CounterACT for Endpoint Compliance

Overview

ForeScout CounterACT is an netork security control platform that measures compliance with your security policies and remediates endpoint security deficiencies. Unlike agent-based security systems, ForeScout CounterACT operates in real-time, provides instant operational insight, and remediates directly or by triggering other security and system management response.

ForeScout CounterACT works with your existing infrastructure via our ControlFabric architecture. This set of integration technologies enables ForeScout CounterACT and other IT solutions to exchange information, enhance control context, and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.

Features include:
  • Policy Manager. ForeScout CounterACT lets you create security policies that are right for your enterprise. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.
  • Visibility. ForeScout CounterACT can identify non-compliant computers – who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:
    • Anti-malware agent status (installed/running)
    • Anti-malware signature version
    • Patch management agent status (installed/running)
    • Operating system vulnerabilities
    • Firewall status (installed/running)
    • Processes and services installed or running
    • Registry and configuration
    • Applications installed/running
    • P2P/IM clients installed/running
    • Peripheral devices (type, make, model)
    • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
    • Rogue NAT/DHCP behavior
    • Expired X509 certificate
  • Compliance Engine. ForeScout CounterACT will detect when devices or users are out of compliance with your security policy. Track down users who are engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including the reason for non-compliance and complete details such as location of the device.
  • Policy Enforcement. When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy
  • Endpoint Remediation. ForeScout CounterACT includes a wide range of endpoint remediation actions. CounterACT can direct the anti-virus server to auto-update the non-compliant host, or it can prompt the patch management system to update the device’s operating system, or it can disable unauthorized software. The complete range of actions is shown below.
  • Integrated appliance. All the features of ForeScout CounterACT are included in a single appliance. No software to install, nothing to configure. Built-in integration lets you leverage your existing infrastructure including directory, endpoint security systems, patch management systems, ticketing systems and reporting systems.
  • Scalability. ForeScout CounterACT has been proven in customer networks exceeding 250,000 endpoints. CounterACT appliances are available in a range of sizes to accommodate networks of all sizes.
  • Clientless operation. Since ForeScout CounterACT is a clientless solution, it works with all type of endpoints–managed and unmanaged, known and unknown. Nothing escapes CounterACT. If it’s on your network, CounterACT sees it.
  • Optional client. ForeScout CounterACT gives you the option to install either a persistent or a dissolvable lightweight client, giving you additional control over the endpoint. Client supports Windows, Mac, iOS, Android and Linux and can be automatically deployed when the user connects to the network and registers their identity on the system.
  • Reporting. ForeScout CounterACT has a fully integrated reporting engine that helps you monitor your level of policy compliance, fulfill regulatory audit requirements, and produce real-time inventory reports.
  • Qualifications. FForeScout CounterACT is military grade with the following qualifications:
    • USMC ATO
    • US Army CoN (Certificate of Networthiness)
    • UC APL (Unified Capabilities Approved Product List)
    • Common Criteria EAL 4+
  • Off-site Endpoint Compliance*. ForeScout CounterACT’s RemoteControl feature extends endpoint visibility and control beyond the enterprise network. This allows you to monitor and enforce security policies on corporate and enrolled-BYOD endpoints operating outside the corporate network and in the cloud.

*CounterACT RemoteControl feature planned availability – mid-2014

Product Tours

Product Demonstrations

Compliance

Watch how ForeScout CounterACT lets IT managers manage security.

Remediation

Watch how ForeScout CounterACT lets IT managers remediate security

ForeScout-ArcSight Integration

Watch how ForeScout CounterACT integrates with the ArcSight SEIM platform to provide better security risk awareness and more automated security threat response.

Product Screenshots

Click image to enlarge.

Global Overview

ForeScout CounterACT includes a built-in map that shows compliance statistics by site.

topTop
Site Visibility

From the map, you can drill down to see host information by site.

topTop
802.1X Policy Wizard

ForeScout CounterACT policy wizard makes it easy to control network access using 802.1X.

topTop
Mobile Security

By integrating with an MDM system, or using ForeScout Mobile, you can easily detect jailbroken or rooted smartphones and apply appropriate network access policies.

topTop

Compare

= Best = Good = Fair = Poor*
Architecture
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, etc.)
Number of components
Centralized management
Support for 802.1x port enforcement
Support for non-802.1x port enforcement
Effective on unmanaged/unknown endpoints
Support for non-desktop OS devices (iOS, Android, BlackBerry, printers, wireless access points, etc.)
Integrates with 3rd party products
Deployment
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, etc.)
Speed of installation
Out-of-band deployment
Support for phased deployment
Centralized deployment
Decentralized deployment
Scalability
Visibility
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, etc.)
Real-time detection of managed devices
Real-time detection of unmanaged devices
Security posture of managed endpoints varies
Security posture of unmanaged endpoints
Real-time inventory of applications, services, users, devices, vulnerabilities
Track changes of endpoint software or configuration
Enforcement & Remediation
Feature ForeScout CounterACT Infrastructure solutions (Cisco, Juniper, etc.) Agent-based solutions (Symantec, etc.)
Alerting actions
Blocking actions
Switch ACL management
Role-based traffic control varies
Quarantine
Update antivirus
Install / restart security agents
Kill process
Disable unauthorized peripheral device
Block malicious traffic on the network
Guest registration

* The features compared on this page were obtained using publicly available sources from a variety of leading products. Other names may be trademarks of their respective owners.

