CounterACT Edge for Threat Prevention

Overview

Threat Protection Made Simple.

ForeScout CounterACT Edge is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout CounterACT Edge is extremely easy to install and requires approximately zero management overhead. It is powerful, and painless.

ForeScout CounterACT Edge deploys outside your firewall to protect against incoming attacks. It is connected to a switch via a mirror port. It installs out of band, not in-line with traffic. There is no “bump in the wire”, no latency, no single point of failure.

ForeScout CounterACT Edge uses ForeScout’s patented ActiveResponse™ technology to detect and stop attacks without any need for signatures, anomaly detection or pattern matching. ActiveResponse™ is effective against zero-day and “low and slow” attacks. ActiveResponse™ technology is protected by US Patent number 6363489.

Use Cases #1:   Primary IPS

ForeScout CounterACT Edge can be used as a primary IPS system in front of your existing network firewall. The amount of time that you will spend planning, installing, and managing your network defenses will be lower than with any other product combination. CounterACT Edge is effective against both human and automated attack patterns, including zero-day and “low and slow” attacks.

Use Cases #2:   Secondary IPS

ForeScout CounterACT Edge can be used in front of an existing signature-based IPS to improve the performance and extend the life of your existing product. In this configuration, CounterACT Edge will greatly reduce the number of events that your signature-based IPS system needs to process. It will also reduce your administrative overhead because you will have fewer events that you need to monitor and analyze. CounterACT Edge operates with accuracy, so the events (attacks) that CounterACT Edge blocks do not need to be reviewed by a human. CounterACT Edge filters out the noise, leaving traditional IPS devices to deal with a small number of other attacks.

Features include:
  • ActiveResponse™ technology. ForeScout CounterACT Edge uses ForeScout’s patented ActiveResponse™ technology to detect and stop attacks without any need for signatures, anomaly detection or pattern matching.
  • Accuracy. ForeScout CounterACT Edge communicates with external entities during the reconnaissance phase of an attack. This allows CounterACT Edge to identify the subsequent attack with accuracy – zero false positives. This fact allows you to comfortably put the product into blocking mode and walk away from it. It is truly “set and forget.”
  • Multiple blocking modes. ForeScout CounterACT Edge provides multiple ways of blocking attacks. The primary blocking mode utilizes an advanced TCP session reset. Unlike conventional TCP resets, which are sensitive to timing subtleties, CounterACT Edge TCP resets are activated during the initiation of the TCP session, providing more efficient blocking. Other blocking modes include tarpit blocking, UDP blocking, and firewall ACL integration.
  • Easy to install. You plug it in, configure it (usually in less than an hour), and walk away. ForeScout CounterACT Edge begins protecting your network immediately with accuracy. No lengthy tuning period.
  • Easy to maintain. CounterACT Edge needs no signatures, no updates, no tuning, no maintenance. Forever.
  • Alerting & Reporting. CounterACT Edge provides flexible, intuitive alerting and reporting options to ensure that security managers get the information they need, when they need it:
    • Geographical Maps. CounterACT Edge features a world map with geographical locations of monitored and/or blocked sources, and offers history reports for any specific point in time or time range.
    • Event Documentation and Reporting. CounterACT Edge records detected malicious activity, enabling security personnel to thoroughly investigate incidents. Comprehensive reports feature current and historical data of CounterACT Edge activity.
    • Trend Analysis. CounterACT Edge maintains a historical database of reconnaissance and malicious activity, enabling security managers to pinpoint trends and take the appropriate action.
    • E-mail Alerts. Event information is sent based on user-defined parameters.
  • SNMP Traps & Management. ForeScout CounterACT Edge can send SNMP traps about specific attack and operational events to authorized SNMP management stations. Various communities can be defined, allowing read-only access to different parts of the CounterACT Edge management information database.
  • WhoIs. CounterACT Edge sends WhoIs service information on suspected attackers to security staff, including their geographic location, corporate affiliation and contact information.

Compare

IT managers should evaluate network security products both in terms of their effectiveness (how accurate is it? does it block zero-day attacks?) as well as their management and operational costs.

Real-world experience and test results from independent labs show that signature-based and statistical anomaly-based IPS products on the market today do not deliver an attractive scorecard on either effectiveness or cost. Their weaknesses can leave organizations vulnerable to threats such as zero-day attacks, and severely challenged by problems such as false positives and high management costs. The cost of managing an IPS system that requires frequent tuning and signature updates can be multiple times the cost of procuring such a system.

