Strengths: A well-built application that uses a base of an intrusion prevention system
Weaknesses: The product only sees network traffic on a segment
Verdict: A unique approach. The clientless install is an administration saver, but the product does not protect devices outside the local network
ForeScout's CounterACT is different from the majority of products in this group test in several ways. First, it is appliance-based and the policy is enforced through a network tap configuration.
The device is designed to read network traffic from a switch span port that allows the appliance to observe all the data on that network segment. It is easy to see it being used near a backbone switch in an organisation. This would enable a small number of devices to enforce policy for a large number of endpoints.
The product does not require a software client to be installed on workstations or other devices. Instead, it works in a similar way to other 802.1X authentication mechanisms by moving clients in violation to reduced-access VLANs. This type of configuration allows for wireless access points, smart phones and laptops to be used as endpoints, in addition to desktop PCs.
If the device detects an unauthorised wireless access points, connection can be blocked. CounterACT scans the network for other vulnerabilities and integrates with third-party vulnerability assessment systems.
Installation can be performed either through a HyperTerminal-type session and a serial cable, or via a keyboard and monitor attached directly to the device. Configuration is not difficult.
The Java-based management interface holds an IP address while the monitoring interface has no valid address. The management station has a dedicated application installed that allows it to configure, manage and gather reports from the main CounterACT device.
The documentation is available in both printed and electronic format and is well done. The installation guide consists of a step-by-step tutorial on configuring and updating the software of your CounterACT device. It even includes procedures for restoring an earlier configuration.
ForeScout provides support by phone and email, but online resources are reserved for registered users only. Premium and additional support are available for an annual fee.
The cost of the CounterACT is about average for products in this category. Considering that the features of the appliance also mimic the features of an intrusion prevention system, the price is very reasonable.