Try our new research platform with insights from 80,000+ expert users
SecEng3904 - PeerSpot reviewer
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
Identifying potentially unwanted devices on the network has saved the organization time and money
Pros and Cons
  • "Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy."
  • "When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."

What is our primary use case?

Asset Discovery. 

We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. 

We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

How has it helped my organization?

We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.

What is most valuable?

There are so many to list: 

  • The policies and what you can do with them is amazing. 
  • The ability to narrow down devices online versus offline.
  • Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
  • The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

What needs improvement?

When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.

Buyer's Guide
Forescout Platform
April 2025
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

For how long have I used the solution?

Just a few months.

What do I think about the stability of the solution?

In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.

What do I think about the scalability of the solution?

It is highly scalable and easy to implement.

How are customer service and support?

Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.

Which solution did I use previously and why did I switch?

We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.

How was the initial setup?

Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.

What about the implementation team?

We implemented with Professional Services from Forescout.

What was our ROI?

Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

What's my experience with pricing, setup cost, and licensing?

It might not be the cheapest solution, but you get what you pay for.

Which other solutions did I evaluate?

Senior management used this product before and already did a comparison of other products.

What other advice do I have?

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
KimeangSuon - PeerSpot reviewer
Pre-Sale Consultant at Yip In Tsoi Co., LTD.
Real User
Does not require upgrades to existing networks and integrates with products from multiple vendors
Pros and Cons
  • "I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks."
  • "Other solutions have TACACS+, but Forescout does not. In the next release, I would like to see Forescout have accounting."

What is our primary use case?

Mostly, I use this solution for endpoint compliance, antivirus updates to block malicious traffic access to the internal network, and for visibility, to see who is connected to the network and the infrastructure.

What is most valuable?

I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks.

What needs improvement?

Other solutions have TACACS+, but Forescout does not. In the next release, I would like to see Forescout have accounting.

For how long have I used the solution?

I've been working with this solution for around two years.

What do I think about the scalability of the solution?

The scalability varies. If you have 1000 endpoints, Forescout recommends the 2000 endpoint plan. Depending on the scalability you choose, the hardware and license can be extended.

We currently have three people who use this solution, including an
IT security person, an administrator, and a technical person.

How are customer service and support?

For technical support, they have ActiveCare Basic, ActiveCare Advanced, and ActiveCare Premium. Mostly, I have used ActiveCare Advanced for technical support requests, and they have responded depending on the severity and also my support plan.

How was the initial setup?

With regard to initial setup, it can take a bit to customize policies. Forescout requires in-depth knowledge to customize policies to monitor endpoint visibility.

It takes around one or two hours to deploy the software and have it up and running. This includes configuration and integration with the existing network. Customization takes a long time because some departments require more customization.

What about the implementation team?

I had a consultant do the deployment, and it could have been better.

What's my experience with pricing, setup cost, and licensing?

You can have a flexible license depending on your environment.

What other advice do I have?

If you are looking for a NAC solution and you want to integrate the existing network infrastructure without upgrades or without replacing existing devices, then you should go with Forescout. Also, if you don't want to run an agent in the endpoint, Forescout is the way to go because it does not require an agent. It is optional. If you are concerned about having to run too many agents in your endpoint and don't want to add an another agent, this solution is a good choice.

Because Forescout has flexible integration and flexible pricing, I would give it a general rating of nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Forescout Platform
April 2025
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
ILAN-YACOBY - PeerSpot reviewer
Chief Information Officer at Amarel Ltd.
Real User
Robust solution with great asset management
Pros and Cons
  • "Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network."
  • "Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns."

What is our primary use case?

I use Forescout Platform in the construction industry to monitor connections to our cloud for ERP and file services.

How has it helped my organization?

Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network.

What is most valuable?

Forescout Platform's best feature is asset management.

What needs improvement?

Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns.

For how long have I used the solution?

I've been using Forescout Platform for about half a year.

What do I think about the stability of the solution?

Forescout Platform is stable.

What do I think about the scalability of the solution?

Forescout Platform is scalable.

Which solution did I use previously and why did I switch?

I previously used Portnox and ISE.

How was the initial setup?

Forescout Platform is very complex to implement because it has a lot of features, and all of them need to be configured.

What about the implementation team?

We used a third-party team.

What's my experience with pricing, setup cost, and licensing?

Forescout Platform isn't cheap, but it's the best solution for the environment I'm dealing with. We paid between $20,000 and $25,000 for a three-year license with maintenance.

Which other solutions did I evaluate?

I evaluated FortiNAC, and Forescout Platform is more robust and advanced.

What other advice do I have?

