Please share with the community what you think needs improvement with Forescout Platform.
What are its weaknesses? What would you like to see changed in a future version?
I would advise Forescout through their research and development to look for features that they can add. Also, based on the what other competition may be selling, if they find any useful feature, they should add those to their product.
When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.
The product could be improved in different ways: * The speed of identification * More guest management features (i.e. extending time frames) * Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.
Better reporting and analysis of access (based on client) would be helpful. Also, a tool that allows tracing a user through the rules to authentication. More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated.
It could be better, they could work on the wide-area network and easier because it's a bit clumsy at the moment when we go on to a remote site. It works well in the head office but we've had challenges trying to install it across other sites. So pricing and support for branch offices. The interface is okay for the local office, but it's hard to get visibility from remote branches.
The solution could always improve by adding more features to make it more robust.
The biggest disadvantage is the pricing. I can see that the product has value. I see that the product is really good. I think that the pro is it's really stable, but price-wise, I think it's bad. But you have to pay for quality. But the pricing can be a little bit improved in my point of view. It will be harder to choose if we start comparing features and prices and when we made the initial choice. Our choice was based mainly on features. There was no price comparison involved. I think that it is not in the same landscape. The landscape has changed and there are a lot of contenders in this field. The price scale could be improved.
There's always room for improvement for the solution. Off the top of my head, I really can't determine anything that is lacking right now. Basically there is no room for improvement that I can describe. The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup.
The ability to block external devices in Mac is lacking and needs to be added.
For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.
We experienced some detection issues when checking compliance for the Sophos agent.
They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment. The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it.
* Battled with the use of SNMP v1 instead of v2c * Direct web interface rather than installation of a client.
Multitenancy should be included in the next version so it could be used as a managed service provider.
* JAVA Memory management - leaving the app running for multiple days requires relaunch * Search - needs boolean functionality (or psudeau operand now working)