Forescout Platform Reviews

The network access control is a valuable feature for us. It provides endpoint visibility of our network and controls who can access network resources. That's really powerful.

The problem with vendors like Cisco is that their solutions are limited their to own ecosystem, and in general they don't work well with other vendors. With virtual machines, it can actually collect data from a variety of different network solutions, such as Cisco, Bloomberg, etc. Any routing platform out there, you can import it today. It can basically integrate these products and you can use it for enforcement. You can use them to collect the data. 

The other one is obviously that CounterACT can provide you with virtual ability to control who gets access to the network. It can act as a super-based machine and provide a level of security. It is integrated more easily than other vendors.

The integration with Sync can be improved. We would like to see better integration with some other popular vendors. 

Also, the reporting needs improvement, as well as integration with PAL services. It also needs more options for different sizes of customers. It does really work well in the big departments. For smaller organizations it might be a little overkill of a solution.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

It's a little bit too complex. A little bit of simplification when it comes to deployment might actually be better.

I think it is a good product and definitely fills the gap. I don't think we have many competitors at this stage. The major competitor is Cisco, but the biggest advantage of CounterACT is vendor agnostic. It means that it can work with a variety of different products. That is the biggest advantage.

• Alerting as to non-compliant machines
• Ability to quarantine infected machines
• Ability to determine if patches are not up to date

If a machine becomes infected by a user accessing the web, ForeScout has the ability to immediately quarantine that machine, isolating it from the network. Before this, someone would literally have to run down the hall and shut off a machine in the event of a breach and infection by malware.

It needs enhanced mobile support, but I have heard that this is coming.

We've used it for six months.

It took some time to get the policies set up and applied once ForeScout was physically in place. A dedicated resource and timely decisions from management can make this deployment faster. Make sure you account for anything and everything in your environment which has an IP address. We also had one device that was DOA but it was quickly replaced.

We have had no stability issues.

Scalability was not a problem for this site as we have less than 1000 endpoints.

Excellent. Our support engineer was extremely helpful and available.

This was the first of its kind in the environment.

With the assistance of the support engineer, it wasn't too bad. But it depends upon the state of your network. If everything is set up correctly, it will go much smoother. For example, having SNMPv3 activated everywhere is a requirement so that ForeScout can see everything.

We used our in-house personnel with the support engineer guiding us along via WebEx.

They are competitively priced for a medium-to-large sized organization.

This is not a very crowded segment for this kind of a product, and ForeScout is the best known of this small field.

They also offer a monitoring service which is a good value if you do not have someone in house to monitor ForeScout on site. This can be full or part time. ForeScout is a powerful network access control tool that has some features found in insider threat solutions, though it is not exactly made for that.

Forescout Platform provides continuous security monitoring and mitigation.

The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good.

If you want to deploy a new solution to block, you can't do it by yourself. You need the Forescout to deploy these solutions. They could prove this by making it better.

There are virtual machine limitations, this is not a solution that they use to protect my company.

In the next release of the solution, it could benefit from being more flexible to allow for more freedom.

I have been using the Forescout Platform for approximately two years.

Forescout Platform has the NAC solution and it is necessary to deployment. It's not exactly the same, but it can save some money rather than using another approach for NAC.

I rate Forescout Platform an eight out of ten.

We are using the Forescout Platform for authentication and for 100% device visibility.

Forescout Platform provides multiple features. They have a very effective device fingerprinting in their cloud. You do not need to add any devices manually, such as in Mac devices. Other solutions you have to add IoT devices and OT devices manually. This is one of the major areas that Forescout Platform is excelling in.

There are features that you can protect your organization.

I have been working with Forescout Platform for approximately eight months.

I have observed the solution to be stable.

Forescout Platform is a scalable solution and it is easy to scale.

Forescout Platform is new to the market here in Pakistan and customers prefer Cisco. We recommend the Forescout Platform to our customers because they are comparable solutions. Many of them are considering the Forescout Platform for their upcoming project. Customers in the financial sector have been interested in the solution.

