header-product-endpoint

CounterACT for Endpoint Compliance

Find and fix security gaps on your network-automatically. No software. Fast, easy deployment.

Featured Video

Todd Frazier
Culpepper County
View now

CounterACT for Endpoint Compliance

White Paper

Webinar

Overview

ForeScout CounterACT is an automated security control platform that measures compliance with your security policies and remediates endpoint security deficiencies.

Unlike agent-based security systems, ForeScout CounterACT operates in real-time, has no blind spots, and does not require cooperation from the endpoint.

Features include:
  • Policy Manager. ForeScout CounterACT lets you create security policies that are right for your enterprise. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.
  • Visibility. ForeScout CounterACT can identify non-compliant computers – who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:
    • Anti-malware agent status (installed/running)
    • Anti-malware signature version
    • Patch management agent status (installed/running)
    • Operating system vulnerabilities
    • Firewall status (installed/running)
    • Processes and services installed or running
    • Registry and configuration
    • Applications installed/running
    • P2P/IM clients installed/running
    • Peripheral devices (type, make, model)
    • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
    • Rogue NAT/DHCP behavior
  • Compliance Engine. ForeScout CounterACT will detect when devices or users are out of compliance with your security policy. Track down users who are engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including the reason for non-compliance and complete details such as location of the device.
  • Policy Enforcement. When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy
  • Endpoint Remediation. ForeScout CounterACT includes a wide range of endpoint remediation actions. CounterACT can direct the anti-virus server to auto-update the non-compliant host, or it can prompt the patch management system to update the device’s operating system, or it can disable unauthorized software. The complete range of actions is shown below.
  • Integrated appliance. ForeScout CounterACT includes everything in a single appliance. No software to install, nothing to configure. Built-in integration lets you leverage your existing infrastructure including directory, endpoint security systems, patch management systems, ticketing systems and reporting systems.
  • Scalability. ForeScout CounterACT has been proven in customer networks exceeding 250,000 endpoints. CounterACT appliances are available in a range of sizes to accommodate networks of all sizes.
  • Clientless operation. Since ForeScout CounterACT is a clientless solution, it works with all type of endpoints–managed and unmanaged, known and unknown. Nothing escapes CounterACT. If it’s on your network, CounterACT sees it.
  • Optional client. ForeScout CounterACT gives you the option to install either a persistent or a dissolvable lightweight client, giving you additional control over the endpoint. Client supports Windows, Mac and Linux and can be automatically deployed when the user connects to the network and registers their identity on the system.
  • Reporting. ForeScout CounterACT has a fully integrated reporting engine that helps you monitor your level of policy compliance, fulfill regulatory audit requirements, and produce real-time inventory reports.

Tour

Compliance

Watch how ForeScout CounterACT lets IT managers manage security.

Remediation

Watch how ForeScout CounterACT lets IT managers remediate security

ForeScout-ArcSight Integration

Watch how ForeScout CounterACT integrates with the ArcSight SEIM platform to provide better security risk awareness and more automated security threat response.

Compare

= Best = Good = Fair = Poor*
Architecture
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, McAfee, etc.)
Number of components
Centralized management
Effective on unmanaged/unknown endpoints
Support for non-desktop OS devices (iOS, Android, BlackBerry, printers, wireless access points, etc.) varies
Integrates with 3rd party products
Deployment
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, McAfee, etc.)
Speed of installation
Support for phased deployment
Centralized deployment
Decentralized deployment
Visibility
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, McAfee, etc.)
Real-time detection of managed devices
Real-time detection of unmanaged devices
Security posture of managed endpoints varies
Security posture of unmanaged endpoints
Real-time inventory of applications, services, users, devices, vulnerabilities
Track changes of endpoint software or configuration
Self-help for end-users
Enforcement & Remediation
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, McAfee, etc.)
Alerting actions
Update antivirus
Install / restart security agents
Kill process
Disable unauthorized peripheral device

* The features compared on this page were obtained using publicly available sources from a variety of leading products. Other names may be trademarks of their respective owners.

Specs

ForeScout CounterACT is available as an appliance or a virtual appliance.

