My company is in the financial services industry. The primary use case is Network Access Control and control endpoint access to network. The environment is used to process sensitive data. We want to ensure that rogue devices and unauthorized devices are unable to join the network. This will reduce our exposure to attacks.
Provides visibility into the workings of our routers and switches
Pros and Cons
- "It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation."
- "The initial setup is a bit complex."
What is our primary use case?
How has it helped my organization?
It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation.
It has provided visibility into the workings of our routers and switches. We also extended this capability to our branch offices through a WAN connection.
What is most valuable?
Access control: Being able to set policies that determine how devices join our network and how they are expected to behave while on the network. The fact that we are able to access the hygiene of our endpoint and monitor it continuously makes it fit for purpose.
What needs improvement?
I would advise Forescout through their research and development to look for features that they can add. Also, based on the what other competition may be selling, if they find any useful feature, they should add those to their product.
Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
The last three months.
What do I think about the stability of the solution?
It is stable and reliable.
What do I think about the scalability of the solution?
It is a good product that is fit for purpose.
How are customer service and support?
Fantastic
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
The initial setup is a bit complex.
What was our ROI?
Not applicable.
What's my experience with pricing, setup cost, and licensing?
The setup cost, pricing, and licensing are on the high side.
Which other solutions did I evaluate?
No. I heard of Forescout, then went ahead and bought it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a university with 501-1,000 employees
As a university, we have used ForeScout to help us get a hold on student computers and their infections.
What is most valuable?
As a university, we have used ForeScout to help us get a hold on student computers and their infections, and to keep those infected systems off our network. We are also currently using ForeScout as a mechanism to allow us to automatically move student game consoles to a separate VLAN, and then move the port back to the primary dorm VLAN when a PC or other device is plugged in.
How has it helped my organization?
ForeScout has the built-in ability to identify network devices without a separate subscription or device, and that allows us to identify when students plug into a switch or router (not allowed on our network), or tries to put their computer on the less restrictive game console VLAN. The rule sets allow you to configure different rules for different devices or networks from a single location, and provides a single-pane-of-glass view into any network traffic it can see.
What needs improvement?
The configuration of the rules is both a blessing and a curse. While it is almost infinitely configurable, knowing how to get the product to do what you want it to do can be difficult, especially at first.
The biggest problem we have had with ForeScout is that in order for it to see all of your network traffic it must have access to that traffic. So if your traffic has multiple ways to reach the internet or other resources, then you need multiple network taps in place to see that traffic.
For how long have I used the solution?
We have used ForeScout since summer of 2012.
What was my experience with deployment of the solution?
Other than the infinite configurability and need to have multiple network taps to see all traffic, we haven't had issues with deployment.
What do I think about the stability of the solution?
Stability has been like a rock, and it is a product that just seems to work.
What do I think about the scalability of the solution?
We have had no issues with scaling it for our needs.
How are customer service and technical support?
We have had mixed success with support. Sometimes we had amazing people who knew just what we needed and how to help us get there with minimal fuss. Other times we were explaining to support how to work around an issue so other customers wouldn’t have to deal with what we were dealing with.
Which solution did I use previously and why did I switch?
We previously used Perfigo, which was later bought by Cisco and became Clean Access. ForeScout offered us a device with a 10GB connection, and that on top of the feature set for the price sealed the deal.
How was the initial setup?
The initial setup was very straightforward, but due to our backbone switch/network configuration, we had to make last minute tweaks to get the product to see all our traffic. Also, we struggled to get our rules properly configured so that students weren’t negatively impacted by misconfigurations that would either prevent them from getting on the network at all, or repeatedly require them to log in.
Our third-party consulting firm (Konsultek), hit one out of the park in helping us, and they made sure we were up and running before the start of school, despite our tight timeframe for implementation.
What about the implementation team?
We used a third-party group to assist us with implementation, and that made all the difference for us as we were able to pull from their experience and knowledge to help us get up and running.
What other advice do I have?
The best advice I can offer is to make sure to understand the rules and how they work as that was a bit of an issue for us in the first few weeks when we worked out how to “fix” some of the issues (client time-outs, repeatedly being asked to log in) as they came up. Also, test everything before rolling out to production.
