ForeScout ControlFabric Architecture


Traditional IT controls are based on endpoint agents, periodic vulnerability scans, and numerous defense-in-depth security products. When viewed in light of today’s IT practices and evolving threat landscape, these traditional controls may be deemed lacking in a number of ways, such as:

  1. Inadequate visibility and control over all endpoints on the network, especially BYOD
  2. Lack of real-time continuous monitoring
  3. Lack of coordination and sharing of information between security products
  4. Lack of automation to respond quickly to compliance violations and to contain advanced threats

ForeScout ControlFabric is the answer to these problems. ControlFabric is a set of technologies that enable ForeScout CounterACT and other IT solutions to exchange information and more efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.
ControlFabric Flow ChartControlFabric is based on ForeScout CounterACT which

  • dynamically identifies and assesses all network users, endpoints and applications
  • controls network access
  • directly remediates endpoint security issues
  • triggers 3rd party remediation systems

ControlFabric extends CounterACT’s capabilities and enables you to share contextual information with other security and IT management systems, thereby reducing the problem of disconnected systems and information silos. Additionally, ControlFabric can bring real-time control and automated remediation to your IT systems that heretofore have been limited to collecting, generating, analyzing or storing information.

The primary products within the ControlFabric solution set are:

ForeScout CounterACT for Network Access Control integrates with your current network, security and identity infrastructure to assure the right users and their devices gain appropriate access. Leveraging built-in policy templates, CounterACT can automatically manage employee and guest access in a way that is seamless for those that comply and automated for those that don’t.

ForeScout CounterACT for Endpoint Compliance automatically enforces security policies for everyone and everything on your network, which helps you minimize your security risks. Because ForeScout CounterACT is agentless, it works with all type of endpoints–managed and unmanaged, known and unknown, physical, mobile and virtual. CounterACT can discover security weaknesses that would otherwise go undetected CounterACT can find and fix endpoint violations without IT intervention – saving your organization considerable time, resources and money.

Base Integrations

ForeScout CounterACT includes a wide variety of integrations with network and IT infrastructure (switches, wireless controllers, VPN, routers, directories), endpoints (Windows, Mac, Linux, iOS, Android, printers, other devices), and endpoint software (antivirus, instant messaging, WMI, etc.). These integrations are available at no additional charge in the form of easily installed plugins. These base integrations give you tremendous power to discover and classify endpoints; track users and applications; assess security posture; control network access; enforce endpoint compliance policy, and fix security gaps such as broken endpoint security agents.

Extended Integrations

ControlFabric extended integrations, which are developed and supported by ForeScout, are available as separately licensed modules that can be added to the CounterACT appliance. Current integration modules developed and supported by ForeScout include:

Custom Integrations

ForeScout’s open ControlFabric Interface allows you or any third party to easily implement new integrations based on common standards-based protocols. The Open Integration Module currently supports the following standards-based integration mechanisms: Web Services API, SQL, LDAP. Additionally, ForeScout CounterACT natively supports Syslog.

The ForeScout Difference

ForeScout CounterACT is dramatically easier and faster to deploy than traditional policy enforcement products. Here is why:

One box, one day to install. Everything is contained in a single physical or virtual appliance. Setup is easy with built-in configuration wizards.

ForeScout works with what you have. All your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems–ForeScout CounterACT works with them. We require no infrastructure changes or equipment upgrades.

No software. ForeScout CounterACT is agentless, which means it works with all types of endpoints–managed and unmanaged, known and unknown, authorized and rogue. No client installation is required.

Non-disruptive. Unlike first generation NAC products that immediately disrupt users with heavy-handed access controls, ForeScout CounterACT can be deployed in a phased approach which minimizes disruption and accelerates results. In the initial phase, CounterACT gives you visibility to your trouble spots. When you want to move forward with automated control, you can do so gradually, starting with the most problematic locations and choosing an appropriate enforcement action.

Accelerated results. ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.

Product Tours

Product Demonstrations

ControlFabric Demo

ControlFabric lets ForeScout CounterACT exchange information with your existing IT infrastructure, allowing you to automatically resolve a wide variety of network, security and operational issues.

Guest Registration Demo

ForeScout CounterACT for Network Access Control allows guests to register for access to your network without compromising your internal network security.

Mobile Security Demo

ForeScout CounterACT for Mobile Security lets you see and control handheld devices on your network.

Endpoint Compliance Demo

ForeScout CounterACT monitors your network to identify non-compliant computers.

Endpoint Remediation Demo

ForeScout CounterACT can automatically remediate non-compliant computers.

Network Visibility

Watch how ForeScout CounterACT lets IT managers see everything on the network−devices, users, software, peripherals, vulnerabilities, and more.


Click image to enlarge.

ControlFabric web interface

The Open Integration Module web service interface lets you share information with other security systems and IT management systems.

Associate CounterACT Data With Tags

The Open Integration Module web service interface lets you associate CounterACT data with tags that are easily recognized by the target system.

Messages to a Syslog Server

Through our Syslog plugin, you can send a message to a syslog server whenever a CounterACT security policy is triggered.

Customized CEF Messages

Through our SIEM Integration Module, you can send customized CEF messages to a SIEM server or security system.

Query SQL Databases

ForeScout Open Integration Module lets you query SQL databases containing, for example, asset management information.