Forescout Platform Reviews

It enhances cybersecurity by allowing us to monitor and manage all connected devices on our network.

The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches. In addition to its comprehensive feature set, it focuses on AAA for enhanced security and network control.

Incorporating additional features such as NetFlow DLP, would serve as valuable add-ons. Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions.

I have been working with it for seven months.

I would rate its stability capabilities nine out of ten.

Scaling it poses no challenges or obstacles. I would rate it nine out of ten.

The deployment time varies based on the customer's network and its complexity. It could range from as little as five to seven days to one or two months, depending on factors such as the number of switches involved. I oversee a maintenance team comprising over 35 skilled individuals dedicated to network and security solutions. Our technical staff is well-rounded, with three experts specializing in Mac solutions, while others are adept in various network features such as routing and firewall management.

The pricing structure should be enhanced.

Overall, I would rate it nine out of ten.

Asset Discovery. 

We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. 

We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.

There are so many to list: 

• The policies and what you can do with them is amazing. 
• The ability to narrow down devices online versus offline.
• Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
• The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.

Just a few months.

In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.

It is highly scalable and easy to implement.

Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.

We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.

Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.

We implemented with Professional Services from Forescout.

Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

It might not be the cheapest solution, but you get what you pay for.

Senior management used this product before and already did a comparison of other products.

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.

I use the Forescout Platform for different customers from the enterprise, banking, and telecom sectors.

The solution's implementation and operation are very easy. The solution's GUI is very user-friendly. It doesn't have a lot of components. It has only one device or a few devices connected to one management with only one agent.

The solution's customer support is bad and should be improved. When our customers try to reach or discuss with the support team, they don't even answer.

I have been using Forescout Platform for two years.

I rate Forescout Platform a seven out of ten for stability.

I rate the solution an eight or nine out of ten for scalability.

The solution’s initial setup is very easy.

Overall, I rate Forescout Platform an eight out of ten.

I primarily use Forescout Platform for its wireless functionality, predictive functionality, and NetFlow feature.

Forescout Platform's best feature is plug-in integration.

Forescout Platform's technical support needs to be improved - it could be faster, and its team could be more knowledgeable.

I've been using Forescout Platform for five or six years.

There are some problems with Forescout Platform's stability, but compared to its competitors, it performs well.

There are no problems with Forescout Platform's scalability.

Forescout Platform's technical support is slow to respond and could be more knowledgeable.

Neutral

The initial setup was straightforward.

Forescout Platform is on the expensive side.

I would recommend Forescout Platform for smaller businesses but not for large ones. I would give Forescout Platform a rating of seven out of ten.

I had to gain visibility across my network and be able to block any unknown device connected to my network and this is what I use Forescout Platform for.

The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain.

Forescout Platform could improve the costs of integrations.

I have been using the Forescout Platform for one year.

The stability of the Forescout Platform is good.

Forescout Platform can scale very easily. You can deploy as many servers as you want, and it's highly scalable. There is console to manage all the Forescout servers which make for easy scalability. 

Forescout Platform is used by only the network and security administrators. There is a total of 10 people using it.

Forescout Platform is very simple to deploy. We did the deployment within a few hours, and I gained visibility at the end of the day. I had visibility across my whole network.

Forescout Platform does not require a lot of maintenance. It is a low-maintenance platform.

We need to pay for integration for each integration that we want to do and there is an additional license fee. This adds more costs. It is not something that anyone can afford. If you want to integrate this with a lot of other tools, it can be costly.

The initial cost of the Forescout Platform was $200,000 for three years. There are only additional costs for upgrades.

My advice to others is to use the Forescout professional services. They are offering a fixed price to deploy the solution, and it's major pain relief as you are talking with experts committed to achieving your objectives.

I rate Forescout Platform a ten out of ten.

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.

Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.

Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.

We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.

Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.

Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.  

We have been using the Forescout Platform for about a year.

We have had no problems with stability.

It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.

Technical support is generally very good.

This is our first NAC product.

The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire. 

We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.

I cannot speak to ROI.

Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.

We looked at Clearpass and ISE.

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. 