ForeScout provides some of the greatest visibility into network traffic, showing you exactly who is doing what, down to the port and protocol being used, capturing entire conversations between endpoints. It is a simply fantastic tool that provides network and security persons with the ability to throw up honeypots.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Network Administrator at a logistics company with 1,001-5,000 employees
It prevents a computer that may have an exploit or is malicious in some way from getting an IP address and connecting to our network.
What is most valuable?
The most valuable feature is agent compliance. When somebody plugs in a device and the device powers up, CounterACT goes through to make sure that rules we have in place are accurate or in line with what we'd expect. Once that completes, the machine gets an IP address from DHCP.
We could go into some other forensics. What happened to a device, let's say, it gets a virus. Okay, let's do some forensic work on it. When did the PC boot up? When did CounterACT first see it? What time stamps? We're able to see things of this nature.
The other nice thing we can do quickly when we're just doing audits or inventory is to pull up a list of clients. How many machines are on this switch? How many are on that switch? Are there switchboards that have more than two MAC addresses? If we know that a switchboard has, say, six MAC addresses on it, then we know that they probably have a hub.
How has it helped my organization?
I think the most valuable piece is to make sure that devices that we don't want on our network aren't on it. That's the most important. Somebody walks into a will-call area or to an area that's, say, open to the public, and they plug in a computer, that computer may have an exploit or is malicious in some way. It won't get an IP address and won't be connected. That's the most important feature.
What needs improvement?
I would like to see some reporting features. Things like, if our tech support department comes to us and says, "Hey, how many Dell model 390 PCs do we have in the company?" They can just click on a report that would show client name, machine model, IP address, last user login, etc. I think that people would find that very useful.
I think off-the-bat, when somebody pulls up the CounterACT interface, there's a lot going one. It's easy, but I don't think it's easy for somebody who just walks in blind. If there was a reporting feature, or something more incorporating tech support people, that would make their life easier. It mitigate the requests that we get to give them that information.
What was my experience with deployment of the solution?
We've had no issues with deploying it.
What do I think about the stability of the solution?
Overall, I think it's pretty stable. We did have some problems with the wireless plan. The wireless plug-in, where a device that we asked to be blocked for whatever reason, is not blocked. For a couple of months, we had the wireless plug-in disabled because too many end-users were being blocked when they shouldn't have been.
From the wireless standpoint, I would say that the reliability was somewhat poor, but CounterACT worked with us over a couple month period and did push out a patch. Today, things are better.
What do I think about the scalability of the solution?
We have three thousand end-user clients. Those are the majority of the people whom we monitor with CounterACT and not so much core devices like servers, or mainframes, or things of that nature. If we have to roll out an update to a client or some of our mobile users, it does so pretty seamlessly.
How are customer service and technical support?
They were very receptive, wanted to know exactly what was going on, wanted examples, etc. They did what they needed to do. Through some dialogue over probably about six weeks, we ended up getting an updated wireless plug-in, which seemed to resolve the issue.
Which solution did I use previously and why did I switch?
We were not using a device previously. I think the goal was originally, how do we know what's on our network? CounterACT solved that problem by allowing us to create our own rules that we wanted. It starts from a very high level and you can drill down into devices. We can now categorize, say, things like IOT devices such as clocks that operate wirelessly, building automation. We can get into all these different categories and groups of things. Whereas, before we really didn't know it. If you plugged in a device, you were getting an address from DHCP. Now, you have to meet these requirements to get an address.
How was the initial setup?
It was pretty straightforward. I've been in a number of roll-outs and this one was pretty easy.
We have one CounterACT appliance that does our Chicago office. A second appliance, which does our other four branches who are a little bit smaller. We separated that work and then we also have somewhat of a redundancy. As far as the configuration and getting things up and running goes, it starts with a nice, very high-level baseline. Then you kind of incorporate the rules that you want to incorporate as you go along, which makes it nice.
Which other solutions did I evaluate?
I think we went right after CounterACT. We sampled around I think on the web and just looked for solutions. But, CounterACT really came out to be the one that was easy to use. The price was right. The customizability and how we had to incorporate CounterACT to talk to our Cisco switches was really straightforward. It was easy and it worked.
