Strengths: A truly massive feature set that goes well beyond just NAC
Weaknesses: The GUI configuration is non-intuitive and documentation is little help
Verdict: A big product that functions like a firewall, an IPS and a NAC device all rolled into one
ForeScout's CounterACT took the most time to install and configure. It works much like a network sniffer looking for "malicious sources". These are devices that appear to be sending non-standard network traffic. CounterACT therefore protects a network from zero-day attacks because the filtering is not based on signatures but rather on a deviation from normal network information. The appliance also includes a vulnerability-scanning service that can be used as an automated or manual process launched by the administrator.
The protection offered by the ForeScout device is controlled through a configurable network integrity policy. The policy can automatically find non-compliant devices, such as a workstation that is missing a critical patch. These devices are moved into a quarantine VLAN that restricts access to the organisation's critical resources. CounterACT also provides self-remediation tools. Another component verifies that all mission-critical devices are subject to a hardening process, which is tested by the vulnerability-scanning process.
The product also acts as a wireless enforcement point by detecting rogue access points and functions like an inline firewall. The network firewall protection creates network security zones by allowing an administrator to block network segments in the event of an outbreak, or even deny access to specific devices that have been labelled malicious sources. The firewall feature also blocks unwanted applications, for example unencrypted protocols such as FTP, Telnet or remote procedure call.
The installation was pretty straightforward. The device requires either serial console access or a keyboard and monitor for the initial configuration. The initial setup is menu-driven and only takes a few moments. The second part of the configuration, which is performed through a GUI on the management station, was far more difficult. The initial screens for the GUI made us feel lost and we immediately began looking for the documentation CD. This included several files with such similar names it was almost impossible to find the one we needed. The documentation was also not indexed.
Hardware support for 90 days is included with the purchase. ForeScout offers basic office-hour and extended 24/7 help options.