We just raised a $30M Series A: Read our story

Forescout Platform OverviewUNIXBusinessApplication

Forescout Platform is the #1 ranked solution in our list of top IoT Security tools. It is most often compared to Cisco ISE (Identity Services Engine): Forescout Platform vs Cisco ISE (Identity Services Engine)

What is Forescout Platform?

ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings.

Forescout Platform is also known as Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT.

Forescout Platform Buyer's Guide

Download the Forescout Platform Buyer's Guide including reviews and more. Updated: October 2021

Forescout Platform Customers

NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust

Forescout Platform Video

Archived Forescout Platform Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AM
Founder at EME Pty Ltd
Real User
Easy to manage and prevents network access by rogue devices throughout our network

What is our primary use case?

We use this solution for Network Access Control to prevent rogue devices connecting into the network.

How has it helped my organization?

This product allows monitoring and control of the PC fleet across the company.

What is most valuable?

The most valuable features are remote access and administration scripts.

What needs improvement?

We experienced some detection issues when checking compliance for the Sophos agent.

What is our primary use case?

We use this solution for Network Access Control to prevent rogue devices connecting into the network.

How has it helped my organization?

This product allows monitoring and control of the PC fleet across the company.

What is most valuable?

The most valuable features are remote access and administration scripts.

What needs improvement?

We experienced some detection issues when checking compliance for the Sophos agent.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Michael Varga
IS-Operations Security Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 5Leaderboard
It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.

Pros and Cons

  • "Emergency response, risk assessment information to get a view of the of the vulnerability."
  • "Search - needs boolean functionality (or pseudo operand now working)."

How has it helped my organization?

  • Immediate relocation of network devices to segregated "Vendor" network based on autonomous analysis. Prevents scanning, malware spread, corporate asset (i.e. printer) misuse, and reconnaissance on our network by third-party devices. Allows us to block VPN from our corporate network but still allow Vendors to establish them.
  • Better information provided by Level 1 support (helpdesk) regarding asset information as we provide them with R/O access to the tool
  • Visitor policy communication & acceptance

What is most valuable?

  • Network Access Control, its core use
  • Asset Intelligence for deskside
  • "What port is it plugged into" intelligence for deskside
  • Patch-level Auditing
  • Emergency response, risk assessment information to get a view of the vulnerability
  • "What PC is a user on" for helpdesk/IT security/deskside
  • Forces PEN Testers to request permission to exist on your network

What needs improvement?

  • JAVA Memory management - leaving the app running for multiple days requires relaunch
  • Search - needs boolean functionality (or psudeau operand now working)

What do I think about the stability of the solution?

Stability has been good.

What do I think about the scalability of the solution?

  • It is very scalable, allowing additional strategic appliances as required in either physical or VM format.
  • We control >400 field sites, two Oilsands mines, multiple remote platform locations, 2 Canadian Metro offices and 1 UK office with 4 appliances centrally located.

How are customer service and technical support?

Customer Service:

It's excellent! 

Technical Support:

It's excellent!

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

It was straightforward, although I recommend having a strong relationship with network-asset owners to ensure SNMP rights are looked after.

What about the implementation team?

We used a vendor, Conexsys (Graham Cheng & Jerry G), who were excellent.

What's my experience with pricing, setup cost, and licensing?

Forescout's flex licensing has made our deployment more agile and helps us adapt our environment without buying more hardware.  

Under their old model, licensing was tied to 4k and 10k appliances which strained under the new v7 and v8 Forescout OS when nearing their designed capacity.  To acquire a new appliance, physical or virtual, meant buying licensing for that size of appliance.

Under the new flex licensing model, we've been able to deploy VM appliances, responsible for host interrogation and management, while retaining our physical appliances for SNMP switch management, and span aggregation.  

Under the flex licencing model, we've deployed to our ICS segments, and are deploying VMs to our DCS environment, allowing for full visibility under one 'pane of glass' of nearly every host on our network.

Ensure you consider everything you want to monitor that has an IP. Devices with multiple IP's count multiple times against your license count.

Which other solutions did I evaluate?

This was chosen without hands-on evaluation based on reviews and industry feedback.

