Agentless Visibility

Overview

Real-time Network Visibility

ForeScout CounterACT gives you real-time visibility of your network — devices, operating systems, users, applications.

The Problem

Before you can manage your network’s security, you have to have visibility of your network.   This includes:

  • Authorized and unauthorized users (employees, guests, contractors)
  • Authorized and unauthorized devices (computers, wireless access points, handheld phones, USB memory devices, printers, etc.)
  • Authorized and unauthorized applications
  • Security configurations and security posture of devices on your network

Many IT managers think they know what is on their network, but in reality this is quite difficult.   The information provided by agent-based security systems (Symantec, McAfee, Trend, Sophos, etc.) or patch management systems (BigFix, Lumension, Microsoft, etc.) is often incorrect.

Agent-based security systems are typically limited to corporate-owned devices. As a result, security teams typically have no visibility into the security of employee-owned devices and devices that are not computers.   The list includes:

  • Personal laptops
  • Smartphones
  • Tablet computers
  • Smart printers (many of today’s printers contain an embedded operating system)
  • Peripheral devices such as USB memory sticks
  • Industrial equipment
  • Rogue wiring devices
The Solution

ForeScout CounterACT is a network appliance that reveals devices on your network: computers, switches, VoIP phones, printers, personal cell phones, rogue wireless access points, USB drives, and more. CounterACT incorporates the most granular host interrogation engine in the industry and can determine most configuration detail of endpoints. CounterACT automatically builds a profile of each endpoint, including:

  • identity of the person logged in
  • user’s behavior once logged in
  • operating system
  • applications running
  • patch levels for software
  • status of security agents (running or not running)
  • endpoint-connected devices such as USB drives
  • network-connected mobile devices, such as smart phones

Administrators can access this information using a simple Google-like search interface that displays a detailed catalog of connected users and devices. From there, they can easily locate problematic or nonconforming users, endpoints, and devices – right down to physical switches and switch-ports.

ForeScout CounterACT is easy to deploy.   It is a simple appliance that installs out-of-band on the network.   It requires no software installation on host computers.

Features

ForeScout CounterACT uses multiple technologies to learn about your network.   The following is the information that CounterACT will show you:

Device Information
  • Device type (printer, wireless network device, laptop, etc.)
  • Device authentication/NETBIOS/domain membership
  • System information (manufacturer, model name, number of processors, etc.)
  • Storage information (drive type, volume name, size, name, etc.)
  • Motherboard (manufacturer, model, serial number, removable, etc.)
  • RAM (memory type, capacity, manufacturer, serial number, speed, etc.)
  • Network adapter (DeviceID, name, adapter type, speed, etc.)
  • Processors (number of cores, description, family, manufacturer, etc.)
  • MAC/IP address
  • NIC vendor
  • Hostname
Security Status
  • Anti-malware agents status (installed/running) and database versions
  • Patch management agent status (installed/running)
  • Firewall status (installed/running)
  • Audit trail of changes to OS/configuration/ application
  • X509 certificates
User Information
  • Username
  • Full name
  • Authentication status
  • Workgroup
  • Email address
  • Phone number
  • Guest/authentication status Device Information
  • Device type (printer, wireless network device, laptop, etc.)
  • Device authentication/NETBIOS/domain membership
  • MAC/IP address
  • NIC vendo
Operating System Status
  • Type
  • Version number
  • Patch level
  • Processes and services installed or running
  • Registry and configuration
  • File name/size/date/version
  • Shared directories Security Status
  • Anti-malware agents status (installed/running) and database versions
  • Patch management agent status (installed/running)
  • Firewall status (installed/running)
  • Audit trail of changes to OS/configuration/ application
Application Information
  • Authorized applications installed/running
  • Rogue applications installed/running
  • P2P/IM clients Installed/running
  • Application name and version number
  • Registry values
  • File sizes
  • Modification date and patch level
Peripheral information
  • Device class (disk, printer, DVD/CD, modem, NIC, memory, phone, etc.)
  • Connection type (USB, Bluetooth, infrared, wireless, etc.)
  • Device information (make, model, device ID, serial number, etc.) Network Traffic Information
  • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
  • Traffic source/destination
  • Rogue NAT/DHCP behavior
Physical Layer Information
  • Switch IP, description, location
  • Switch port
  • VLAN
  • Number of devices on any port
  • 802.1x authentication status
Network Traffic Information
  • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
  • Traffic source/destination
  • Rogue NAT/DHCP behavior
  • IPV6 tunnels through IPV4

Benefits

Painless deployment

ForeScout CounterACT is a simple appliance that installs out-of-band on your network.   It requires no software installation.

Improve security awareness

By knowing about devices on your network, you will be in a better position to assess risks and take action to remediate vulnerabilities.

Improve network stability

ForeScout CounterACT lets you identify network infrastructure not provisioned by IT such as wiring hubs, wireless access points, and DHCP servers. Often these unauthorized devices are the source of network instability and outages.

Get full ROI from your existing security investments.

Don’t risk network protection with a false sense of security. ForeScout CounterACT shows you which endpoints have broken, out-of-date, or missing anti-virus, patch management, encryption, or DLP tools.

Reduce IT Support Costs.

By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. Also, help desk personnel find the information provided by CounterACT to be very valuable for troubleshooting problems with endpoint systems.

Reduce information silos

The information generated by ForeScout CounterACT can be exported to your existing IT management systems. Integrations are available for a wide variety of third party systems, and customers can build custom integrations with the Open Integration Module.

Product Tours

Product Demonstrations

Network Visibility

Watch how ForeScout CounterACT lets IT managers see devices on the network—apps, users, devices, vulnerabilities.

Product Screenshots

Click image to enlarge.

Windows PC inventory with missing updates

ForeScout CounterACT shows you in realtime which PCs on your network contain vulnerabilities.

topTop
Unapproved Network WiFi device

ForeScout CounterACT identifies rogue WiFi devices.

topTop
Mobile devices

ForeScout CounterACT identifies handheld devices on your network – iPhone, iPad, Android, Windows Mobile, Blackberry, Nokia Symbian.

topTop
Hardware inventory

ForeScout CounterACT builds an inventory of physical components on your network, including baseboards, network adapters, memory, etc.

topTop
Network Tunnels

ForeScout CounterACT gives you visibility to IPV6 tunnels through IPV4

topTop
Expired Certificates

With ForeScout CounterACT, you can build a policy that locates and tracks systems with expired client side certificates

topTop