ForeScout CounterACT Edge is an effective layer of network security which costs very little. CounterACT Edge blocks zero-day attacks without producing false positives. It is a true “set-and-forget” solution that does not require costly management and oversight.

Here is how ForeScout CounterACT Edge compares to the other common network security layers available on the market today:

= Best = Good = Fair = Poor*
CounterACT Edge Signature IPS Anomaly Detection IPS Firewall
Zero Day Protection
Management Overhead
False Positives
Typical Deployment Auto-blocking Some auto blocking, some non-blocking Typically set to non-blocking, due to false-positive issues Auto-blocking

* The features compared on this page were obtained using publicly available sources from a variety of leading products. Other names may be trademarks of their respective owners.

Specs

ForeScout CounterACT Edge is sold as an appliance. Five models are available, as shown below.

SC-2 SC-10 SC-50
Bandwidth 2 Mbps 10 Mbps 50 Mbps
Network Ports
copper (RJ-45) 6
10/100/1000
6
10/100/1000
6
10/100/1000
fiber Available option
(Up to 2 total)
Available option
(Up to 2 total)
Available option
(Up to 2 total)
I/O Support 1 serial port (RJ45);
USB – keyboard and mouse port
1 serial port (RJ45);
USB – keyboard and mouse port
1 serial port (RJ45);
USB – keyboard and mouse port
USB Ports 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1
VGA 1 (DB15) 1 (DB15) 1 (DB15)
CD-ROM 1 1 1
Hard Drives 3 HDD (RAID-1) 3 HDD (RAID-1) 3 HDD (RAID-1)
Power Supply 1 @ up to 650W
100-240VAC
1 @ up to 650W
100-240VAC
1 @ up to 650W
100-240VAC
Power Consumption 313w 313w 313w
Temperature
Operating +10 °C to 35 °C
(fluctuation not to
exceed 10 °C per hour)
+10 °C to 35 °C
(fluctuation not to
exceed 10 °C per hour)
+10 °C to 35 °C
(fluctuation not to
exceed 10 °C per hour)
Storage -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C
Cooling Requirement 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr
Humidity 90% non-condensing
at 35 °C (non-operating)
90% non-condensing
at 35 °C (non-operating)
90% non-condensing
at 35 °C (non-operating)
Chassis 1U 19″ rack mount 1U 19″ rack mount 1U 19″ rack mount
Dimensions Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Shipment Size: 36 x 28 x 10 inches
Weight: 55 pounds
Size: 36 x 28 x 10 inches
Weight: 55 pounds
Size: 36 x 28 x 10 inches
Weight: 55 pounds
SC-100 SC-200 SC-1000
Bandwidth 100 Mbps 200 Mbps 1 Gbps
Network Ports
copper 6
10/100/1000
4 – 8 (depending on specific model)
10/100/1000
4 – 8 (depending on specific model)
10/100/1000
fiber Available option
(Up to 2 total)
Available option
(Up to 4 total)
Available option
(Up to 4 total)
I/O Support 1 serial port (RJ45);
USB – keyboard and mouse port
1 serial port (RJ45);
USB – keyboard and mouse port
1 serial port (RJ45);
USB – keyboard and mouse port
USB Ports 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1
VGA 1 (DB15) 1 (DB15) 1 (DB15)
CD-ROM 1 1 1
Hard Drives 3 HDD (RAID 1) 3 HDD (RAID 1) 3 HDD (RAID 1)
Power Supply 1 @ up to 650W
100-240VAC
2 @ up to 750W
100-240VAC
2 @ up to 750W
100-240VAC
Power Consumption 313w 648w 648w
Temperature
Operating +10 °C to 35 °C
(fluctuation not to
exceed 10 °C per hour)
+10 °C to 35 °C
(derated 0.5 °C for every
1000 ft; 10,000 ft. max)
+10 °C to 35 °C
(derated 0.5 °C for every
1000 ft; 10,000 ft. max)
Storage -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C
Cooling Requirement 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr
Humidity 90% non-condensing
at 35 °C (non-operating)
90% non-condensing
at 30 °C (non-operating)
90% non-condensing
at 30 °C (non-operating)
Chassis 1U 19″ rack mount 1U 19″ rack mount 1U 19″ rack mount
Dimensions Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Height: 43.2mm
(1.70 inches)
Width: 430mm
(16.93 inches)
Depth: 665.5mm
(26.2 inches)
Shipment Size: 36 x 28 x 10 inches
Weight: 55 pounds
Size: 36 x 28 x 10 inches
Weight: 55 pounds
Size: 36 x 28 x 10 inches
Weight: 55 pounds