What other advice do I have?

If you have distributed services (DHCP), strategically ensure you generate reliable traffic to establish timely inspections. We've avoided the use of traps by centralizing our DHCP at HQ, but it causes black holes during inspection schedules in case of a static device being plugged in.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,884 professionals have used our research since 2012.
Ricardo Martins
Network System Administrator at Compugraf
Real User
We now know how many devices are connected and what the use for each device is

Pros and Cons

  • "The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment."
  • "They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."

How has it helped my organization?

The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.

What is most valuable?

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

What needs improvement?

They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.

The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We never had a problem with this product. It has worked very well.

What do I think about the scalability of the solution?

It's very simple to scale and to implement more devices and licenses. It's easy to grow.

How are customer service and technical support?

We haven't had to use their technical support. 

Which solution did I use previously and why did I switch?

We switched because ForeScout is the best tool for Mac. 

How was the initial setup?

The initial setup was very easy, very simple to deploy. We didn't have problems or difficulties with the implementation.

Which other solutions did I evaluate?

We also looked at Fortinet. 

What other advice do I have?

I would rate this solution an eight out of ten because it's the best solution. 

I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Olugbenro Iluyemi MSOR, CCNA-Security, SENSS, ITIL V3
Network and Security Engineer at Guaranty Trust Bank Plc (GTBank)
Real User
Top 20Leaderboard
SNMP Traps on switches is one of its most valuable features

What is our primary use case?

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

How has it helped my organization?

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

What is most valuable?

SNMP Traps on switches Getting the MAC address of the host from the ARP table of the switch and applying policy.

What needs improvement?

Battled with the use of SNMP v1 instead of v2c Direct web interface rather than installation of a client.

For how long have I used the solution?

One to three years.

What is our primary use case?

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

How has it helped my organization?

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

What is most valuable?

  • SNMP Traps on switches
  • Getting the MAC address of the host from the ARP table of the switch and applying policy.

What needs improvement?

  • Battled with the use of SNMP v1 instead of v2c
  • Direct web interface rather than installation of a client.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manuel Keller
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
Consultant
Provides visibility into the network and connected devices

What is our primary use case?

Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.

How has it helped my organization?

The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.

What is most valuable?

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

What needs improvement?

Multitenancy should be included in the next version so it could be used as a managed service provider.

For how long have I

What is our primary use case?

Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.

How has it helped my organization?

The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.

What is most valuable?

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

What needs improvement?

Multitenancy should be included in the next version so it could be used as a managed service provider.

For how long have I used the solution?

More than five years.
Disclosure: My company has a business relationship with this vendor other than being a customer:
it_user400680
VP IT Security at a financial services firm with 501-1,000 employees
Vendor
The most valuable feature for us is the visibility into all connected devices.

What is most valuable?

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

How has it helped my organization?

You can query a lot of information from the connected device, including their compliance statuses.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

There have been no issues with scaling it.

How was the initial setup?

The initial setup was complex, but that was due to the nature of the network architecture.

Which other solutions did I evaluate?

We didn't…

What is most valuable?

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

How has it helped my organization?

You can query a lot of information from the connected device, including their compliance statuses.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

There have been no issues with scaling it.

How was the initial setup?

The initial setup was complex, but that was due to the nature of the network architecture.

Which other solutions did I evaluate?

We didn't look for other solutions.

What other advice do I have?

Have a clear understanding and document the network architecture before you deploy it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user376773
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees
Vendor
We like that it can do network access control either with 802.1x or without 802.1x since many network devices are not ready to do 802.1x.

Pros and Cons

  • "The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x."
  • "Definitely, having more third-party integration would be an improvement."

What is most valuable?

The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x. Many network devices are not ready to do 802.1x. Lots of endpoints are not ready to do it, or they're poor at it, so having a non-.1x solution is critical for maintaining stability on our network.

How has it helped my organization?

We did not have a NAC prior to ForeScout. It provides constant monitoring of the endpoints either through an agent or periodic monitoring with a local admin account. This makes posturing very easy to do. Once the device is on the network, we're able to determine, does it continue to meet the requirements that we need for a device to stay on the network?