What other advice do I have?
Absolutely go for it. I would love to give them a demo of our own environment, talk to people at CounterACT and roll it out. If it's within their budget, whatever that may be, absolutely I would use it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at Star india pvt ltd
Useful network access controls, beneficial port sharing, and good support
Pros and Cons
- "The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices."
- "Forescout Platform could improve the vulnerability management as well as the control on the endpoint, which needs to be connected to my network."
What is most valuable?
The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices.
What needs improvement?
Forescout Platform could improve the vulnerability management as well as the control on the endpoint, which needs to be connected to my network.
In an upcoming release, they should add security features, such as malware and threat protection.
For how long have I used the solution?
I have been using the Forescout Platform for approximately six years.
What do I think about the stability of the solution?
Forescout Platform was not a stable solution in 2015, but over the year it has become more and more stable. At this point in time, it is a stable solution.
What do I think about the scalability of the solution?
The Forescout Platform is scalable.
How are customer service and support?
The support from the Forescout Platform is great.
I rate the support from Forescout Platform a nine out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The price of the Forescout Platform is expensive. I purchased it for approximately 94 lakhs.
What other advice do I have?
I rate Forescout Platform a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Advisor/Architect at a consultancy with 51-200 employees
Very flexible with a great discovery mode feature
Pros and Cons
- "Provides a good overview of all devices on a network."
- "Can be expensive if it's only being used for one feature."
What is our primary use case?
Our primary use case of this solution was to control which of our devices were connected to the network. I'm a senior architect advisor. We were customers of Forescout.
How has it helped my organization?
As a result of using Forescout, we had a better overview of all the devices, known and unknown, that were connected to our network; it was a real advantage.
What is most valuable?
A very valuable feature is the discovery mode. It covers all types of devices on the network, which we didn't know existed.
What needs improvement?
I don't think we tested the full potential of Forescout. We had some delay implementing it into our organization, due internal organizational issues and also due to a lack of device registrations. Meanwhile we decided to switch to a new network provider that doesn't have Forescout in its portfolio. We favour one-stop shopping for network and security services, and will migrate to Aruba ClearPass (portfolio).
For how long have I used the solution?
I used this solution for the past year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The product seems to be scalable although we didn't fully test it.
How was the initial setup?
I think the initial setup was fairly straightforward although I was not involved on a technical level. We had the advantage that the technical engineers knew our networks and how to carry out the implementation and we also had some assistance from British Telecom. We initially focused on our main plant or main location, and then moved to our other locations, which are far smaller, and have a lower risk profile. That was our strategy and implementation took around nine months after the initial implementation which took about a week. At that point, we realized there were more devices than we thought and the process became more complicated. It took a while to get a handle on everything. There were just a couple of us involved in deployment.
What was our ROI?
This product demonstrates the possibilities of network access control for the organization. As a pilot project, it changed the minds of people because they could see the potential which included enrolling policies so that all devices can connect to the network. People are more aware now of the security risks when there is no network access control.
What's my experience with pricing, setup cost, and licensing?
Forescout is affordable in terms of the end goal, which is control. We only looked at it in terms of discovery modes and I think it's too expensive to use for that purpose alone. We took a package, managed by British Telecom, which gave us some additional services without additional costs.
Which other solutions did I evaluate?
We evaluated a couple of options. We first planned to use Radius which is more of a Microsoft-ended solution. We also looked at Cisco ISE but that's very expensive and I've seen reviews on your site about the difficulty of implementation.
What other advice do I have?
I would recommend this solution because it has a lot of different ways of discovering different devices and showing networks. It's very flexible. I believe the reason we didn't reach our goal is because of our company decisions and not because of the solution.
I rate this solution eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at Maticmind S.p.A.
Very good features, an easy initial setup, with a recently improved licensing model
Pros and Cons
- "I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy."
- "For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this."
What is our primary use case?
In both the environment I have used CounterACT to permit guests access and recognize automatically domain/white list members
How has it helped my organization?
It permit to treats the access policy without lists of macaddresses but by mean a dynamic policy
it permits to discover and classify a lot of devices that the organization forgets to have to manage
What is most valuable?
