Forescout Platform Reviews

Asset Discovery. 

We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. 

We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.

There are so many to list: 

• The policies and what you can do with them is amazing. 
• The ability to narrow down devices online versus offline.
• Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
• The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.

Just a few months.

In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.

It is highly scalable and easy to implement.

Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.

We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.

Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.

We implemented with Professional Services from Forescout.

Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

It might not be the cheapest solution, but you get what you pay for.

Senior management used this product before and already did a comparison of other products.

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.

Mostly, I use this solution for endpoint compliance, antivirus updates to block malicious traffic access to the internal network, and for visibility, to see who is connected to the network and the infrastructure.

I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks.

Other solutions have TACACS+, but Forescout does not. In the next release, I would like to see Forescout have accounting.

I've been working with this solution for around two years.

The scalability varies. If you have 1000 endpoints, Forescout recommends the 2000 endpoint plan. Depending on the scalability you choose, the hardware and license can be extended.

We currently have three people who use this solution, including an
IT security person, an administrator, and a technical person.

For technical support, they have ActiveCare Basic, ActiveCare Advanced, and ActiveCare Premium. Mostly, I have used ActiveCare Advanced for technical support requests, and they have responded depending on the severity and also my support plan.

With regard to initial setup, it can take a bit to customize policies. Forescout requires in-depth knowledge to customize policies to monitor endpoint visibility.

It takes around one or two hours to deploy the software and have it up and running. This includes configuration and integration with the existing network. Customization takes a long time because some departments require more customization.

I had a consultant do the deployment, and it could have been better.

You can have a flexible license depending on your environment.

If you are looking for a NAC solution and you want to integrate the existing network infrastructure without upgrades or without replacing existing devices, then you should go with Forescout. Also, if you don't want to run an agent in the endpoint, Forescout is the way to go because it does not require an agent. It is optional. If you are concerned about having to run too many agents in your endpoint and don't want to add an another agent, this solution is a good choice.

Because Forescout has flexible integration and flexible pricing, I would give it a general rating of nine out of ten.

We're a financial institution with about 30,000 users. 

Forescout has a feature that blocks the endpoint at the point of collection. It sets preconditions and will block the system if those aren't met. 

Forescout needs to improve its cloud management and remote connectivity.

We have been using Forescout since 2018.

Forescout's scalability isn't robust or straighforward enough. You need to plan ahead and purchase the correct appliance before scaling up. You will be limited if you buy a smaller plan. 

You often need in-person support, so Forescout should invest more in training its customers. Customers need to be confident that they can service the solution themselves because it's often hard to get a technician to show up on-site. 

We also use FortiClient, depending on the use case. Both solutions are good.

Deploying Forescout is complex and takes about four hours. You have to configure the devices before you can send packets. If you miss any of those devices, the application endpoint security will be compromised  In other solutions, you don't need to start the configuration before you can access the network advice. It pushes a policy based on the outcome of the process.  

The price could be reduced. During COVID, many offices switched to remote work, but you still need to pay the same cost to renew the license even though workers are connecting remotely through one VPN.

I rate Forescout Platform six out of 10.

I use Forescout Platform in the construction industry to monitor connections to our cloud for ERP and file services.

Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network.

Forescout Platform's best feature is asset management.

Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns.

I've been using Forescout Platform for about half a year.

Forescout Platform is stable.

Forescout Platform is scalable.

I previously used Portnox and ISE.

Forescout Platform is very complex to implement because it has a lot of features, and all of them need to be configured.

We used a third-party team.

Forescout Platform isn't cheap, but it's the best solution for the environment I'm dealing with. We paid between $20,000 and $25,000 for a three-year license with maintenance.

I evaluated FortiNAC, and Forescout Platform is more robust and advanced.

I'd give Forescout Platform a rating of nine out of ten.

Our primary use of the Forescout Platform is to enhance network security. It is deployed in an on-premises environment, although there is interest in exploring cloud-based solutions.

Automated policy enforcement is particularly valuable as it significantly reduces the need for manual intervention, thus enhancing efficiency and security.

Customer support could be improved by providing direct assistance from Forescout employees or specialists at customer sites to enhance the support experience and effectiveness.

The scalability also needs some enhancement.

I have been working with the Forescout Platform for two years.

Forescout Platform's stability is rated at eight out of ten.

Presently, there are twenty five engineer architect using the solution. I would rate the scalability a six out of ten. 

The customer service could be improved, specifically regarding direct support presence.

Neutral

The setup process is straightforward.