What needs improvement?

Definitely, having more third-party integration would be an improvement. This is something that they're doing. Other products that we have on our network, if we're able to get ForeScout to talk with them, we'll get much better information to those products, things like Splunk and other data gathering.

Also, I think we have Rapid7, so all these different programs that want to collect a lot of information, ForeScout is able to do that. So having it being able to talk to them, the more it can talk to, the better it is.

I think there are some product maturity issues in terms of the web interfaces that its able to present for end users. They're working on those. Those are improving, and just other features that come along with them growing into this space that they have. They're getting feedback from us, and they're getting feedback from other very large customers on what to do to improve, and they respond very well.

For how long have I used the solution?

2 years

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

We had a few issues that were unique to our environment, but ForeScout tech support has been very timely in being able to respond to them and getting us support we needed. We have had to have a few reboots due to some outages, but again, these are things that were able to be resolve very quickly. Overall, I would say that this is a stable solution.

What do I think about the scalability of the solution?

We're a huge company, over 100,000 employees, and it does require that we have done our homework ahead of time -- that we know where our address space is, that we know what's out there, and being able to come up with a deployment plan is our responsibility. Once we had that, we were able to go with it, and it works very well.

How is customer service and technical support?

Customer Service:

Very good.

Technical Support:

Very good.

How was the initial setup?

Device setup is straightforward - NAC itself is always a complex thing due to its profiling of EVERY device that connects to the network.

What about the implementation team?

The ForeScout engineers were there to help us without the standard, "Oh, you have over 100,000 endpoints? Well here's what every 100,000-endpoint company does."

Which other solutions did I evaluate?

We compared ForeScout to Cisco ISE. There were some other vendors in this space, but we felt they were for mid-sized companies at largest. Cisco looked like they had an offering that would be able to compete head-to-head with it in terms of size. The reason we picked this over ISE was because ForeScout had a non-802.1x solution for the wired network. We would avoid a lot of chaos and a lot of destruction if we go that route. Also, ForeScout had fewer vulnerabilities whereas Cisco ISE had several level-10 vulnerabilities that have been observed over the years. While we were testing it, two of them came out.

ForeScout has never had a vulnerability above 7.0, so when we look at the security of the system, it definitely meets that requirement where this is not something that's going to be compromised the way it looked, as though Cisco ISE had some potential for that. Much less disruptive, both Cisco ISE and ForeScout really require a client to get the full features of the system. They say that it can run client-less, but having the client gives a lot better functionality, and the ForeScout client just worked a lot better for us on our endpoints.

What other advice do I have?

The most important thing would be that a NAC project involves more than just the network. You've got to have client people, PKI people, active directory people all working together with the network to make this product work and make it happen. There's so many ways that it could interrelate. If you're in a very large company, you've got to break down the silo walls and get everybody together from the beginning to make this thing work out, but once you have those people together, this is something that every group wants to have. Desktop people want it, the mobile people want it, the scanning people. Everybody wants it once they see it, so it does sell itself, but you've got to have that education meeting up front.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user113817
Network Administrator at a university with 501-1,000 employees
Vendor
As a university, we have used ForeScout to help us get a hold on student computers and their infections.

What is most valuable?

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

How has it helped my organization?

ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.

What needs improvement?

The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.

The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.

For how long have I used the solution?

We have used ForeScout since summer of 2012.

What was my experience with deployment of the solution?

Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.

What do I think about the stability of the solution?

Stability has been like a rock, and it is a product that just seems to work.

What do I think about the scalability of the solution?

We have had no issues with scaling it for our needs.

How are customer service and technical support?

We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.

Which solution did I use previously and why did I switch?

We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.

How was the initial setup?

The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.

Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.

What about the implementation team?

We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.

What other advice do I have?

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.

ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Information Security Manager at a legal firm with 1,001-5,000 employees
Vendor
The most valuable feature for us is the real-time alerting of newly connected devices. The reporting could be a bit more intuitive and user friendly.

What is most valuable?

The most valuable feature for us is the real-time alerting of newly connected devices, whether they are approved or unapproved devices on our network.

How has it helped my organization?

