ForeScout CounterAct v7.0
Strengths: Easy-to-follow dashboard and policy options. The documentation is great, and the on-screen instructions alone are enough to get it up and running
Weaknesses: Installation requires strong networking skills
Verdict: Very good value
ForeScout CounterAct offers enterprise-class NAC, assuring network access based on real-time endpoint classification configuration assessment, user and endpoint compliance policy and automated response. The system provides a multifactored approach to identify and classifies all devices, systems, applications and users, assesses adherence to configuration and security policy, and determines if access to resources should be allowed, denied or limited.
The integrated 802.1x and agentless approach delivers complete access and guest management, mobile security and endpoint compliance and remediation capabilities in a centrally managed, highly scalable physical or virtual appliance.
Where ForeScout excels is its approach to slow asymmetric threat identification and response. CounterAct's ability to track and respond to slow attacks, such as an attempt to find a single sensitive data item, is impressive. This makes it a strong addition to a layered approach, so as to deal with advanced persistent threats.
Evaluation of the product was performed using the ForeScout virtual appliance hosted on VMware. The front-end application was hosted on a Microsoft 2008 R2 application server. It became clear that use of the product centred on the excellent set of policies. The pre-defined policies and options made the task of getting data flowing in the system very easy. Regarding performance, the system took everything we could throw at it, and the various pages and reports were easy to follow.
From beginning to end, the installation and configuration took a little over four hours. First steps were to use the USB devices supplied by ForeScout to create the virtual CounterAct appliance within VMware. The network infrastructure had to be modified to allow the necessary VLAN tagging across multiple network segments. CounterAct was installed with span ports to a core switch having domain access to endpoints via directory services.
Installation documentation, as well as that to help operate and maintain the system, is very good. And the system was so simple to manage that the on-screen instructions alone made it easy to get the product running.
ForeScout offers two levels of support: basic (free) and ActiveCare (c£2,000).
Pricing starts at c£9,895 per virtual appliance, providing a great value for an excellent product.