Forescout's pricing is noted for its attractiveness, with potential discounts depending on partnership levels.

The comparison with Nozomi suggests a switch due to Forescout's more appealing pricing strategy.

Overall, I would rate the solution an eight out of ten. 

Forescout Platform can be deployed on the cloud or on-premise.

When we have a large enterprise environment with a lot of users, different security policies are to be applied in certain situations and locations. This is where the Forescout Platform is used. If we have some compliance requirements to have the NAC solution in place, we prefer the Forescout Platform over other solutions.

Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me. 

Forescout Platform can be much improved. The support for certain proprietary protocols from other vendors, but they are very widely used. If I can go a little bit technical here, I would say the TechEx from Cisco, if added to Forescout, then it will be a full solution for me. Additionally, the Forescout Platform can have better integration with other solutions, such as Cisco NFG firewalls. They need to integrate seamlessly.

I have been using the Forescout Platform for four years.

The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability.

The scalability of the Forescout Platformall depends on the license. For example, if you have a certain amount of users, endpoints, and anything else you need to put under governance. If you scale out to a higher number, all you need to do is increase the license.

We have five customers and a total endpoints users of approximately 15,000.

The support from the vendor we have received was good.

The initial setup is straightforward. We had to implement the solution in a short timeframe and we managed to do it in one month as a managed service.

Forescout Platform is easy to deploy. It's the fastest NAC solution that you can deploy in a large environment. There is the opportunity to improve as you go. It can be the first deployment, and you can improve as you go without any big disturbance to the environment. It's very flexible when it comes to implementing a certain security policy. You can have very complex security policies for the Forescout Platform. It makes the deployment much easier than others.

The deployment for the Forescout Platform takes two to three engineers. However, it depends on the size of the environment. The integration or the co-operation should happen with a lot of other teams. The main deployment team for the solution is from two to three persons.

We have a very clear licensing model for business. I don't have to have a Ph.D. to be able to understand the licensing model as you might need for other solutions. If I know exactly what we want, it can tell you which license you need. The solution is easy for purchasing, ordering, and ease of deployment as well.

As a managed service provider and system integrator, we are on an annual licensing model.

I highly recommend Forescout Platform, unless, there is a need to integrate with any Cisco TechEx environment. For other use cases, it should be the first choice as a NAC solution. It should come as the first option, with one exception only, if the environment has a lot of Cisco devices. The Forescout Platform does not support authentication to Cisco devices. There is a lack of some protocols on the box itself.

I rate Forescout Platforma nine out of ten.

I use the Forescout Platform for different customers from the enterprise, banking, and telecom sectors.

The solution's implementation and operation are very easy. The solution's GUI is very user-friendly. It doesn't have a lot of components. It has only one device or a few devices connected to one management with only one agent.

The solution's customer support is bad and should be improved. When our customers try to reach or discuss with the support team, they don't even answer.

I have been using Forescout Platform for two years.

I rate Forescout Platform a seven out of ten for stability.

I rate the solution an eight or nine out of ten for scalability.

The solution’s initial setup is very easy.

Overall, I rate Forescout Platform an eight out of ten.

We use the solution for network admission control. It manages the admission of endpoints to the networks.

Firstly, I like the stability. Secondly, the ease of deployment— it's not complex. Thirdly, there's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Fourthly, good documentation is available. We have detailed information about the product.

For sales purposes, the product has limitations. It does not support the TACACS+ protocol. This creates a need for another product to work with.

I have been using this solution for the past two and a half years.

The product is stable. Once you deploy it, you don't need to touch it again.

The solution is highly scalable. I currently use it for corporate use within my company and for other clients. We have three to four engineers for deployment and maintenance tasks.

We have rarely contacted customer service and support, as the website is straightforward.

The initial setup was straightforward and not complex. The deployment process took six weeks. It's shorter than the typical six months for similar products.

The deployment process involves an initial assessment, checking the security policy against the required tasks, preparing the network for deployment, and then the deployment itself.

I recommend using the solution because it gives verified control over the environment. It has a great visibility feature. Also, it gives visibility on what's happening on the network. Proceed with the prerequisites, particularly the initial assessment. It has to be conducted properly. Otherwise, the solution might not follow a straightforward path.

The first step is the initial assessment, followed by the second step of collecting clear requirements. Clarity in requirements is crucial because the solution can be directed in any direction you tell it to go. Therefore, you need to know exactly what you need to do. Overall, I rate the product a nine out of ten.