Since our implementation of CounterACT, it has kept us aware of unapproved devices attempting to connect to our network which pose security threats.

What needs improvement?

The reporting could be a bit more intuitive and user friendly.

For how long have I used the solution?

I have used CounterACT for two years.

What was my experience with deployment of the solution?

There were many issues with deployment, but these were largely due to our own network architecture issues.

What do I think about the stability of the solution?

There were many issues with stability, but these were largely due to our own network architecture issues.

What do I think about the scalability of the solution?

There were many issues with scalability, but these were largely due to our own network architecture issues.

How are customer service and technical support?

I'd rate ForeScout's technical support as fair-to-good.

Which solution did I use previously and why did I switch?

We did not have a previous NAC solution in place prior to CounterACT.

How was the initial setup?

The initial setup was complex.

What about the implementation team?

We used a vendor team for the implementation.

What other advice do I have?

Do your homework ahead of time. Ensure that you have up-to-date network maps and that understand your network's architecture.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
System Architect at a insurance company with 1,001-5,000 employees
Vendor
You can use it to implement 802.1x on your infrastructure and also have a very granular control of your devices, including shadow devices.

What is most valuable?

The most important feature is that this solution works well without a 802.1x feature. You can use CounterACT to implement that feature and also have a very granular control of your devices, including shadow devices.

How has it helped my organization?

We were searching for a solution that could help us not only to detect and manage unauthorized access, but also to implement 802.1x on our infrastructure. And when we were working to reach that goal, we found other improvements from using CounterACT, such as antivirus installation, P2P control, and shadow IT -- and that's another plus for them.

What needs improvement?

The best improvement they could make would be reporting and better integration with AD. Last but not least, a management web interface would be nice in the next version/release.

For how long have I used the solution?

We've used it for about a year.

What was my experience with deployment of the solution?

We had no issues with the deployment.

What do I think about the stability of the solution?

We have an HA cluster in place that works very well. We've had no issues with stability.

What do I think about the scalability of the solution?

We had no issues scaling it for our needs.

How are customer service and technical support?

Fortunately, for now, we've had no need to call technical support.

Which solution did I use previously and why did I switch?

We didn't have a NAC solution in place. This is the very first solution we've tried mostly because other solutions have 802.1x as a mandatory requirement.

How was the initial setup?

It was not so easy to deploy in our environment, the learning curve for this solution is quite hard.

What about the implementation team?

From my experience, it is impossible to implement this kind of solution in-house. You need a consultant or a trained person who can do this job.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Chief Operating Officer at a tech services company with 51-200 employees
Consultant
If a machine becomes infected by a user accessing the web, it has the ability to immediately quarantine that machine, isolating it from the network.

What is most valuable?

  • Alerting as to non-compliant machines
  • Ability to quarantine infected machines
  • Ability to determine if patches are not up to date

How has it helped my organization?

If a machine becomes infected by a user accessing the web, ForeScout has the ability to immediately quarantine that machine, isolating it from the network. Before this, someone would literally have to run down the hall and shut off a machine in the event of a breach and infection by malware.

What needs improvement?

It needs enhanced mobile support, but I have heard that this is coming.

For how long have I used the solution?

We've used it for six months.

What was my experience with deployment of the solution?

It took some time to get the policies set up and applied once ForeScout was physically in place. A dedicated resource and timely decisions from management can make this deployment faster. Make sure you account for anything and everything in your environment which has an IP address. We also had one device that was DOA but it was quickly replaced.

What do I think about the stability of the solution?

We have had no stability issues.

What do I think about the scalability of the solution?

Scalability was not a problem for this site as we have less than 1000 endpoints.

How are customer service and technical support?

Excellent. Our support engineer was extremely helpful and available.

Which solution did I use previously and why did I switch?

This was the first of its kind in the environment.

How was the initial setup?

With the assistance of the support engineer, it wasn't too bad. But it depends upon the state of your network. If everything is set up correctly, it will go much smoother. For example, having SNMPv3 activated everywhere is a requirement so that ForeScout can see everything.

What about the implementation team?

We used our in-house personnel with the support engineer guiding us along via WebEx.

What's my experience with pricing, setup cost, and licensing?

