It enhances cybersecurity by allowing us to monitor and manage all connected devices on our network.
Chief Executive Officer at Grand Ortus Solutions Pvt Ltd
Comprehensive and advanced cybersecurity excels in providing device visibility and control, robust integration capabilities
Pros and Cons
- "The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches."
- "Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions."
What is our primary use case?
What is most valuable?
The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches. In addition to its comprehensive feature set, it focuses on AAA for enhanced security and network control.
What needs improvement?
Incorporating additional features such as NetFlow DLP, would serve as valuable add-ons. Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions.
For how long have I used the solution?
I have been working with it for seven months.
Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would rate its stability capabilities nine out of ten.
What do I think about the scalability of the solution?
Scaling it poses no challenges or obstacles. I would rate it nine out of ten.
What about the implementation team?
The deployment time varies based on the customer's network and its complexity. It could range from as little as five to seven days to one or two months, depending on factors such as the number of switches involved. I oversee a maintenance team comprising over 35 skilled individuals dedicated to network and security solutions. Our technical staff is well-rounded, with three experts specializing in Mac solutions, while others are adept in various network features such as routing and firewall management.
What's my experience with pricing, setup cost, and licensing?
The pricing structure should be enhanced.
What other advice do I have?
Overall, I would rate it nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
Senior Security Engineer at a healthcare company with 10,001+ employees
Identifying potentially unwanted devices on the network has saved the organization time and money
Pros and Cons
- "Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy."
- "When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."
What is our primary use case?
Asset Discovery.
We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset.
We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.
How has it helped my organization?
We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.
What is most valuable?
There are so many to list:
- The policies and what you can do with them is amazing.
- The ability to narrow down devices online versus offline.
- Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed.
- The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.
What needs improvement?
When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.
For how long have I used the solution?
Just a few months.
What do I think about the stability of the solution?
In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.
What do I think about the scalability of the solution?
It is highly scalable and easy to implement.
How are customer service and technical support?
Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.
Which solution did I use previously and why did I switch?
We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.
How was the initial setup?
Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.
What about the implementation team?
We implemented with Professional Services from Forescout.
What was our ROI?
Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.
What's my experience with pricing, setup cost, and licensing?
It might not be the cheapest solution, but you get what you pay for.
Which other solutions did I evaluate?
Senior management used this product before and already did a comparison of other products.
What other advice do I have?
The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Senior Cyber Security Engineer at Beta Information Technology
The solution has easy implementation and operation, along with a user-friendly GUI
Pros and Cons
- "The solution's implementation and operation are very easy."
- "The solution's customer support is bad and should be improved."
What is our primary use case?
I use the Forescout Platform for different customers from the enterprise, banking, and telecom sectors.
What is most valuable?
The solution's implementation and operation are very easy. The solution's GUI is very user-friendly. It doesn't have a lot of components. It has only one device or a few devices connected to one management with only one agent.
What needs improvement?
The solution's customer support is bad and should be improved. When our customers try to reach or discuss with the support team, they don't even answer.
For how long have I used the solution?
I have been using Forescout Platform for two years.
What do I think about the stability of the solution?
I rate Forescout Platform a seven out of ten for stability.
What do I think about the scalability of the solution?
I rate the solution an eight or nine out of ten for scalability.
How was the initial setup?
The solution’s initial setup is very easy.
What other advice do I have?
Overall, I rate Forescout Platform an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Specialist Network Services - Security Engineering at Novartis Pharmaceuticals
Great plug-in integration but tech support needs improvement
Pros and Cons
- "Forescout Platform's best feature is plug-in integration."
- "Forescout Platform's technical support is slow to respond and could be more knowledgeable."
What is our primary use case?
I primarily use Forescout Platform for its wireless functionality, predictive functionality, and NetFlow feature.
What is most valuable?
Forescout Platform's best feature is plug-in integration.
What needs improvement?
Forescout Platform's technical support needs to be improved - it could be faster, and its team could be more knowledgeable.
For how long have I used the solution?
I've been using Forescout Platform for five or six years.
What do I think about the stability of the solution?
There are some problems with Forescout Platform's stability, but compared to its competitors, it performs well.
What do I think about the scalability of the solution?
There are no problems with Forescout Platform's scalability.
How are customer service and support?
Forescout Platform's technical support is slow to respond and could be more knowledgeable.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
Forescout Platform is on the expensive side.
What other advice do I have?
