ForeScout CounterACT version 6.3.3 is an out-of-band appliance that provides authentication-based protection for endpoint and VPN devices.
The components include the appliance; the enterprise manager, which provides high-availability options for redundancy and automatic recovery; and the console, which is the application for managing information about network endpoints and devices.
The CounterACT device works through the user authentication management to determine network access and, if agent-based, compliance with policy.
Using the inline-like capabilities, it monitors all traffic on the network (ARP requests, RPC, SSH, SNMP, 802.1X and other techniques) and can immediately detect when a device is attempting to connect to the network or to access it remotely. At that point, the tool will automatically apply whatever policies the administrator has created using the CounterACT policy configuration manager, which is built into the product.
A basic policy might be to deny network access to any device or user that is not present in the enterprise directory (e.g. Active Directory).
The appliance can disable the switch port or perform numerous other network-level actions to deny access. Another feature provides a VLAN firewall capability that can assign endpoints to various VLANs based on policy, and provide the firewall capability in an inline-like fashion without truly sitting as a proxy or a pass-through solution.
ForeScout CounterACT has a good dashboard that is highly customisable and there is a pleasing pop-up help feature to assist with configurations. The policy wizard is easy to use and there is built-in customisable alerting and numerous plug-ins to interact with other network devices.
There is no basic support provided. Support options can be bought for 18 or 23 per cent of the purchase price.
For a price just over c£3,070, ForeScout CounterACT is light on reporting but offers a lot of features and is great value for the money.