They are competitively priced for a medium-to-large sized organization.

Which other solutions did I evaluate?

This is not a very crowded segment for this kind of a product, and ForeScout is the best known of this small field.

What other advice do I have?

They also offer a monitoring service which is a good value if you do not have someone in house to monitor ForeScout on site. This can be full or part time. ForeScout is a powerful network access control tool that has some features found in insider threat solutions, though it is not exactly made for that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user402891
Program Manager at a government with 10,001+ employees
Vendor
It gives us a clear initial and secondary view of what's happening on our network to determine its health.

What is most valuable?

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

What needs improvement?

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

For how long have I used the solution?

We've been using for over seven years since the beginning of the SOC.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's been very stable. We've had no issues with stability.

What do I think about

What is most valuable?

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

What needs improvement?

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

For how long have I used the solution?

We've been using for over seven years since the beginning of the SOC.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's been very stable. We've had no issues with stability.

What do I think about the scalability of the solution?

We probably have 172,000 users in our department, so I would say that it's scalable. It's in the SOC. We'll probably need to scale it further as we expand it to our 20 other departments.

How are customer service and technical support?

I've never had to use technical support.

Which solution did I use previously and why did I switch?

We also use FireEye, NetWitness, Blue Coat, and a few others I can't remember.

How was the initial setup?

I joined the department when it was all setup already.

What other advice do I have?

Go for it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user320970
VP, Infrastructure Management and Security Services at a energy/utilities company with 5,001-10,000 employees
Vendor
It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

Valuable Features

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

Improvements to My Organization

We use it to prevent malicious activities on our network that potentially infiltrate it. We've been able to take out over twenty percent of our threats connected into our environment that we just never had a means to stop from connecting up to our network.

We've discovered regular assets. Let's say you had a mobile device, you walked into our network, and you said "hey, I need to connect up to the network. I'm a contractor here for you all and I'm going to add in one device". You immediately now have access into our environment.

Room for Improvement

It needs easier integration to other partners that automate functions within the security phase. There's no difference because you're not going to be able to fill the places fast enough for all these security people. So how do you get it to be able to manage more with less people by automating some of the functions? So when, for instance, NetScout discovers something and installs a ticketing system instead of sending an alert to a person, it automatically opens a ticket with the appropriate levels and automates that stuff.

Deployment Issues

We've had no issues with deployment.

Stability Issues

It has been stable. The benefit wasn't around stability, it was more around preventing instability. What we were fearful about is whether or not customers would get impacted by the restriction of them not being able to connect to the network.

For instance: you're an employee, your laptop was part of our asset, but your phone was not and your tablet was not. All of the sudden, now all three of those devices were all connected into environment. Well, I only want your laptop to be connected. Your mobile devices, I really don't care to because when you go, you surf wherever you want on your stuff. You could probably pull up malware and then plug it in as soon as you put in your credentials into our network. So we want to keep that one off and allow you to connect to the network but connect to the internet, but not to my infrastructure.

Scalability Issues

We haven't scaled it all the way up, but we started to pilot, grew it to a couple of floors, and then grew it to an entire building.

Customer Service and Technical Support

I've never had to use it.

Initial Setup

My understanding is that it was complex simply because my mandate is to zero-in back to the user.

Other Solutions Considered

We did look at multiple partners and we ended up with ForeScout.

Other Advice

Definitely use it. It's a good protection tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user400728
Network Administrator at a logistics company with 1,001-5,000 employees
Vendor
It prevents a computer that may have an exploit or is malicious in some way from getting an IP address and connecting to our network.

What is most valuable?

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

How has it helped my organization?

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

What needs improvement?

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

What was my experience with deployment of the solution?

We've had no issues with deploying it.

What do I think about the stability of the solution?

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

What do I think about the scalability of the solution?

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

How are customer service and technical support?

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

Which solution did I use previously and why did I switch?

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

How was the initial setup?

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

Which other solutions did I evaluate?

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

What other advice do I have?

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user400743
Network Security Manager at a tech services company with 501-1,000 employees
Consultant
It provides endpoint visibility of our network and controls who can access network resources.