I would recommend Forescout Platform for smaller businesses but not for large ones. I would give Forescout Platform a rating of seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director, International IT Infrastructure Support & Information Security at a manufacturing company with 1,001-5,000 employees
Beneficial viability, easy to manage, and highly scalable
Pros and Cons
- "The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain."
- "Forescout Platform could improve the costs of integrations."
What is our primary use case?
I had to gain visibility across my network and be able to block any unknown device connected to my network and this is what I use Forescout Platform for.
What is most valuable?
The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain.
What needs improvement?
Forescout Platform could improve the costs of integrations.
For how long have I used the solution?
I have been using the Forescout Platform for one year.
What do I think about the stability of the solution?
The stability of the Forescout Platform is good.
What do I think about the scalability of the solution?
Forescout Platform can scale very easily. You can deploy as many servers as you want, and it's highly scalable. There is console to manage all the Forescout servers which make for easy scalability.
Forescout Platform is used by only the network and security administrators. There is a total of 10 people using it.
How was the initial setup?
Forescout Platform is very simple to deploy. We did the deployment within a few hours, and I gained visibility at the end of the day. I had visibility across my whole network.
What about the implementation team?
Forescout Platform does not require a lot of maintenance. It is a low-maintenance platform.
What's my experience with pricing, setup cost, and licensing?
We need to pay for integration for each integration that we want to do and there is an additional license fee. This adds more costs. It is not something that anyone can afford. If you want to integrate this with a lot of other tools, it can be costly.
The initial cost of the Forescout Platform was $200,000 for three years. There are only additional costs for upgrades.
What other advice do I have?
My advice to others is to use the Forescout professional services. They are offering a fixed price to deploy the solution, and it's major pain relief as you are talking with experts committed to achieving your objectives.
I rate Forescout Platform a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Network Engineer at a government with 5,001-10,000 employees
Provides good network visibility, allowing us to detect and remove unknown threats
Pros and Cons
- "You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as."
- "The reporting feature needs improvement."
What is our primary use case?
We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.
Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.
Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.
How has it helped my organization?
With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.
We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.
Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.
What is most valuable?
I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.
You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.
Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.
What needs improvement?
The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.
Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.
For how long have I used the solution?
We have been using the Forescout Platform for about a year.
What do I think about the stability of the solution?
We have had no problems with stability.
What do I think about the scalability of the solution?
It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.
How are customer service and technical support?
Technical support is generally very good.
Which solution did I use previously and why did I switch?
This is our first NAC product.
How was the initial setup?
The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire.
What about the implementation team?
We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.
What was our ROI?
I cannot speak to ROI.
What's my experience with pricing, setup cost, and licensing?
Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.
Which other solutions did I evaluate?
We looked at Clearpass and ISE.
What other advice do I have?
It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product.
Importantly, the vast capabilities make it worthwhile.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager Network Design at MEEZA, Managed IT Services Provider
Easy deployment, good support, and highly scalable
Pros and Cons
- "The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."
- "Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me."
What is our primary use case?
Forescout Platform can be deployed on the cloud or on-premise.
When we have a large enterprise environment with a lot of users, different security policies are to be applied in certain situations and locations. This is where the Forescout Platform is used. If we have some compliance requirements to have the NAC solution in place, we prefer the Forescout Platform over other solutions.
What needs improvement?
Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me.
Forescout Platform can be much improved. The support for certain proprietary protocols from other vendors, but they are very widely used. If I can go a little bit technical here, I would say the TechEx from Cisco, if added to Forescout, then it will be a full solution for me. Additionally, the Forescout Platform can have better integration with other solutions, such as Cisco NFG firewalls. They need to integrate seamlessly.
For how long have I used the solution?
I have been using the Forescout Platform for four years.
What do I think about the stability of the solution?
The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability.
What do I think about the scalability of the solution?
The scalability of the Forescout Platformall depends on the license. For example, if you have a certain amount of users, endpoints, and anything else you need to put under governance. If you scale out to a higher number, all you need to do is increase the license.
We have five customers and a total endpoints users of approximately 15,000.
How are customer service and support?
The support from the vendor we have received was good.
How was the initial setup?
The initial setup is straightforward. We had to implement the solution in a short timeframe and we managed to do it in one month as a managed service.
Forescout Platform is easy to deploy. It's the fastest NAC solution that you can deploy in a large environment. There is the opportunity to improve as you go. It can be the first deployment, and you can improve as you go without any big disturbance to the environment. It's very flexible when it comes to implementing a certain security policy. You can have very complex security policies for the Forescout Platform. It makes the deployment much easier than others.
