Forescout Platform Reviews

My company is in the financial services industry. The primary use case is Network Access Control and control endpoint access to network. The environment is used to process sensitive data. We want to ensure that rogue devices and unauthorized devices are unable to join the network. This will reduce our exposure to attacks.

It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation. 

It has provided visibility into the workings of our routers and switches. We also extended this capability to our branch offices through a WAN connection.

Access control: Being able to set policies that determine how devices join our network and how they are expected to behave while on the network. The fact that we are able to access the hygiene of our endpoint and monitor it continuously makes it fit for purpose.

I would advise Forescout through their research and development to look for features that they can add. Also, based on the what other competition may be selling, if they find any useful feature, they should add those to their product.

The last three months.

It is stable and reliable.

It is a good product that is fit for purpose.

Fantastic

No.

The initial setup is a bit complex.

Not applicable.

The setup cost, pricing, and licensing are on the high side.

No. I heard of Forescout, then went ahead and bought it.

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.

The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.

The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.

We have used ForeScout since summer of 2012.

Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.

Stability has been like a rock, and it is a product that just seems to work.

We have had no issues with scaling it for our needs.

We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.

We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.

The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.

Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.

We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.

ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

We've had no issues with deploying it.

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices.

Forescout Platform could improve the vulnerability management as well as the control on the endpoint, which needs to be connected to my network.

In an upcoming release, they should add security features, such as malware and threat protection.

I have been using the Forescout Platform for approximately six years.

Forescout Platform was not a stable solution in 2015, but over the year it has become more and more stable. At this point in time, it is a stable solution.

The Forescout Platform is scalable.

The support from the Forescout Platform is great.

I rate the support from Forescout Platform a nine out of ten.

Positive

The price of the Forescout Platform is expensive. I purchased it for approximately 94 lakhs.

I rate Forescout Platform a nine out of ten.

Our primary use case of this solution was to control which of our devices were connected to the network. I'm a senior architect advisor. We were customers of Forescout. 

As a result of using Forescout, we had a better overview of all the devices, known and unknown, that were connected to our network; it was a real advantage.

A very valuable feature is the discovery mode. It covers all types of devices on the network, which we didn't know existed.

I don't think we tested the full potential of Forescout. We had some delay implementing it into our organization, due internal organizational issues and also due to a lack of device registrations. Meanwhile we decided to switch to a new network provider that doesn't have Forescout in its portfolio. We favour one-stop shopping for network and security services, and will migrate to Aruba ClearPass (portfolio). 

I used this solution for the past year. 

The solution is stable. 

The product seems to be scalable although we didn't fully test it. 

I think the initial setup was fairly straightforward although I was not involved on a technical level. We had the advantage that the technical engineers knew our networks and how to carry out the implementation and we also had some assistance from British Telecom. We initially focused on our main plant or main location, and then moved to our other locations, which are far smaller, and have a lower risk profile. That was our strategy and implementation took around nine months after the initial implementation which took about a week. At that point, we realized there were more devices than we thought and the process became more complicated. It took a while to get a handle on everything. There were just a couple of us involved in deployment. 

This product demonstrates the possibilities of network access control for the organization. As a pilot project, it changed the minds of people because they could see the potential which included enrolling policies so that all devices can connect to the network. People are more aware now of the security risks when there is no network access control.

Forescout is affordable in terms of the end goal, which is control. We only looked at it in terms of discovery modes and I think it's too expensive to use for that purpose alone. We took a package, managed by British Telecom, which gave us some additional services without additional costs. 

We evaluated a couple of options. We first planned to use Radius which is more of a Microsoft-ended solution. We also looked at Cisco ISE but that's very expensive and I've seen reviews on your site about the difficulty of implementation. 

I would recommend this solution because it has a lot of different ways of discovering different devices and showing networks. It's very flexible. I believe the reason we didn't reach our goal is because of our company decisions and not because of the solution. 

I rate this solution eight out of 10. 

In both the environment I have used CounterACT to permit guests access and recognize automatically domain/white list members

It permit to treats the access policy without lists of macaddresses but by mean a dynamic policy

it permits to discover and classify a lot of devices that the organization forgets to have to manage

The last two or three versions that have been released on CounterACT Forescout have allowed for the possibility to search for any kind of device. Before that, I could only search for guest domain users.

For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.

I've been using the solution for five years.

It is a very good product.

Very good policy has been released with the for device licenses that permit to "paint" the better solution using virtual appliances.

It has very good support, it is very easy to contact the country post-selling engineer.

The initial setup is very, very simple. It's more complex to tune the product in the company environment and usually, that requires two days. I need a few days to tune the product correctly. I do also need to do a lot of tests during the initial implementation.

We implemented together vendor team.

I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy.

no, I have used only forescout and I haven't need to use anything else

I have installed the solution for two customers. For one, I have used the CounterACT CT 1000. In another environment, I did a more complex installation and I have used the appliances and management in a tray.

Forescout is a very good company that delivers very good features. I love it. I'd rate it nine out of ten.

Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.

The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.

Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.

Multitenancy should be included in the next version so it could be used as a managed service provider.

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

We've been using for over seven years since the beginning of the SOC.

We've had no issues with deployment.

It's been very stable. We've had no issues with stability.

We probably have 172,000 users in our department, so I would say that it's scalable. It's in the SOC. We'll probably need to scale it further as we expand it to our 20 other departments.

I've never had to use technical support.

We also use FireEye, NetWitness, Blue Coat, and a few others I can't remember.

I joined the department when it was all setup already.

Go for it.