ControlFabric Architecture


You’ve built out a defense-in-depth program and have amassed numerous point products. Many of these traditional IT controls are based on the reliance on endpoint security software, periodic vulnerability scans, and aggregated logging data and alerts. When viewed in light of today’s constrained IT resources, network complexity and evolving threat landscape, these defenses often lack:

  • Greater control context
  • Real-time monitoring
  • Dynamic information sharing
  • Automation to respond quickly to exposures or to contain advanced threats

ForeScout’s addresses these limitations through our ControlFabric™ architecture; a set of network, security and management interoperability technologies built into ForeScout CounterACT™.

ControlFabric enables ForeScout CounterACT and other IT solutions to exchange information and more efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.

ForeScout CounterACT

  • Dynamically identifies and assesses network users, endpoints and applications.
  • Provides full network access control (NAC), pre- and post-admission.
  • Directly remediates endpoint security issues.
  • Triggers third-party remediation systems.

Leveraging ControlFabric, CounterACT can share contextual information with other security and IT management systems, thereby reducing the problem of disconnected systems and information silos. Additionally, ControlFabric opens CounterACT’s real-time control and automated remediation to your IT systems that heretofore have been limited to collecting, generating, analyzing or storing information.

ControlFabric Flow Chart

Base Integrations

ForeScout CounterACT includes a wide variety of integrations with network and IT infrastructure (switches, wireless controllers, VPN, routers, directories), endpoints (Windows, Mac, Linux, iOS, Android, printers, other devices), and endpoint software (antivirus, instant messaging, WMI, etc.). These integrations use a variety of protocols and interfaces built into our platform and are enabled through software plugins that are included with the license for ForeScout CounterACT. These base integrations give you tremendous power to discover and classify endpoints; track users and applications; assess security posture; control network access; enforce endpoint compliance policy, and fix security gaps such as broken endpoint security agents.

Extended Integrations

Extended ControlFabric integrations are available in the form of modules that can be optionally purchased and added to the CounterACT appliance. Each module requires an additional license and is comprised of one or more software plugins that can be downloaded from ForeScout’s customer support portal. Current integration modules developed and supported by ForeScout include:

Custom Integrations

The Open Integration Module, an extended ControlFabric Integration, is optionally licensed and is comprised of a set of plugins that allow a partner, system integrator or customer the means to develop custom integrations. It is comprised of software plugins that can be downloaded from ForeScout’s customer support portal. The Open Integration Module currently supports the following standards-based integration mechanisms: Web Services API, SQL, LDAP. Additionally, ForeScout CounterACT natively supports Syslog.

Product Tours

Product Demonstrations

ControlFabric Demo

ControlFabric lets ForeScout CounterACT exchange information with your existing IT infrastructure, allowing you to automatically resolve a wide variety of network, security and operational issues.

Guest Registration Demo

ForeScout CounterACT for Network Access Control allows guests to register for access to your network without compromising your internal network security.

Mobile Security Demo

ForeScout CounterACT for Mobile Security lets you see and control handheld devices on your network.

Endpoint Compliance Demo

ForeScout CounterACT monitors your network to identify non-compliant computers.

Endpoint Remediation Demo

ForeScout CounterACT can automatically remediate non-compliant computers.

Network Visibility

Watch how ForeScout CounterACT lets IT managers see the network−devices, users, software, peripherals, vulnerabilities, and more.


Click image to enlarge.

ControlFabric web interface

The Open Integration Module web service interface lets you share information with other security systems and IT management systems.

Associate CounterACT Data With Tags

The Open Integration Module web service interface lets you associate CounterACT data with tags that are easily recognized by the target system.

Messages to a Syslog Server

Through our Syslog plugin, you can send a message to a syslog server whenever a CounterACT security policy is triggered.

Customized CEF Messages

Through our SIEM Integration Module, you can send customized CEF messages to a SIEM server or security system.

Query SQL Databases

ForeScout Open Integration Module lets you query SQL databases containing, for example, asset management information.