CounterACT Edge for Threat Prevention
CounterACT Edge protects your network perimeter against intrusion with 100% accuracy. Fast, easy deployment.
CounterACT Edge for Threat Prevention
News Flash
Datasheet
White Paper
Overview
Threat Protection Made Simple.
ForeScout CounterACT Edge is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout CounterACT Edge is extremely easy to install and requires approximately zero management overhead. It is powerful, and painless.
ForeScout CounterACT Edge deploys outside your firewall to protect against incoming attacks. It is connected to a switch via a mirror port. It installs out of band, not in-line with traffic. There is no “bump in the wire”, no latency, no single point of failure.
ForeScout CounterACT Edge uses ForeScout’s patented ActiveResponse™ technology to detect and stop attacks without any need for signatures, anomaly detection or pattern matching. ActiveResponse™ is effective against zero-day and “low and slow” attacks. ActiveResponse™ technology is protected by US Patent number 6363489.
Use Cases #1: Primary IPS
ForeScout CounterACT Edge can be used as a primary IPS system in front of your existing network firewall. The amount of time that you will spend planning, installing, and managing your network defenses will be lower than with any other product combination. CounterACT Edge is effective against both human and automated attack patterns, including zero-day and “low and slow” attacks.
Use Cases #2: Secondary IPS
ForeScout CounterACT Edge can be used in front of an existing signature-based IPS to improve the performance and extend the life of your existing product. In this configuration, CounterACT Edge will greatly reduce the number of events that your signature-based IPS system needs to process. It will also reduce your administrative overhead because you will have fewer events that you need to monitor and analyze. CounterACT Edge operates with 100% accuracy, so the events (attacks) that CounterACT Edge blocks do not need to be reviewed by a human. CounterACT Edge filters out the noise, leaving traditional IPS devices to deal with a small number of other attacks.
Features include:
- ActiveResponse™ technology. ForeScout CounterACT Edge uses ForeScout’s patented ActiveResponse™ technology to detect and stop attacks without any need for signatures, anomaly detection or pattern matching.
- 100% accuracy. ForeScout CounterACT Edge communicates with external entities during the reconnaissance phase of an attack. This allows CounterACT Edge to identify the subsequent attack with 100% accuracy – zero false positives. This fact allows you to comfortably put the product into blocking mode and walk away from it. It is truly “set and forget.”
- Multiple blocking modes. ForeScout CounterACT Edge provides multiple ways of blocking attacks. The primary blocking mode utilizes an advanced TCP session reset. Unlike conventional TCP resets, which are sensitive to timing subtleties, CounterACT Edge TCP resets are activated during the initiation of the TCP session, providing more efficient blocking. Other blocking modes include tarpit blocking, UDP blocking, and firewall ACL integration.
- Easy to install. You plug it in, configure it (usually in less than an hour), and walk away. ForeScout CounterACT Edge begins protecting your network immediately with 100% accuracy. No lengthy tuning period.
- Easy to maintain. CounterACT Edge needs no signatures, no updates, no tuning, no maintenance. Forever.
- Alerting & Reporting. CounterACT Edge provides flexible, intuitive alerting and reporting options to ensure that security managers get the information they need, when they need it:
- Geographical Maps. CounterACT Edge features a world map with geographical locations of monitored and/or blocked sources, and offers history reports for any specific point in time or time range.
- Complete Event Documentation and Reporting. CounterACT Edge records all detected malicious activity, enabling security personnel to thoroughly investigate incidents. Comprehensive reports feature current and historical data of CounterACT Edge activity.
- Trend Analysis. CounterACT Edge maintains a historical database of reconnaissance and malicious activity, enabling security managers to pinpoint trends and take the appropriate action.
- E-mail Alerts. Event information is sent based on user-defined parameters.
- SNMP Traps & Management. ForeScout CounterACT Edge can send SNMP traps about specific attack and operational events to authorized SNMP management stations. Various communities can be defined, allowing read-only access to different parts of the CounterACT Edge management information database.
- WhoIs. CounterACT Edge sends WhoIs service information on suspected attackers to security staff, including their geographic location, corporate affiliation and contact information.
Compare
IT managers should evaluate network security products both in terms of their effectiveness (how accurate is it? does it block zero-day attacks?) as well as their management and operational costs.
Real-world experience and test results from independent labs show that signature-based and statistical anomaly-based IPS products on the market today do not deliver an attractive scorecard on either effectiveness or cost. Their weaknesses can leave organizations vulnerable to threats such as zero-day attacks, and severely challenged by problems such as false positives and high management costs. The cost of managing an IPS system that requires frequent tuning and signature updates can be multiple times the cost of procuring such a system.
ForeScout CounterACT Edge is an effective layer of network security which costs very little. CounterACT Edge blocks zero-day attacks without producing false positives. It is a true “set-and-forget” solution that does not require costly management and oversight.
Here is how ForeScout CounterACT Edge compares to the other common network security layers available on the market today:
= Best 
= Good 
= Fair 
= Poor* | CounterACT Edge | Signature IPS | Anomaly Detection IPS | Firewall | |
|---|---|---|---|---|
| Zero Day Protection | |
|
|
|
| Management Overhead | |
|
|
|
| False Positives | |
|
|
|
| Typical Deployment | Auto-blocking | Some auto blocking, some non-blocking | Typically set to non-blocking, due to false-positive issues | Auto-blocking |
* The features compared on this page were obtained using publicly available sources from a variety of leading products. Other names may be trademarks of their respective owners.