I'd give Forescout Platform a rating of nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Massimiliano La Camera - PeerSpot reviewer
Business Development Account Manager at Xenia Network Solutions
Real User
Top 5Leaderboard
Primarily enhances network security through automated policy enforcement
Pros and Cons
  • "Automated policy enforcement is particularly valuable as it significantly reduces the need for manual intervention, thus enhancing efficiency and security."
  • "Customer support could be improved by providing direct assistance from Forescout employees or specialists at customer sites to enhance the support experience and effectiveness."

What is our primary use case?

Our primary use of the Forescout Platform is to enhance network security. It is deployed in an on-premises environment, although there is interest in exploring cloud-based solutions.

What is most valuable?

Automated policy enforcement is particularly valuable as it significantly reduces the need for manual intervention, thus enhancing efficiency and security.

What needs improvement?

Customer support could be improved by providing direct assistance from Forescout employees or specialists at customer sites to enhance the support experience and effectiveness.

The scalability also needs some enhancement.

For how long have I used the solution?

I have been working with the Forescout Platform for two years.

What do I think about the stability of the solution?

Forescout Platform's stability is rated at eight out of ten.

What do I think about the scalability of the solution?

Presently, there are twenty five engineer architect using the solution. I would rate the scalability a six out of ten. 

How are customer service and support?

The customer service could be improved, specifically regarding direct support presence.

How would you rate customer service and support?

Neutral

How was the initial setup?

The setup process is straightforward.

What's my experience with pricing, setup cost, and licensing?

Forescout's pricing is noted for its attractiveness, with potential discounts depending on partnership levels.

Which other solutions did I evaluate?

The comparison with Nozomi suggests a switch due to Forescout's more appealing pricing strategy.

What other advice do I have?

Overall, I would rate the solution an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Senior Manager Network Design at MEEZA, Managed IT Services Provider
Real User
Top 5Leaderboard
Effortlessly deployable with amazing technical support
Pros and Cons
  • "Ease of deployment There's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Good documentation is available. The product is stable. The solution is highly scalable. I recommend using the solution because it gives verified control over the environment. It has a great visibility feature."
  • "It does not support the TACACS+ protocol."

What is our primary use case?

We use the solution for network admission control. It manages the admission of endpoints to the networks.

What is most valuable?

Firstly, I like the stability. Secondly, the ease of deployment— it's not complex. Thirdly, there's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Fourthly, good documentation is available. We have detailed information about the product.

What needs improvement?

For sales purposes, the product has limitations. It does not support the TACACS+ protocol. This creates a need for another product to work with.

For how long have I used the solution?

I have been using this solution for the past two and a half years.

What do I think about the stability of the solution?

The product is stable. Once you deploy it, you don't need to touch it again.

What do I think about the scalability of the solution?

The solution is highly scalable. I currently use it for corporate use within my company and for other clients. We have three to four engineers for deployment and maintenance tasks.

How are customer service and support?

We have rarely contacted customer service and support, as the website is straightforward.

How was the initial setup?

The initial setup was straightforward and not complex. The deployment process took six weeks. It's shorter than the typical six months for similar products.

The deployment process involves an initial assessment, checking the security policy against the required tasks, preparing the network for deployment, and then the deployment itself.

What other advice do I have?

I recommend using the solution because it gives verified control over the environment. It has a great visibility feature. Also, it gives visibility on what's happening on the network. Proceed with the prerequisites, particularly the initial assessment. It has to be conducted properly. Otherwise, the solution might not follow a straightforward path.

The first step is the initial assessment, followed by the second step of collecting clear requirements. Clarity in requirements is crucial because the solution can be directed in any direction you tell it to go. Therefore, you need to know exactly what you need to do. Overall, I rate the product a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1911570 - PeerSpot reviewer
Director, International IT Infrastructure Support & Information Security at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
Beneficial viability, easy to manage, and highly scalable
Pros and Cons
  • "The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain."
  • "Forescout Platform could improve the costs of integrations."

What is our primary use case?

I had to gain visibility across my network and be able to block any unknown device connected to my network and this is what I use Forescout Platform for.

What is most valuable?

The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain.

What needs improvement?

Forescout Platform could improve the costs of integrations.

For how long have I used the solution?

I have been using the Forescout Platform for one year.

What do I think about the stability of the solution?

The stability of the Forescout Platform is good.

What do I think about the scalability of the solution?

Forescout Platform can scale very easily. You can deploy as many servers as you want, and it's highly scalable. There is console to manage all the Forescout servers which make for easy scalability. 

Forescout Platform is used by only the network and security administrators. There is a total of 10 people using it.

How was the initial setup?

Forescout Platform is very simple to deploy. We did the deployment within a few hours, and I gained visibility at the end of the day. I had visibility across my whole network.

