ForeScout CounterACT


ForeScout CounterACT™ is a platform that provides continuous security monitoring and mitigation. It allows IT organizations to efficiently address numerous access, endpoint compliance and threat management challenges even within today’s complex, dynamic and expansive enterprise networks. Taking advantage of next-gen network access control (NAC) capabilities, CounterACT delivers both real-time intelligence and policy-based control to preempt threats and remediate problems while preserving business productivity.

ForeScout CounterACT integrates with your network, security and identity infrastructure to assure the right users and their devices gain appropriate access. Offering a range of built-in policy templates, CounterACT can flexibly manage employee and guest access in a way that is secure and seamless while providing organizations a quick and easy way to enforce Bring Your Own Device (BYOD) policy.

ForeScout CounterACT automatically discovers, classifies and applies policies for users, devices, systems and applications on your network, helping minimize your security risks. Because ForeScout CounterACT is agentless, it works with your endpoints – managed and unmanaged, known and unknown, PC and mobile security, embedded and virtual. With CounterACT, you can identify security gaps that may otherwise go undetected by your existing agent-based security systems.

ForeScout CounterACT works with your existing infrastructure via our ControlFabric™ architecture. This set of integration technologies enables ForeScout CounterACT and other IT solutions to exchange information, enhance control context, and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.

The ForeScout Difference

ForeScout CounterACT is dramatically easier and faster to deploy than traditional policy enforcement products. Here is why:

Turnkey. Everything is contained in a single physical or virtual appliance. Setup is fast and easy with built-in configuration wizards and templates.

ForeScout works with what you have. We work with the majority of popular switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems that you already have. We require no infrastructure changes or equipment upgrades.

Agentless. ForeScout CounterACT can identify, classify, authenticate and control network access of both managed and unmanaged (BYOD) endpoints without any help from agents or any kind of preconfigured endpoint software. Deep endpoint inspection can also be done without an agent as long as CounterACT has administrative credentials on the endpoint. In situations where CounterACT does not have administrative credentials (e.g. BYOD), deep inspection can be performed with the help of our optional SecureConnector agent.

Non-disruptive. Unlike conventional NAC products that immediately disrupt users with heavy-handed access controls, ForeScout CounterACT can be deployed seamlessly without impacting any users or devices. Furthermore, our solution can easily be implemented in a phased approach to minimize disruption and accelerates results. In the initial phase, CounterACT gives you visibility to your trouble spots. When you want to move forward with automated control, you can do so gradually, starting with the most problematic locations and choosing an appropriate enforcement action.

Open interoperability. Unlike infrastructure vendors which offer minor interoperability and modest third-party coverage, ForeScout CounterACT offers extensive third-party vendor interoperability and an open integration architecture. Learn more about ForeScout ControlFabric.

Accelerated results. ForeScout CounterACT provides useful results on Day 1 by giving you real-time visibility to assets and security issues on your network. The built-in knowledge base helps you configure security policies quickly and accurately.