The last two or three versions that have been released on CounterACT Forescout have allowed for the possibility to search for any kind of device. Before that, I could only search for guest domain users.
What needs improvement?
For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.
For how long have I used the solution?
I've been using the solution for five years.
What do I think about the stability of the solution?
It is a very good product.
What do I think about the scalability of the solution?
Very good policy has been released with the for device licenses that permit to "paint" the better solution using virtual appliances.
How are customer service and technical support?
It has very good support, it is very easy to contact the country post-selling engineer.
How was the initial setup?
The initial setup is very, very simple. It's more complex to tune the product in the company environment and usually, that requires two days. I need a few days to tune the product correctly. I do also need to do a lot of tests during the initial implementation.
What about the implementation team?
We implemented together vendor team.
What's my experience with pricing, setup cost, and licensing?
I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy.
Which other solutions did I evaluate?
no, I have used only forescout and I haven't need to use anything else
What other advice do I have?
I have installed the solution for two customers. For one, I have used the CounterACT CT 1000. In another environment, I did a more complex installation and I have used the appliances and management in a tray.
Forescout is a very good company that delivers very good features. I love it. I'd rate it nine out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
Provides visibility into the network and connected devices
Pros and Cons
- "Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available."
- "Multitenancy should be included in the next version so it could be used as a managed service provider."
What is our primary use case?
Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.
How has it helped my organization?
The reporting for audits start with the knowledge of the devices in the network and the services running on them. ForeScout provides the foundation for the needed information.
What is most valuable?
Using passive and active methods to learn about the network. Even hybrid parts, like production, can be discovered with the passive method, while the office LAN can be discovered with both.
What needs improvement?
Multitenancy should be included in the next version so it could be used as a managed service provider.
For how long have I used the solution?
More than five years.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Program Manager at a government with 10,001+ employees
It gives us a clear initial and secondary view of what's happening on our network to determine its health.
What is most valuable?
It gives us a clear initial and secondary view of what's happening on our network to determine its health. We can see what's coming in and going out and to be able to directly management that. If there's something that needs to be quarantined, it will alert us and mark it as a threat.
What needs improvement?
The reporting could be improved. Also, it needs more analytics to see what's going on as we like to do trends.
For how long have I used the solution?
We've been using for over seven years since the beginning of the SOC.
What was my experience with deployment of the solution?
We've had no issues with deployment.
What do I think about the stability of the solution?
It's been very stable. We've had no issues with stability.
What do I think about the scalability of the solution?
We probably have 172,000 users in our department, so I would say that it's scalable. It's in the SOC. We'll probably need to scale it further as we expand it to our 20 other departments.
How are customer service and technical support?
I've never had to use technical support.
Which solution did I use previously and why did I switch?
We also use FireEye, NetWitness, Blue Coat, and a few others I can't remember.
How was the initial setup?
I joined the department when it was all setup already.
What other advice do I have?
Go for it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Network Access Control (NAC) IoT Security Endpoint Compliance Extended Detection and Response (XDR)Popular Comparisons
Microsoft Intune
CrowdStrike Falcon
Cisco Umbrella
SentinelOne Singularity Complete
Microsoft Defender for Cloud
Cisco Identity Services Engine (ISE)
Fortinet FortiClient
Cortex XDR by Palo Alto Networks
Qualys VMDR
Aruba ClearPass
Trend Vision One Endpoint Security
Trellix Endpoint Security
Tenable Security Center
Rapid7 InsightVM
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- PRICING FOR FORESCOUT CT10K APPLIANCE
- ForeScout vs. Cisco ISE
- What are the main differences between Cisco ISE and Forescout Platform?
- Comparison of Aruba Clearpass, Bradford Networks and Forescout NACs
- How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
- PRICING FOR FORESCOUT CT10K APPLIANCE
- When evaluating Network Access Control, what aspect do you think is the most important to look for?
- Which is the best choice of Zero Trust Network Access (ZTNA)?
- What is your recommended Network Access Control (NAC) solution for an enterprise?
- Cisco ISE (Identity Services Engine) vs Fortinet FortiNAC: which solution is better and why?