Valuable Features:

The network access control is a valuable feature for us. It provides endpoint visibility of our network and controls who can access network resources. That's really powerful.

Improvements to My Organization:

The problem with vendors like Cisco is that their solutions are limited their to own ecosystem, and in general they don't work well with other vendors. With virtual machines, it can actually collect data from a variety of different network solutions, such as Cisco, Bloomberg, etc. Any routing platform out there, you can import it today. It can basically integrate these products and you can use it for enforcement. You can use them to collect the data. 

The other one is obviously that CounterACT can provide you with virtual ability to control who gets access to the network. It can act as a super-based machine and provide a level of security. It is integrated more easily than other vendors.

Room for Improvement:

The integration with Sync can be improved. We would like to see better integration with some other popular vendors. 

Also, the reporting needs improvement, as well as integration with PAL services. It also needs more options for different sizes of customers. It does really work well in the big departments. For smaller organizations it might be a little overkill of a solution.

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

We've had no issues with stability.

Scalability Issues:

We've had no issues with scalability.

Initial Setup:

It's a little bit too complex. A little bit of simplification when it comes to deployment might actually be better.

Other Advice:

I think it is a good product and definitely fills the gap. I don't think we have many competitors at this stage. The major competitor is Cisco, but the biggest advantage of CounterACT is vendor agnostic. It means that it can work with a variety of different products. That is the biggest advantage.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.
ITCS user
Pre-Sales Engineer at a tech services company with 51-200 employees
Consultant
For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Its graphical user interface could use a revamp.

Valuable Features

CounterACT is a very flexible product in terms of deployment where the users will have a Layer 2 or Layer 3 deployment depending on their network infrastructure while maintaining the product's features regardless of which deployment. For larger scale projects which includes multiple sites, CounterACT can be easily deployed in a centralized or decentralized manner. Besides that, deploying CounterACT introduces almost little-to-no network infrastructure changes.

Integration with third-party products is also an important feature of CounterACT. While many of their competitors' products can only be integrated within their own portfolio, CounterACT manages to integrate with today's top security products to cover the security gaps that many solutions may introduce. CounterACT also provides a ControlFabric platform which may allow the users to integrate all of their security and network solutions into CounterACT.

Improvements to My Organization

As a distributor's engineer working on CounterACT, there are a few vast changes that I have seen after deploying CounterACT for our customers. A few of our customers reportedly had an easier time with their auditors on endpoint compliance, where they would only need to generate and turn in CounterACT's report. This saves both the customer's and the auditor's time.

Another improvement that we can see is automated security, where the customers would not need to manually turn on and off the switch ports for their guests. CounterACT automatically recognizes these guest and provides a self-registration feature to their guest while still maintaining the customer's network security posture.

Room for Improvement

There are few areas which will need vast improvements. The CounterACT graphical user interface could use a revamp as it may not look appealing enough to the end users.

Another area which the CounterACT should improve is their ability to deliver a more precise error messages to their users. At times, the error messages are not clear enough and are too technical to understand. Some of their error messages are not generic, as they are only understandable by the ForeScout engineers.

Use of Solution

I've used it for three years.

Deployment Issues

There were no issues with deployment.

Stability Issues

There are few issues with CounterACT that need more attention, mainly it's ability to process and perform discovery faster. At times, CounterACT takes too long to determine the endpoints, which may cause delays to the end users.

CounterACT could also use a more stable management console interface. This is because there will be times where CounterACT takes too long to login to its management console.

Another issue with CounterACT is that it does not provide very meaningful error messages when some error occurs. The error messages are hidden and it does not show unless the users click on a specific button or mouse over to the problematic elements.

Scalability Issues

There have been no issues scaling it.

Customer Service and Technical Support

Customer Service:

The Customer Service is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

Technical Support:

The Technical Support is very responsive and helpful. They managed to resolve most of our issues with the products without much hassle.

Initial Setup

Initial setup is very straightforward because there are only a few network configurations needed to be done. It does not require any downtime and could be deployed at any time during production hour. There are a few endpoint configurations that need to be done, which users can do so through their Microsoft ActiveDirectory or desktop management tools or software.