Importantly, the vast capabilities make it worthwhile. 

Forescout Platform can be deployed on the cloud or on-premise.

When we have a large enterprise environment with a lot of users, different security policies are to be applied in certain situations and locations. This is where the Forescout Platform is used. If we have some compliance requirements to have the NAC solution in place, we prefer the Forescout Platform over other solutions.

Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me. 

Forescout Platform can be much improved. The support for certain proprietary protocols from other vendors, but they are very widely used. If I can go a little bit technical here, I would say the TechEx from Cisco, if added to Forescout, then it will be a full solution for me. Additionally, the Forescout Platform can have better integration with other solutions, such as Cisco NFG firewalls. They need to integrate seamlessly.

I have been using the Forescout Platform for four years.

The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability.

The scalability of the Forescout Platformall depends on the license. For example, if you have a certain amount of users, endpoints, and anything else you need to put under governance. If you scale out to a higher number, all you need to do is increase the license.

We have five customers and a total endpoints users of approximately 15,000.

The support from the vendor we have received was good.

The initial setup is straightforward. We had to implement the solution in a short timeframe and we managed to do it in one month as a managed service.

Forescout Platform is easy to deploy. It's the fastest NAC solution that you can deploy in a large environment. There is the opportunity to improve as you go. It can be the first deployment, and you can improve as you go without any big disturbance to the environment. It's very flexible when it comes to implementing a certain security policy. You can have very complex security policies for the Forescout Platform. It makes the deployment much easier than others.

The deployment for the Forescout Platform takes two to three engineers. However, it depends on the size of the environment. The integration or the co-operation should happen with a lot of other teams. The main deployment team for the solution is from two to three persons.

We have a very clear licensing model for business. I don't have to have a Ph.D. to be able to understand the licensing model as you might need for other solutions. If I know exactly what we want, it can tell you which license you need. The solution is easy for purchasing, ordering, and ease of deployment as well.

As a managed service provider and system integrator, we are on an annual licensing model.

I highly recommend Forescout Platform, unless, there is a need to integrate with any Cisco TechEx environment. For other use cases, it should be the first choice as a NAC solution. It should come as the first option, with one exception only, if the environment has a lot of Cisco devices. The Forescout Platform does not support authentication to Cisco devices. There is a lack of some protocols on the box itself.

I rate Forescout Platforma nine out of ten.

This solution ensures that every endpoint is compliant.

Forescout is easy to integrate with a lot of end systems.

It is very simple to set up.

We can scale the product.

It's stable.

Pre-sales is very helpful. 

The cost is too high. We are looking at some other solution where costs might be lower.

I've been using the solution for two to three months now. I've just joined the company.

The solution is stable. It is reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability a five out of five. We have not had any issues aside from a configuration that was not done right.

While I haven't personally attempted to scale, it is my understanding that we are adding licenses and expanding it. Therefore, in all likelihood, it can scale. 

We have 800 users in total. All departments use it.

While I have spoken to pre-sales and found them helpful, I've never really dealt with technical support.

In other organizations, I've used Nevis and Cisco ISE.

Nevis is not very good as far as scalability is concerned. ISE is good. There are no issues with that. Forescout also should be good. There should not be any issues, and I do not expect any challenges.

The solution is straightforward to set up. It is not complex at all. 

We're currently working with a third party that is auditing the implementation process. I also need some help from Forescout to validate how the implementation is currently done here.

I wasn't part of the initial setup. However, my understanding is there was a third party involved. We just brought in a new third party, in fact. We're in the audit phase and working out some parameters. We're working to improve the integration aspect.

Since the costs continually go up with each new endpoint, we don't really see an ROI. However, we do see value in the product.

The solution is very expensive. 

The price is based on the number of endpoints and is an annual cost. For one license, we pay around 3,000 Indian rupees.

If you keep adding endpoints, the price keeps going up. Even if one user has three endpoints, you are paying for each endpoint, not per user. 

We are customers. 

I'm not sure of the version we are using. 

I'd rate the solution nine out of ten. It's just a bit too expensive. Still, I would recommend it.