Forescout Platform Overview

Forescout Platform is the #1 ranked solution in our list of top IoT Security tools. It is most often compared to Cisco ISE (Identity Services Engine): Forescout Platform vs Cisco ISE (Identity Services Engine)

What is Forescout Platform?

ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings.

Forescout Platform is also known as Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT.

Forescout Platform Buyer's Guide

Download the Forescout Platform Buyer's Guide including reviews and more. Updated: May 2021

Forescout Platform Customers

NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust

Forescout Platform Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
IS-Operations Security Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 5Leaderboard
It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.

Pros and Cons

  • "Emergency response, risk assessment information to get a view of the of the vulnerability."
  • "Search - needs boolean functionality (or pseudo operand now working)."

What other advice do I have?

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.
Network System Administrator at Compugraf
Real User
We now know how many devices are connected and what the use for each device is

Pros and Cons

  • "The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment."
  • "They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."

What other advice do I have?

I would rate this solution an eight out of ten because it's the best solution. I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.
Network and Security Engineer at Guaranty Trust Bank Plc (GTBank)
Real User
Top 20
SNMP Traps on switches is one of its most valuable features

What is our primary use case?

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

How has it helped my organization?

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

What is most valuable?

SNMP Traps on switches Getting the MAC address of the host from the ARP table of the switch and applying policy.

What needs improvement?

Battled with the use of SNMP v1 instead of v2c Direct web interface rather than installation of a client.

For how long have I used the solution?

One to three years.
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
Consultant
Provides visibility into the network and connected devices

What is our primary use case?

Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.

How has it helped my organization?

The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.

What is most valuable?

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

What needs improvement?

Multitenancy should be included in the next version so it could be used as a managed service provider.

For how long have I

VP IT Security at a financial services firm with 501-1,000 employees
Vendor
The most valuable feature for us is the visibility into all connected devices.

What is most valuable?

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

How has it helped my organization?

You can query a lot of information from the connected device, including their compliance statuses.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

There have been no issues with scaling it.

How was the initial setup?

The initial setup was complex, but that was due to the nature of the network architecture.

Which other solutions did I evaluate?

We didn't…
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees
Vendor
We like that it can do network access control either with 802.1x or without 802.1x since many network devices are not ready to do 802.1x.

Pros and Cons

  • "The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x."
  • "Definitely, having more third-party integration would be an improvement."

What other advice do I have?

The most important thing would be that a NAC project involves more than just the network. You've got to have client people, PKI people, active directory people all working together with the network to make this product work and make it happen. There's so many ways that it could interrelate. If you're in a very large company, you've got to break down the silo walls and get everybody together from the beginning to make this thing work out, but once you have those people together, this is something that every group wants to have. Desktop people want it, the mobile people want it, the scanning…
Network Administrator at a university with 501-1,000 employees
Vendor
As a university, we have used ForeScout to help us get a hold on student computers and their infections.

What other advice do I have?

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production. ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons…
Information Security Manager at a legal firm with 1,001-5,000 employees
Vendor
The most valuable feature for us is the real-time alerting of newly connected devices. The reporting could be a bit more intuitive and user friendly.

What other advice do I have?

Do your homework ahead of time. Ensure that you have up-to-date network maps and that understand your network's architecture.
System Architect at a insurance company with 1,001-5,000 employees
Vendor
You can use it to implement 802.1x on your infrastructure and also have a very granular control of your devices, including shadow devices.
Chief Operating Officer at a tech services company with 51-200 employees
Consultant
If a machine becomes infected by a user accessing the web, it has the ability to immediately quarantine that machine, isolating it from the network.

What other advice do I have?

They also offer a monitoring service which is a good value if you do not have someone in house to monitor ForeScout on site. This can be full or part time. ForeScout is a powerful network access control tool that has some features found in insider threat solutions, though it is not exactly made for that.
Program Manager at a government with 10,001+ employees
Vendor
It gives us a clear initial and secondary view of what's happening on our network to determine its health.

What is most valuable?

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

What needs improvement?

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

For how long have I used the solution?

We've been using for over seven years since the beginning of the SOC.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's been very stable. We've had no issues with stability.

What do I think about

VP, Infrastructure Management and Security Services at a energy/utilities company with 5,001-10,000 employees
Vendor
It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

What other advice do I have?

Definitely use it. It's a good protection tool.
Network Administrator at a logistics company with 1,001-5,000 employees
Vendor
It prevents a computer that may have an exploit or is malicious in some way from getting an IP address and connecting to our network.

What other advice do I have?

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.
Network Security Manager at a tech services company with 501-1,000 employees
Consultant
It provides endpoint visibility of our network and controls who can access network resources.

What other advice do I have?

I think it is a good product and definitely fills the gap. I don't think we have many competitors at this stage. The major competitor is Cisco, but the biggest advantage of CounterACT is vendor agnostic. It means that it can work with a variety of different products. That is the biggest advantage.
Pre-Sales Engineer at a tech services company with 51-200 employees
Consultant
For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Its graphical user interface could use a revamp.

What other advice do I have?

ForeScout CounterACT is like a Pandora's box, which contains a lot of functionalities that can be used to improve the customer's daily operation tasks and reduces manual workforce. It is recommended that the implementer understand what CounterACT can be used to do as different customers' business functions could use different functions of CounterACT.
Information Security Architect at a financial services firm with 1,001-5,000 employees
Vendor
The most valuable features for us include antivirus compliance monitoring and guest management.

What other advice do I have?

To get the best out of the solution, the organization’s networks team must be willing to take ownership and provide assistance where required. Use tools like Gigamon during deployment and avoid spanning directly from Cisco switches.
Senior Security Engineer with 51-200 employees
Vendor
The NAC engine is flexible since it doesn’t need the use of 802.1x. We use the solution to test or troubleshoot customer configurations.

What other advice do I have?

Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.
Security Analyst at a retailer with 1,001-5,000 employees
Vendor
We're able to defend against unauthorized access to the network, thus distinguishing between corporate users and guests. But, detection and control of dual-homed devices needs improvement.

What other advice do I have?

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.
Network and Security Engineer at a financial services firm with 1,001-5,000 employees
Vendor
It provides us with real-time visibility and control of devices accessing our network, although false positives should be reduced.

What other advice do I have?

You can go ahead, but you will need good network skills to get the maximum benefits from it. I would also advise that you don't activate all the add-on features, but use it solely for its primary function - visibility and rogue detection/blocking.
Network Access Control Security at a government with 10,001+ employees
Real User
Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP

What other advice do I have?

Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP address. For example, a busy core switch can have 20+ IP addresses, and each one goes against your license count. Also, if you plan to have it behind a firewall, take into consideration your firewall's connection limitations. Although CounterACT isn't really a heavy bandwidth user, it does open a ton of short connections on a constant basis. The more you tune these down, the less accurate your real time host information becomes.