabric platform which may allow the users to integrate all of their security and network solutions into CounterACT.

The solution offers very good management.

It allows for good detection of all the vendor products we have on-site.

The solution is very similar to other solutions, so it's not hard to figure out how to use it.

It's a great solution. We use it for the internet here and it's been helpful. It's a great product for our Mac PCs and we can implement it to both our wireless and our wired network.

It's very quick.

The compliance aspects of the solution are excellent and one of the solution's best features. It helps us maintain the compliance of our endpoints.

In terms of physical tools, we are very satisfied.

In our organization, the solution provides us with a sound perimeter. 

The user interface is quite simple.

The version we're currently on, 8.6, has a lot more plugins than past versions. Now you can plug in anything you want. It helps us to utilize the product more fully.

The most important feature is that this solution works well without a 802.1x feature. You can use CounterACT to implement that feature and also have a very granular control of your devices, including shadow devices.

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

This is far better than any other Mac solution. Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly.

Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it. 

The pricing, technical support, stability, scalability, initial set up, interface, dashboards, management, and monitoring are fantastic. They are excellent. 

The licensing of the solution is pretty simple. The process of deploying the solution is pretty straightforward. The dashboard, in terms of monitoring and management, is pretty simple. Maybe because I have a very robust technological background is why I don't struggle with these things. In terms of management, deployment, and support, although I really don't require their support, so far, so good.

We really like that we get full visibility of devices in the local network.

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

• SNMP Traps on switches
• Getting the MAC address of the host from the ARP table of the switch and applying policy.

The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

The most valuable feature for us is the real-time alerting of newly connected devices, whether they are approved or unapproved devices on our network.

• Guest management
• Antivirus compliance monitoring
• USB connection management

• Rogue detection and blocking
• Guest registration
• Full visibility of network hosts
• Threat protection