Implementation Team

We implemented the solutions with our S.I. To ensure a smooth implementation, it is crucial to have all the endpoints and network requirements ready and configured before CounterACT is installed. It is recommended to start with the default policies and work on these policies to meet customers' requirements.

ROI

As we are an implementer, we do have an ROI for all our products.

Pricing, Setup Cost and Licensing

For pricing and licensing, CounterACT is not an overly expensive product. They can fit most of our customers' budgets.

Other Solutions Considered

We managed to evaluate Cisco ISE. Cisco ISE is a complex solutions to deploy where it only supports users who use Cisco switches.

ForeScout CounterACT is a much more appealing product because of the market here in Malaysia, where the users uses multiple brands of switches with complex network infrastructure. CounterACT could easily adapt to these environments without any changes made to the customer's network infrastructure.

Other Advice

ForeScout CounterACT is like a Pandora's box, which contains a lot of functionalities that can be used to improve the customer's daily operation tasks and reduces manual workforce. It is recommended that the implementer understand what CounterACT can be used to do as different customers' business functions could use different functions of CounterACT.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user381450
Information Security Architect at a financial services firm with 1,001-5,000 employees
Vendor
The most valuable features for us include antivirus compliance monitoring and guest management.

Valuable Features

  • Guest management
  • Antivirus compliance monitoring
  • USB connection management

Improvements to My Organization

The bank has been able to manage host connection on the network, manage antivirus, and restrict the use of USB on the bank’s systems.

Room for Improvement

The patch management ability of the solution needs to be re-examined.

Use of Solution

We've used it for five years.

Deployment Issues

There have been no issues with the deployment.

Stability Issues

There have been no issues with the stability.

Scalability Issues

There have been no issues with scaling it.

Customer Service and Technical Support

Customer Service:

Customer service is above average.

Technical Support:

Technical support is above average.

Initial Setup

It's straightforward to set up.

Implementation Team

We used a vendor team alongside an in-house one.

ROI

The ROI is commensurate with the price.

Pricing, Setup Cost and Licensing

The product is expensive.

Other Advice

To get the best out of the solution, the organization’s networks team must be willing to take ownership and provide assistance where required. Use tools like Gigamon during deployment and avoid spanning directly from Cisco switches.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Senior Security Engineer with 51-200 employees
Vendor
The NAC engine is flexible since it doesn’t need the use of 802.1x. We use the solution to test or troubleshoot customer configurations.

Valuable Features:

The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.

Improvements to My Organization:

Since my company is a systems integrator, we have ForeScout CounterACT in our lab just to test or troubleshoot customer configurations.

Room for Improvement:

There isn’t a specific area to improve. It’s a good product from my point of view. Maybe the licensing and cost can be improved.

Deployment Issues:

No issues with deployment.

Stability Issues:

Haven't had issues with stability.

Scalability Issues:

Haven't had to scale it.

Other Advice:

Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user347157
Security Analyst at a retailer with 1,001-5,000 employees
Vendor
We're able to defend against unauthorized access to the network, thus distinguishing between corporate users and guests. But, detection and control of dual-homed devices needs improvement.

What is most valuable?

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

How has it helped my organization?

With the use of the NAC solution from ForeScout, the company was able to defend against unauthorized access to the network, thereby thoroughly distinguishing who is a Corporate user and who is a Guest. Process for Guest Registration (if implemented properly) was also easy.

What needs improvement?

Detection and control of Dual-Homed devices needs to be improved, as the product sometimes gives false positives. Also, more custom policies should be made available.

For how long have I used the solution?

I used this solution for 14 months.

What was my experience with deployment of the solution?

There were issues of false positives whenever a new hotfix was installed even with the GA release. There was actually an issue where an upgrade to a new version of the hotfix plugin increased the CPU optimization and network bandwidth usage.

What do I think about the scalability of the solution?

ForeScout is scalable since a management device is available to manage other CT boxes.

How are customer service and technical support?

Technical support from ForeScout is pretty good, with escalations made promptly when needed.

Which solution did I use previously and why did I switch?

No previous solution.

How was the initial setup?

The initial setup was straightforward, as the steps were simple to understand. It only got complex when creating policies that are not simple.

