Forescout Platform Reviews

It's a Network Access Control tool.

The ability to control to identify devices and control the actual devices was great.

It is easy to set up.

It's stable and reliable.

The scalability is good. 

It is an affordable solution. 

The product is easily deployable and it is agentless.

Custom integrations need to be better. I'd like to have the option, for example, to integrate the Forescout Platform with a customized application or any other software out there that I am using at the same time.

I would like the Forescout Platform to be deployable on cloud solutions, like Huawei. It's not compatible with Huawei at the moment. It can be deployed only on Amazon and AWS.

I've been using the solution for five years now. 

It's very stable. There are no bugs or glitches. It doesn't crash or freeze. It is reliable.

The solution can scale as necessary. You just pay more according to the number of users you are adding. 

We have about 70 users on the solution. 

We use it daily for our clients. 

The solution is very easy to set up. It's not overly complex or difficult.

I'd rate the solution a four out of five in terms of ease of setup.

The level of maintenance depends on the organization. If you are using more resources, you'll need more people. For an environment of maybe a thousand users, you can deploy one engineer. He can manage everything.

The cost of the solution is about 5000 South African rands per year for ten users. That's about $320 USD. If you want to increase usage, you can easily scale, you just pay more. 

I'd rate the solution four out of ten in terms of affordability. 

We are users and a reseller. 

I'd rate the solution nine out of ten.

In both the environment I have used CounterACT to permit guests access and recognize automatically domain/white list members

It permit to treats the access policy without lists of macaddresses but by mean a dynamic policy

it permits to discover and classify a lot of devices that the organization forgets to have to manage

The last two or three versions that have been released on CounterACT Forescout have allowed for the possibility to search for any kind of device. Before that, I could only search for guest domain users.

For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.

I've been using the solution for five years.

It is a very good product.

Very good policy has been released with the for device licenses that permit to "paint" the better solution using virtual appliances.

It has very good support, it is very easy to contact the country post-selling engineer.

The initial setup is very, very simple. It's more complex to tune the product in the company environment and usually, that requires two days. I need a few days to tune the product correctly. I do also need to do a lot of tests during the initial implementation.

We implemented together vendor team.

I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy.

no, I have used only forescout and I haven't need to use anything else

I have installed the solution for two customers. For one, I have used the CounterACT CT 1000. In another environment, I did a more complex installation and I have used the appliances and management in a tray.

Forescout is a very good company that delivers very good features. I love it. I'd rate it nine out of ten.

We're Forescout partners and offer this as a solution to our clients.

The solution's most valuable aspects are its network visibility and its ability to extend into other solutions for integration purposes. 

The initial setup is quite simple. It's not too complex or difficult to set up.

The solution needs more definitive pricing. The costs are hard to nail down.

I've been using the solution for less than two years. It's been one and a half years at this point. It hasn't been too long.

The solution is stable. It's very reliable. There aren't bugs or glitches. It doesn't crash.

The solution is scalable. If an organization needs to expand it out, they are able to fairly easily.

We tend to use this solution for different sized companies in various markets.

Technical support is great. We find them to be quite knowledgeable and responsive. We're very satisfied with the level of support we receive.

The initial setup is not complex at all. It's straightforward. It's pretty easy to manage.

We implement and deploy the solution for our clients.

The pricing is very important in Sri Lanka. We're sensitive to pricing. We'd like it if the solution was more clear on their pricing and if they were able to lower it.

We try to always use the latest version of the solution.

We're a partner. We use various deployment models, depending on the company we are implementing the solution for. We use both cloud and on-premises deployment models.

I'd recommend the solution to other users and companies. We've been quite pleased with the solution so far.

The customers seem to be very happy with the product as a whole. It's just the pricing that worries everyone. There's the competition to consider. If others can offer better pricing, I believe we would probably consider deploying it instead.

That said, overall, I'd rate the solution nine out of ten.

As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.

ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.

The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.

The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.

We have used ForeScout since summer of 2012.

Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.

Stability has been like a rock, and it is a product that just seems to work.

We have had no issues with scaling it for our needs.

We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.

We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.

The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.

Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.

We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.

The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.

ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.

It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.

The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.

We've been using for over seven years since the beginning of the SOC.

We've had no issues with deployment.

It's been very stable. We've had no issues with stability.

We probably have 172,000 users in our department, so I would say that it's scalable. It's in the SOC. We'll probably need to scale it further as we expand it to our 20 other departments.

I've never had to use technical support.

We also use FireEye, NetWitness, Blue Coat, and a few others I can't remember.

I joined the department when it was all setup already.

Go for it.

It provides us with visibility into what's connected to our network, such as contractors, mobile devices, and whether they're a part of our corporate asset list or not.

We use it to prevent malicious activities on our network that potentially infiltrate it. We've been able to take out over twenty percent of our threats connected into our environment that we just never had a means to stop from connecting up to our network.

We've discovered regular assets. Let's say you had a mobile device, you walked into our network, and you said "hey, I need to connect up to the network. I'm a contractor here for you all and I'm going to add in one device". You immediately now have access into our environment.

It needs easier integration to other partners that automate functions within the security phase. There's no difference because you're not going to be able to fill the places fast enough for all these security people. So how do you get it to be able to manage more with less people by automating some of the functions? So when, for instance, NetScout discovers something and installs a ticketing system instead of sending an alert to a person, it automatically opens a ticket with the appropriate levels and automates that stuff.

We've had no issues with deployment.

It has been stable. The benefit wasn't around stability, it was more around preventing instability. What we were fearful about is whether or not customers would get impacted by the restriction of them not being able to connect to the network.

For instance: you're an employee, your laptop was part of our asset, but your phone was not and your tablet was not. All of the sudden, now all three of those devices were all connected into environment. Well, I only want your laptop to be connected. Your mobile devices, I really don't care to because when you go, you surf wherever you want on your stuff. You could probably pull up malware and then plug it in as soon as you put in your credentials into our network. So we want to keep that one off and allow you to connect to the network but connect to the internet, but not to my infrastructure.

We haven't scaled it all the way up, but we started to pilot, grew it to a couple of floors, and then grew it to an entire building.

I've never had to use it.

My understanding is that it was complex simply because my mandate is to zero-in back to the user.

We did look at multiple partners and we ended up with ForeScout.

Definitely use it. It's a good protection tool.

The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.

We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.

The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.

I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.

I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.

I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.

We've had no issues with deploying it.

Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.

From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.

We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.

They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.

We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.

It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.

We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.

I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.

Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.

Our primary use cases of Forescout Platform are network access control, user access control, and Wi-Fi network access control.

The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost.

Unfortunately, Forescout Platform can only be accessed by Android systems. iOS is not supported, so there are some limitations to the operating system. I would like to see all devices have access to the solution.

Forescout needs to upgrade its development in the future.

I have been using Forescout Platform for the last two years.

Forescout Platform is very stable.

The solution is scalable. It is not one box that has limitations on licenses. Forescout Platform is more capable than Aruba ClearPass. 

Customer service and support is a four out of five overall. I am satisfied with the support I receive. 

Positive

Comparing Forescout to Aruba ClearPass, the difference is in the price and the level of policy enforcement.

The initial setup of Forescout Platform is very easy because it is pre-configured. I would rate it a five of five for the ease of setup of this product.

Forescout Platform licenses include everything integrated into the system including eyesight, recovery, and valid license. All three come in one box. It is a very competitive product, being half the price of its competitors.

5,000 user licenses will cost you between seven and eight million dollars, compared to 20 million for Aruba.

Overall, I would rate Forescout an eight out of ten.