What about the implementation team?
The deployment for the Forescout Platform takes two to three engineers. However, it depends on the size of the environment. The integration or the co-operation should happen with a lot of other teams. The main deployment team for the solution is from two to three persons.
What's my experience with pricing, setup cost, and licensing?
We have a very clear licensing model for business. I don't have to have a Ph.D. to be able to understand the licensing model as you might need for other solutions. If I know exactly what we want, it can tell you which license you need. The solution is easy for purchasing, ordering, and ease of deployment as well.
As a managed service provider and system integrator, we are on an annual licensing model.
What other advice do I have?
I highly recommend Forescout Platform, unless, there is a need to integrate with any Cisco TechEx environment. For other use cases, it should be the first choice as a NAC solution. It should come as the first option, with one exception only, if the environment has a lot of Cisco devices. The Forescout Platform does not support authentication to Cisco devices. There is a lack of some protocols on the box itself.
I rate Forescout Platforma nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
DVP at a financial services firm with 10,001+ employees
Simple to set up, easy to integrate, and very reliable
Pros and Cons
- "Forescout is easy to integrate with a lot of end systems."
- "The cost is too high."
What is our primary use case?
This solution ensures that every endpoint is compliant.
What is most valuable?
Forescout is easy to integrate with a lot of end systems.
It is very simple to set up.
We can scale the product.
It's stable.
Pre-sales is very helpful.
What needs improvement?
The cost is too high. We are looking at some other solution where costs might be lower.
For how long have I used the solution?
I've been using the solution for two to three months now. I've just joined the company.
What do I think about the stability of the solution?
The solution is stable. It is reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability a five out of five. We have not had any issues aside from a configuration that was not done right.
What do I think about the scalability of the solution?
While I haven't personally attempted to scale, it is my understanding that we are adding licenses and expanding it. Therefore, in all likelihood, it can scale.
We have 800 users in total. All departments use it.
How are customer service and support?
While I have spoken to pre-sales and found them helpful, I've never really dealt with technical support.
Which solution did I use previously and why did I switch?
In other organizations, I've used Nevis and Cisco ISE.
Nevis is not very good as far as scalability is concerned. ISE is good. There are no issues with that. Forescout also should be good. There should not be any issues, and I do not expect any challenges.
How was the initial setup?
The solution is straightforward to set up. It is not complex at all.
We're currently working with a third party that is auditing the implementation process. I also need some help from Forescout to validate how the implementation is currently done here.
What about the implementation team?
I wasn't part of the initial setup. However, my understanding is there was a third party involved. We just brought in a new third party, in fact. We're in the audit phase and working out some parameters. We're working to improve the integration aspect.
What was our ROI?
Since the costs continually go up with each new endpoint, we don't really see an ROI. However, we do see value in the product.
What's my experience with pricing, setup cost, and licensing?
The solution is very expensive.
The price is based on the number of endpoints and is an annual cost. For one license, we pay around 3,000 Indian rupees.
If you keep adding endpoints, the price keeps going up. Even if one user has three endpoints, you are paying for each endpoint, not per user.
What other advice do I have?
We are customers.
I'm not sure of the version we are using.
I'd rate the solution nine out of ten. It's just a bit too expensive. Still, I would recommend it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Network Access Control (NAC) IoT Security Endpoint Compliance Extended Detection and Response (XDR)Popular Comparisons
Microsoft Intune
CrowdStrike Falcon
Cisco Umbrella
SentinelOne Singularity Complete
Microsoft Defender for Cloud
Cisco Identity Services Engine (ISE)
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Qualys VMDR
Aruba ClearPass
Trend Vision One Endpoint Security
Trellix Endpoint Security
Tenable Security Center
Rapid7 InsightVM
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- PRICING FOR FORESCOUT CT10K APPLIANCE
- ForeScout vs. Cisco ISE
- What are the main differences between Cisco ISE and Forescout Platform?
- Comparison of Aruba Clearpass, Bradford Networks and Forescout NACs
- How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
- PRICING FOR FORESCOUT CT10K APPLIANCE
- When evaluating Network Access Control, what aspect do you think is the most important to look for?
- Which is the best choice of Zero Trust Network Access (ZTNA)?
- What is your recommended Network Access Control (NAC) solution for an enterprise?
- Cisco ISE (Identity Services Engine) vs Fortinet FortiNAC: which solution is better and why?