CT-R CT-100 CT-1000 CT-2000 CT-4000
Concurrent Devices 100 500 1000 2500 4000
Bandwidth 100 Mbps 500 Mbps 1 Gbps 2 Gbps Multi-Gbps
Network Ports – Copper 4 4 – 8 (depending on specific model) 4 – 8 (depending on specific model) 4 – 8 (depending on specific model) 4 – 8 (depending on specific model)
Network Ports – Fiber N/A Available option
(Up to 2 total)		 Available option
(Up to 4 total)		 Available option
(Up to 4 total)		 Available option
(Up to 4 total)
I/O Support 1 serial port (DB9) 1 serial port (DB9)
PS/2 keyboard
& mouse port		 1 serial port (RJ45)
PS/2 keyboard
& mouse port		 1 serial port (RJ45)
PS/2 keyboard
& mouse port		 1 serial port (RJ45)
PS/2 keyboard
& mouse port
USB Ports 2, USB 2.0-compliant 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1
VGA 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15)
CD-ROM N/A 1 1 1 1
Hard Drives 1 HDD 2 HDD (RAID-1) 2 HDD (RAID-1) 2 HDD (RAID-1) 2 HDD (RAID-1)
Power Supply 1 @ up to 60W
100-240VAC (External)		 1 @ up to 650W
100-240VAC		 2 @ up to 650W
100-240VAC		 2 @ up to 750W
100-240VAC		 2 @ up to 750W
100-240VAC
Power Consumption (max) 45.3w 648w 648w 744w 744w
Operating Temperature 5 °C to 35 °C -10 °C to 35 °C
(fluctuation not to
exceed 10 °C per hour)		 -10 °C to 35 °C
(derated 0.5 °C for every
1000 ft; 10,000 ft. max)
-40 °C to 70 °C		 -10 °C to 35 °C
(derated 0.5 °C for every
1000 ft; 10,000 ft. max)		 -10 °C to 35 °C
(derated 0.5 °C for every
1000 ft; 10,000 ft. max)
-40 °C to 70 °C
Storage Temperature -20 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C
Cooling Requirement Temperature n/a 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr
Humidity 20% – 90% 90% non-condensing
at 35 °C		 90% non-condensing
at 30 °C		 90% non-condensing
at 30 °C		 90% non-condensing
at 30 °C
Chassis 1U desktop
(steel slim line case)		 1U 19″ rack mount 1U 19″ rack mount 2U 19″ rack mount 2U 19″ rack mount
Dimensions Height: 42mm
(1.65 inches)
Width: 180mm
(7.48 inches)
Depth: 150mm
(5.91 inches)		 Height: 43.25mm
(1.703 inches)
Width: 430mm
(16.93 inches)
Depth: 692mm
(27.25 inches)		 Height: 43.2mm
(1.7 inches)
Width: 430mm
(16.93 inches)
Depth: 654.4mm
(25.76 inches)		 Height: 87.30mm
(3.44 inches)
Width: 430mm
(16.93 inches)
Depth: 704.8mm
(25.75 inches)		 Height: 87.30mm
(3.44 inches)
Width: 430mm
(16.93 inches)
Depth: 704.8mm
(25.75 inches)
Shipment Size: 16 x 9.6 x 5.5 inches
Weight: 8 pounds		 Size: 10 x 28 x 36 inches
Weight: 54 pounds		 Size: 10 x 28 x 36 inches
Weight: 54 pounds		 Size: 10 x 28 x 36 inches
Weight: 68 pounds		 Size: 10 x 28 x 36 inches
Weight: 70 pounds
Virtual appliance:

Operating system: VMware ESX or ESXi, versions 3.5 update 5, 4.0 update 2, and 4.1 update 1. Hardware: Minimum hardware requirements are dependant on the number of devices that you need to include within the scope of the CounterACT Virtual Appliance.

Model Devices CPUs GHz/CPU RAM Disk
VCT-R 100 1 1 1 GB 80 GB
VCT-100 500 2 1,5 1.5 GB 80 GB
VCT-1000 1000 2 2 2 GB 80 GB
VCT-2000 2500 2 3 4 GB 80 GB
VCT-4000 4000 4 3 6 GB 80 GB

Resources