Specs
ForeScout CounterACT Edge is sold as an appliance. Five models are available, as shown below.
| SC-2 | SC-10 | SC-50 | |
|---|---|---|---|
| Bandwidth | 2 Mbps | 10 Mbps | 50 Mbps |
| Network Ports | |||
| copper (RJ-45) | 6 10/100/1000 |
6 10/100/1000 |
6 10/100/1000 |
| fiber | Available option (Up to 2 total) |
Available option (Up to 2 total) |
Available option (Up to 2 total) |
| I/O Support | 1 serial port (RJ45); USB – keyboard and mouse port |
1 serial port (RJ45); USB – keyboard and mouse port |
1 serial port (RJ45); USB – keyboard and mouse port |
| USB Ports | 4 back panel USB 2.0 + 1 front panel USB 1.1 | 4 back panel USB 2.0 + 1 front panel USB 1.1 | 4 back panel USB 2.0 + 1 front panel USB 1.1 |
| VGA | 1 (DB15) | 1 (DB15) | 1 (DB15) |
| CD-ROM | 1 | 1 | 1 |
| Hard Drives | 3 HDD (RAID-1) | 3 HDD (RAID-1) | 3 HDD (RAID-1) |
| Power Supply | 1 @ up to 650W 100-240VAC |
1 @ up to 650W 100-240VAC |
1 @ up to 650W 100-240VAC |
| Power Consumption | 313w | 313w | 313w |
| Temperature | |||
| Operating | +10 °C to 35 °C (fluctuation not to exceed 10 °C per hour) |
+10 °C to 35 °C (fluctuation not to exceed 10 °C per hour) |
+10 °C to 35 °C (fluctuation not to exceed 10 °C per hour) |
| Storage | -40 °C to 70 °C | -40 °C to 70 °C | -40 °C to 70 °C |
| Cooling Requirement | 2550 BTU/Hr | 2550 BTU/Hr | 2550 BTU/Hr |
| Humidity | 90% non-condensing at 35 °C (non-operating) |
90% non-condensing at 35 °C (non-operating) |
90% non-condensing at 35 °C (non-operating) |
| Chassis | 1U 19″ rack mount | 1U 19″ rack mount | 1U 19″ rack mount |
| Dimensions | Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
| Shipment | Size: 36 x 28 x 10 inches Weight: 55 pounds |
Size: 36 x 28 x 10 inches Weight: 55 pounds |
Size: 36 x 28 x 10 inches Weight: 55 pounds |
| SC-100 | SC-200 | SC-1000 | |
|---|---|---|---|
| Bandwidth | 100 Mbps | 200 Mbps | 1 Gbps |
| Network Ports | |||
| copper | 6 10/100/1000 |
4 – 8 (depending on specific model) 10/100/1000 |
4 – 8 (depending on specific model) 10/100/1000 |
| fiber | Available option (Up to 2 total) |
Available option (Up to 4 total) |
Available option (Up to 4 total) |
| I/O Support | 1 serial port (RJ45); USB – keyboard and mouse port |
1 serial port (RJ45); USB – keyboard and mouse port |
1 serial port (RJ45); USB – keyboard and mouse port |
| USB Ports | 4 back panel USB 2.0 + 1 front panel USB 1.1 | 4 back panel USB 2.0 + 1 front panel USB 1.1 | 4 back panel USB 2.0 + 1 front panel USB 1.1 |
| VGA | 1 (DB15) | 1 (DB15) | 1 (DB15) |
| CD-ROM | 1 | 1 | 1 |
| Hard Drives | 3 HDD (RAID 1) | 3 HDD (RAID 1) | 3 HDD (RAID 1) |
| Power Supply | 1 @ up to 650W 100-240VAC |
2 @ up to 750W 100-240VAC |
2 @ up to 750W 100-240VAC |
| Power Consumption | 313w | 648w | 648w |
| Temperature | |||
| Operating | +10 °C to 35 °C (fluctuation not to exceed 10 °C per hour) |
+10 °C to 35 °C (derated 0.5 °C for every 1000 ft; 10,000 ft. max) |
+10 °C to 35 °C (derated 0.5 °C for every 1000 ft; 10,000 ft. max) |
| Storage | -40 °C to 70 °C | -40 °C to 70 °C | -40 °C to 70 °C |
| Cooling Requirement | 2550 BTU/Hr | 2550 BTU/Hr | 2550 BTU/Hr |
| Humidity | 90% non-condensing at 35 °C (non-operating) |
90% non-condensing at 30 °C (non-operating) |
90% non-condensing at 30 °C (non-operating) |
| Chassis | 1U 19″ rack mount | 1U 19″ rack mount | 1U 19″ rack mount |
| Dimensions | Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
Height: 43.2mm (1.70 inches) Width: 430mm (16.93 inches) Depth: 665.5mm (26.2 inches) |
| Shipment | Size: 36 x 28 x 10 inches Weight: 55 pounds |
Size: 36 x 28 x 10 inches Weight: 55 pounds |
Size: 36 x 28 x 10 inches Weight: 55 pounds |
Resources
- Datasheet: CounterACT Edge
- Case Study: SANS What Works to Prevent Network-based Threats
- Tech Brief: CounterACT Tech Note: “CounterACT vs. Conficker
- News Flash: ForeScout Extinguished FLAME zero day malware on day zero
- White Paper: CISO Guide: Advanced Threat Protection
