March 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A well-built application that uses a base of an intrusion prevention system
- Weaknesses: The product only sees network traffic on a segment
- Verdict: A unique approach. The clientless install is an administration saver, but the product does not protect devices outside the local network
ForeScout's CounterACT is different from the majority of products in this group test in several ways. First, it is appliance-based and the policy is enforced through a network tap configuration.
The device is designed to read network traffic from a switch span port that allows the appliance to observe all the data on that network segment. It is easy to see it being used near a backbone switch in an organisation. This would enable a small number of devices to enforce policy for a large number of endpoints.
The product does not require a software client to be installed on workstations or other devices. Instead, it works in a similar way to other 802.1X authentication mechanisms by moving clients in violation to reduced-access VLANs. This type of configuration allows for wireless access points, smart phones and laptops to be used as endpoints, in addition to desktop PCs.
If the device detects an unauthorised wireless access points, connection can be blocked. CounterACT scans the network for other vulnerabilities and integrates with third-party vulnerability assessment systems.
Installation can be performed either through a HyperTerminal-type session and a serial cable, or via a keyboard and monitor attached directly to the device. Configuration is not difficult.
The Java-based management interface holds an IP address while the monitoring interface has no valid address. The management station has a dedicated application installed that allows it to configure, manage and gather reports from the main CounterACT device.
The documentation is available in both printed and electronic format and is well done. The installation guide consists of a step-by-step tutorial on configuring and updating the software of your CounterACT device. It even includes procedures for restoring an earlier configuration.
ForeScout provides support by phone and email, but online resources are reserved for registered users only. Premium and additional support are available for an annual fee.
The cost of the CounterACT is about average for products in this category. Considering that the features of the appliance also mimic the features of an intrusion prevention system, the price is very reasonable.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Researchers hack Visa cards in six seconds
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?