What about the implementation team?

Forescout Platform does not require a lot of maintenance. It is a low-maintenance platform.

What's my experience with pricing, setup cost, and licensing?

We need to pay for integration for each integration that we want to do and there is an additional license fee. This adds more costs. It is not something that anyone can afford. If you want to integrate this with a lot of other tools, it can be costly.

The initial cost of the Forescout Platform was $200,000 for three years. There are only additional costs for upgrades.

What other advice do I have?

My advice to others is to use the Forescout professional services. They are offering a fixed price to deploy the solution, and it's major pain relief as you are talking with experts committed to achieving your objectives.

I rate Forescout Platform a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
DevanshuSaraswat - PeerSpot reviewer
Associate Consultant at Tata Consultancy Services
Reseller
Great orchestration and discovery capabilities
Pros and Cons
  • "The best parts of Forescout Platform are its orchestration features, discovery capabilities, classification buckets, and flexibility in creating policies."
  • "Forescout Platform sometimes returns false positives, so there's some fine-tuning to be done there."

How has it helped my organization?

Forescout Platform allows actions to be automated, which reduces the response time to any suspicious or malicious activity.

What is most valuable?

The best parts of Forescout Platform are its orchestration features, discovery capabilities, classification buckets, and flexibility in creating policies.

What needs improvement?

Forescout Platform sometimes returns false positives, so there's some fine-tuning to be done there. There are also some limitations with the Mac and Linux versions - the company claims they're agentless, but they're actually agent-based. In addition, there are a few actions that don't work in conjunction when we apply multiple actions, such as wanting to send a notification and isolate a device. In the next release, I would want to see better compatibility and visibility on the cloud front, and the system needs to keep up with upcoming technologies and trends.

For how long have I used the solution?

I've been working with Forescout Platform for four years.

What do I think about the stability of the solution?

Forescout Platform is stable.

What do I think about the scalability of the solution?

Forescout Platform is scalable.

How was the initial setup?

The initial setup was very simple.

What's my experience with pricing, setup cost, and licensing?

I would rate Forescout Platform's pricing as four out of five.

What other advice do I have?

I would give Forescout Platform a rating of eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
PeerSpot user
Network Access Control Security at a government with 10,001+ employees
Real User
Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP

What is most valuable?

Endpoint visibility, policy flexibility, compatibility and integration with other products.

How has it helped my organization?

Automation! One broad example is that we can now stop network threats right away and without intervention.

What needs improvement?

Forescout is constantly adding new features, so this may change as of this writing, but sometimes the switch management interface doesn't display accurate information which relates to false positives on individual switch access errors.

For how long have I used the solution?

1 year

What was my experience with deployment of the solution?

None that were Forescout related. CounterACT always opens a bunch of little IP sessions with endpoints, ake sure you have a large enough connection table on your firewall if you plan to put it behind one.

What do I think about the stability of the solution?

Minor. Had to reinstall one virtual appliance, which is painless when you have an Enterprise Manager.

What do I think about the scalability of the solution?

No, this is one of the products strengths.

How are customer service and technical support?

Customer Service:

10 out of 10. Very responsive and address concerns quickly.

Technical Support:

9 out of 10. Really fast response, high level of competency.

Which solution did I use previously and why did I switch?

I switched from Cisco NAC because it is reliant on 802.1X, and has no other function than to ensure endpoints have authenticated via your method of choice.

How was the initial setup?

Straightforward. Setup is simple with a solid, pre-defined set of policies that you build on and customize as you learn.

What about the implementation team?

In house.

What was our ROI?

Without access specific numbers, we now have the ability to instantly shut down internal malicious hosts or traffic, refuse or restrict access to non-compliant hosts, discover risks on the network we didn't know were there, and automate the remediation of a multitude of security risks. As I work for an organization that spends a lot on security administration, at a minimum, the cost savings must have already paid for the product.

Which other solutions did I evaluate?

Palo Alto

What other advice do I have?

Make sure to plan for all endpoints. If you want full coverage of your networks, account for anything that has an IP address. For example, a busy core switch can have 20+ IP addresses, and each one goes against your license count. Also, if you plan to have it behind a firewall, take into consideration your firewall's connection limitations. Although CounterACT isn't really a heavy bandwidth user, it does open a ton of short connections on a constant basis. The more you tune these down, the less accurate your real time host information becomes.

Disclosure: My company has a business relationship with this vendor other than being a customer: I currently work as a Solution Architect for ForeScout, but I wrote this review when I was a customer.
PeerSpot user
it_user203397 - PeerSpot reviewer
it_user203397Technical Support Manager at a financial services firm
Vendor

Technology improved network security via access layer L2.

Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.