What about the implementation team?

I worked for a vendor team, and for any client ready to implement this product, I would recommend that the necessary requirements for deployment should be done before the team arrives to start implementation. This makes deployment less stressful.

Which other solutions did I evaluate?

No other options were evaluated.

What other advice do I have?

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user342609
Network and Security Engineer at a financial services firm with 1,001-5,000 employees
Vendor
It provides us with real-time visibility and control of devices accessing our network, although false positives should be reduced.

Valuable Features

  • Rogue detection and blocking
  • Guest registration
  • Full visibility of network hosts
  • Threat protection

Improvements to My Organization

We are provided with real-time visibility and control of devices accessing our network.

Room for Improvement

  • Reduce false positives
  • Reduce bugs
  • Improve on host classification
  • Increase the Nigerian partner base

Use of Solution

We've been using it for over two years.

Deployment Issues

No major issues.

Stability Issues

No major issues.

Scalability Issues

No major issues.

Customer Service and Technical Support

It's good, but certainly it needs improvement especially on the side of the partners.

Initial Setup

Initial setup was straightforward. All it required was to integrate traffic sniffing/monitoring and management ports into our core switch, and instruct the core switch to mirror every traffic to the device through the sniffing port. The rest was simply to define all our network segments on the device and integrate all access switches via SNMP.

Implementation Team

We implemented it through ForeScout's only Nigerian partner, and this is what I would advise everyone interested in the solution to do.

Pricing, Setup Cost and Licensing

It is quite expensive, but there are specs for small companies as well.

Other Solutions Considered

Cisco ISE was also evaluated, but the CT10000 was easier to implement and integrate into our environment.

Other Advice

You can go ahead, but you will need good network skills to get the maximum benefits from it.

I would also advise that you don't activate all the add-on features, but use it solely for its primary function - visibility and rogue detection/blocking.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Network Access Control Security at a government with 10,001+ employees
Real User
Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP

What is most valuable?

Endpoint visibility, policy flexibility, compatibility and integration with other products.

How has it helped my organization?

Automation! One broad example is that we can now stop network threats right away and without intervention.

What needs improvement?

Forescout is constantly adding new features, so this may change as of this writing, but sometimes the switch management interface doesn't display accurate information which relates to false positives on individual switch access errors.

For how long have I used the solution?

1 year

What was my experience with deployment of the solution?

None that were Forescout related. CounterACT always opens a bunch of little IP sessions with endpoints, ake sure you have a large enough connection table on your firewall if you plan to put it behind one.

What do I think about the stability of the solution?

Minor. Had to reinstall one virtual appliance, which is painless when you have an Enterprise Manager.

What do I think about the scalability of the solution?

No, this is one of the products strengths.

How are customer service and technical support?

Customer Service:

10 out of 10. Very responsive and address concerns quickly.

Technical Support:

9 out of 10. Really fast response, high level of competency.

Which solution did I use previously and why did I switch?

I switched from Cisco NAC because it is reliant on 802.1X, and has no other function than to ensure endpoints have authenticated via your method of choice.

How was the initial setup?

Straightforward. Setup is simple with a solid, pre-defined set of policies that you build on and customize as you learn.

What about the implementation team?

In house.

What was our ROI?

Without access specific numbers, we now have the ability to instantly shut down internal malicious hosts or traffic, refuse or restrict access to non-compliant hosts, discover risks on the network we didn't know were there, and automate the remediation of a multitude of security risks. As I work for an organization that spends a lot on security administration, at a minimum, the cost savings must have already paid for the product.

Which other solutions did I evaluate?

Palo Alto

What other advice do I have?

Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP address. For example, a busy core switch can have 20+ IP addresses, and each one goes against your license count. Also, if you plan to have it behind a firewall, take into consideration your firewall's connection limitations. Although CounterACT isn't really a heavy bandwidth user, it does open a ton of short connections on a constant basis. The more you tune these down, the less accurate your real time host information becomes.

Disclosure: My company has a business relationship with this vendor other than being a customer: I currently work as a Solution Architect for ForeScout, but I wrote this review when I was a customer.
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.