Specs

ForeScout CounterACT is available as an appliance or a virtual appliance.

CT-R CT-100 CT-1000 CT-2000 CT-4000 CT-10000
 Devices¹ Up to 100 Up to 500 Up to 1000 Up to 2500 Up to 4000 Up to 10000
Bandwidth 100 Mbps 500 Mbps 1 Gbps 2 Gbps Multi-Gbps  Multi-Gbps
Network Ports – Copper (RJ-45) 4 4 – 8 (depending on specific model)10/100/1000 4 – 8 (depending on specific model)10/100/1000 4 – 8 (depending on specific model)10/100/1000 4 – 8 (depending on specific model)10/100/1000 4 – 8 (depending on specific model)10/100/1000
Network Ports – Fiber N/A Available option(Up to 2 total) Available option(Up to 4 total) Available option(Up to 4 total) Available option(Up to 4 total) Available option(Up to 4 total)
I/O Support 1 serial port (RJ45) 1 serial port (RJ45) 1 serial port (RJ45) 1 serial port (RJ45) 1 serial port (RJ45)  1 serial port (RJ45)
USB Ports 2, USB 2.0-compliant 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1 4 back panel USB 2.0 + 1 front panel USB 1.1  4 back panel USB 2.0 + 1 front panel USB 1.1
VGA 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15)  1 (DB15)
CD-ROM N/A 1 1 1 1  1
Hard Drives 1 HDD 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS)  3 HDD (RAID-1+HS)
Power Supply 1 @ up to 60W100-240VAC (External) 1 @ up to 650W100-240VAC 2 @ up to 650W100-240VAC 2 @ up to 750W100-240VAC 2 @ up to 750W100-240VAC  2 @ up to 750W100-240VAC
Power Consumption (max) 45.3w 648w 648w 744w 744w  744w
Operating Temperature 5 °C to 40°C +10°C to +35°C (fluctuation not to exceed 10°C per hour) +10°C to +35°C (fluctuation not to exceed 10°C per hour) +10°C to +35°C (fluctuation not to exceed 10°C per hour) +10°C to +35°C (fluctuation not to exceed 10°C per hour)  +10°C to +35°C (fluctuation not to exceed 10°C per hour)
Storage Temperature 0°C to 70 °C -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C -40 °C to 70 °C  -40 °C to 70 °C
Cooling Requirement Temperature n/a 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr 2550 BTU/Hr  2550 BTU/Hr
Humidity 20% – 90% 90% non-condensingat 35 °C 90% non-condensingat 35 °C 90% non-condensingat 35 °C 90% non-condensingat 35 °C  90% non-condensingat 35 °C
Chassis 1U desktop(steel slim line case) 1U 19″ rack mount 1U 19″ rack mount 2U 19″ rack mount 2U 19″ rack mount 2U 19″ rack mount
Dimensions Height: 55mm(2.17inches)Width: 335mm(9.84inches)Depth: 213mm

(8.39inches)

Height: 43.2mm(1.70 inches)Width: 430mm(16.93 inches)Depth: 665.5mm

(26.2 inches)

Height: 43.2mm(1.70 inches)Width: 430mm(16.93 inches)Depth: 665.5mm

(26.2 inches)

Height: 87.30mm(3.44 inches)Width: 430mm(16.93 inches)Depth: 704.8mm

(25.75 inches)

Height: 87.30mm(3.44 inches)Width: 430mm(16.93 inches)Depth: 704.8mm

(25.75 inches)

Height: 87.30mm(3.44 inches)Width: 430mm(16.93 inches)Depth: 704.8mm

(25.75 inches)

Shipment Size: 16 x 9.6 x 5.5 inchesWeight: 8 pounds Size: 36 x 28 x 10 inchesWeight: 55 pounds Size: 36 x 28 x 10 inchesWeight: 55 pounds Size: 36 x 28 x 10 inchesWeight: 71 pounds Size: 36 x 28 x 10 inchesWeight: 71 pounds Size: 36 x 28 x 10 inchesWeight: 71 pounds

 

ForeScout CounterACT Virtual Appliance
    • Supported operating systems
      • VMware ESX and ESXi v3.5 update 5
      • VMware ESX and ESXi v4.0 update 2
      • VMware ESX and ESXi v4.1 update 1
      • VMware ESX and ESXi v5.1 update 1
      • Or, Microsoft Hyper-V 2008 R2 with LIC v3.2 and above.
  • Minimum hardware requirements
Model Devices¹ Cores Speed Memory Disk
VCT-R Up to 100 1 1.5GHz 2GB 80GB
VCT-100 Up to 500 2 2.13GHz 2GB 80GB
VCT-1000 Up to 1000 2 2.13GHz 3GB 80GB
VCT-2000 Up to 2500 4 2.13GHz 4GB 80GB
VCT-4000 Up to 4000 4 2.13GHz 6GB 80GB
VCT-10000 Up to 10000 8 2.13GHz 10GB 80GB

¹Device count, as determined by CounterACT, is the sum of unique on-site connections made by network assets, connections made by off-site assets managed by CounterACT, and assets made known to CounterACT via third-party integrations. Network assets include user endpoints such as laptops, tablets and smartphones, network infrastructure devices such as switches, routers and access points, and non-user devices such as printers, IP phones, security/medical/manufacturing equipment etc. Device information is retained in CounterACT from initial discovery, until such time the information is purged, based on aging preferences set in CounterACT.