I have been satisfied with their support. Their response to all of our queries has been very helpful.

I have previously used Cisco ISE.

The initial setup of the Forescout Platform is very straightforward when compared to Cisco.  Cisco ISE is very complex.

The time it takes for the deployment depends on the availability of the customer, and the team. If the customer can provide some information as soon as possible then the deployment can be done within 60 days for a large organization. This can be between 1,000 to 20,000 endpoints.

The cost of the solution depends on the customer's requirement because the customer is asking for different integration with a different product. Forescout Platform's price would start to get a bit higher. However, overall the price is a little expensive. It's can fit within the customer budget.

My advice for someone looking to implement the Forescout Platform, it is a product that tells you what are the devices connecting your network. Without installing agents or without doing manual work, you can automatically know the inventory of your devices in your organization.  It's a very good feature that you can discover all devices connected to the network, such as printers or iPhones. You do not need to categorize the devices or find the MAC address of the devices connected on the remote side.

I rate Forescout Platform a nine out of ten.

If the price was cheaper then I would rate the solution a ten.

This solution can be used to organize guest portals, integrate switches, and create policies.  Some of its standard use cases also include completing key process upgrades and anti-virus of Windows OS.

This solution could be improved if there was functionality or module integration to connect Forescout with open source, container areas or Terraform.  It would also be useful if this solution could run with network plugins to Kubernetes. 

I have been using this solution for three years. 

This is a stable solution but does require additional servers if we want to make use of the full functionality of the solution. 

This solution is not that easy to scale but this depends on a company's needs. 

For our business, if we want to connect to the host, we can do it from one main office and can connect an inventory to those remote hosts from one point. If we want to collect spam traffic, for example, we cannot collect this traffic from one point, because a wider connection channel is needed. So in this case, we need to deploy an additional server for Forescout that will collect spam traffic and send method data to the main management server.

We have hardly needed support from the Forescout team. 

The initial setup was not that straightforward and configuration took a long time and required technical specialists. When assisting customers, we need to have a technical specialist onsite to deploy the solution. 

I would rate this solution an eight out of ten. 

The installation is not secure because it takes high admin privileges.

Forescout is stable.

The initial setup is easy, taking no more than two or three weeks.

Forescout is more expensive than Cisco because Cisco gives high discounts.

Forescout is better for smaller organizations in sectors like education or hospitality. I would rate Forescout as five out of ten.

We are a solution provider and we are currently implementing this product for our customers.

One of the reasons we use Forescout is to differentiate between our employees and guests in the office. For employees, we want to make sure that all of the Wi-Fi devices connected to our infrastructure comply with our security regulations. For guests, or for subcontractors, our goal is to monitor and regulate access.

This also provides us with the ability to use automation during our compliance and review. For example, we can automate processes with third-party solutions such as Splunk, or our own firewall can have an automatic response based on the compliance results from Forescout.

The most valuable feature is the ease of deployment, which does not require the use of an agent.

We are satisfied with the interface.

Better integration with third-party vendors is needed because as it is now, the list of third-party solutions that we can integrate and automate is quite limited. We would like to see the list of vendors expanded to be broader.

The types of products that we would like to integrate with are firewalls, patch management solutions, and SIEM applications, for example.

We have been working with the Forescout Platform for about two years.

It is quite stable and we have not experienced any issues.

I thinking that Forescout scales well enough.

We are satisfied with technical support and have not had any problems with them.

The initial setup is pretty straightforward. The length of time required for deployment depends on the number of use cases that we want to implement. For example, integration with different products will take longer to deploy than a simple REST API access or integration with Active Directory.

I would say that on average, it might take between two weeks and one month to deploy.

We have a system integrator to assist with deployment.

I would rate this solution a nine out of ten.

We needed this solution in order to block rogue devices (laptops, phones, etc) and block external devices.

ForeScout has given us the ability to block unwanted devices.

The most valuable feature is the blocking of USB devices.

The ability to block external devices in Mac is lacking and needs to be added.

We have been using ForeScout CounterACT for three years.