Automated Security Control Platform
ForeScout CounterACT is an automated security control platform that lets you see and control everything on your network—all devices, all apps, all users.
Automated Security Control Platform
White Paper
Webinar
Overview
ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of all devices on your network. ForeScout CounterACT automatically identifies who and what is on your network, controls access to your network, measures compliance with your security policies, blocks network threats, and remediates endpoint security violations when they occur. CounterACT makes you smarter, your network more secure, and your staff less busy by automating tasks that are currently laborious.
ForeScout CounterACT employs a proven approach for IT risk management, as shown in the diagram below. Every device that accesses your network is identified, controlled, remediated (if you wish), and continuously monitored to ensure compliance and protection.
The primary solutions provided by ForeScout CounterACT are:
Network Access Control
ForeScout CounterACT for Network Access Control lets guests and contractors access your network without compromising your network security. CounterACT for Network Access Control includes several guest registration options so you can tailor the guest admission process to suit your organization’s needs. Once a guest has registered and been admitted, CounterACT for Network Access Control can limit the user’s access to just the Internet or to specific network resources that you specify.
Mobile Security
ForeScout CounterACT for Mobile Security provides real-time visibility and control for smartphones, tablets and other mobile devices connected to your network. With ForeScout CounterACT for Mobile Security, you can let users enjoy the productivity benefits of modern handheld devices while you protect your network against data loss and malicious threats. CounterACT will control the level of access based on user and device type – Allow, Limit, or Block.
Endpoint Compliance
ForeScout CounterACT for Endpoint Compliance automatically enforces security policies for everyone and everything on your network, which helps you minimize your security risks. Because ForeScout CounterACT is agentless, it works with all type of endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT for Endpoint Compliance can discover security weaknesses with your existing agent-based security systems that would otherwise go undetected.
Threat Prevention
ForeScout’s patented ActiveResponse™ technology is included in every product that we sell. ActiveResponse blocks both known and unknown attacks with 100% accuracy. This unique technology does not require signature updates or other forms of maintenance, so it requires zero maintenance. And since it does not suffer from false positives, you can confidently deploy this technology inside your network in full blocking mode. ForeScout CounterACT provided zero-day protection against Conficker, Zeus and Stuxnet. Learn more about CounterACT Edge »
Regulatory Compliance and Audit Reports
ForeScout CounterACT has real-time visibility to everything on your network. Reports helps you monitor your level of policy compliance, support regulatory audit requirements, and produce real-time inventory reports. Compliance audits that used to take days or weeks can now be produced in hours with real-time accuracy.
The ForeScout Difference
ForeScout CounterACT is dramatically easier and faster to deploy than traditional policy enforcement products. Here is why:
- One box, one day to install. Everything is contained in a single physical or virtual appliance. Setup is easy with built-in configuration wizards.
- ForeScout works with what you have. All your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems–ForeScout CounterACT works with them. We require no infrastructure changes or equipment upgrades.
- No software. ForeScout CounterACT is agentless, which means it works with all types of endpoints–managed and unmanaged, known and unknown, authorized and rogue. No client installation is required.
- Non-disruptive. Unlike first generation NAC products that immediately disrupt users with heavy-handed access controls, ForeScout CounterACT can be deployed in a phased approach which minimizes disruption and accelerates results. In the initial phase, CounterACT gives you visibility to your trouble spots. When you want to move forward with automated control, you can do so gradually, starting with the most problematic locations and choosing an appropriate enforcement action.
- Accelerated results. ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.
Tour
Guest Registration Demo
ForeScout CounterACT for Network Access Control allows guests to register for access to your network without compromising your internal network security.
Mobile Security Demo
ForeScout CounterACT for Mobile Security lets you see and control handheld devices on your network.
Endpoint Compliance Demo
ForeScout CounterACT monitors your network to identify non-compliant computers.
Endpoint Remediation Demo
ForeScout CounterACT can automatically remediate non-compliant computers.
Network Visibility
Watch how ForeScout CounterACT lets IT managers see everything on the network−devices, users, software, peripherals, vulnerabilities, and more.
Compare
= Best 
= Good 
= Fair 
= Poor Architecture
| Feature | ForeScout CounterACT | Infrastructure solutions (Cisco, Juniper, etc.) | Agent-based solutions (Symantec, McAfee, etc.) |
|---|---|---|---|
| Number of components | |
|
|
| Centralized management | |
|
|
| Support for 802.1x port enforcement | |
|
|
| Support for non-802.1x port enforcement | |
|
|
| Effective on unmanaged/unknown endpoints | |
|
|
| Support for non-desktop OS devices (iOS, Android, BlackBerry, printers, wireless access points, etc.) | |
|
|
| Integrates with 3rd party products | |
|
|
Deployment
| Feature | ForeScout CounterACT | Infrastructure solutions (Cisco, Juniper, etc.) | Agent-based solutions (Symantec, McAfee, etc.) |
|---|---|---|---|
| Speed of installation | |
|
|
| Support for phased deployment | |
|
|
| Centralized deployment | |
|
|
| Decentralized deployment | |
|
|
Visibility
| Feature | ForeScout CounterACT | Infrastructure solutions (Cisco, Juniper, etc.) | Agent-based solutions (Symantec, McAfee, etc.) |
|---|---|---|---|
| Real-time detection of managed systems | |
|
|
| Real-time detection of unmanaged devices | |
|
|
| Security posture of managed endpoints | |
varies | |
| Security posture of unmanaged endpoints | |
|
|
| Real-time inventory of applications, services, users, devices, vulnerabilities | |
|
|
| Track changes of endpoint software or configuration | |
|
|
| Self-help for end-users | |
|
|
Enforcement & Remediation
| Feature | ForeScout CounterACT | Infrastructure solutions (Cisco, Juniper, etc.) | Agent-based solutions (Symantec, McAfee, etc.) |
|---|---|---|---|
| Alerting actions | |
|
|
| Blocking actions | |
|
|
| Switch ACL management | |
|
|
| Role-based traffic control | |
|
varies |
| Update antivirus | |
|
|
| Install / restart security agents | |
|
|
| Kill process | |
|
|
| Disable unauthorized peripheral device | |
|
|
| Block malicious traffic on the network | |
|
|
Resources
- White Paper: Choosing a Network Access Control (NAC) Solution that is Right for Your Network
- Webcasts: Visibility and Control of Today’s Networks
- Brochure: CounterACT Solution Brochure
- Datasheet: CounterACT for Network Access Control datasheet
- Tech Brief: Virtual Appliance
