Accommodate personal devices on your network, without compromising security.
IDC Connect: 2014 Cyber Defense Maturity Report for U.S., U.K. & DACH. Download »
Frost & Sullivan Report: "Continuous Compliance and Next Generation NAC"
ESG Report: Optimizing
ForeScout CounterACT Platform Brochure.
ForeScout White Paper: Blueprint for Continuous Monitoring & Mitigation Download »
ControlFabric Architecture Datasheet.
ForeScout Company Overview
Gartner Report: "Magic Quadrant for Network Access Control"
CSO Mag Continuous Monitoring Video
Watch Now »
Accommodate personal devices on your network, without compromising security.
Feature Film (<2min.)
Employees want to use their personal mobile devices to access corporate resources. Managers want productivity gains. This consumerization of IT—also known as Bring-Your-Own-Device or BYOD—represents a daunting security challenge. How can you accommodate employee and guest requests to use their smartphones, notebooks and tablets on your network while mitigating security risks?
ForeScout helps you embrace BYOD while preserving security. ForeScout products give you real-time visibility and control over personal devices on your network. ForeScout offers a range of products that protect your network and your data, regardless of what type of device your employees are trying to use.
Increasingly, employees are bringing their personal devices into the office and expecting to connect them to the enterprise network and/or the Internet. A recent market study found that 95% of organizations in the United States currently permit employee-owned devices, and many organizations are going a step further and actually requiring employees to purchase their own mobile devices. A Gartner survey shows that US CIOs expect 38% of mobile devices used within the enterprise will be employee owned by 2014.
Perhaps more concerning, this trend is happening faster than IT managers realize. When IDC surveyed IT managers about the number of consumer devices on their networks, they underestimated the number by 50%.
ForeScout provides three levels of security for BYOD. Depending on your budget and your level of security requirements, you may use one, two, or three at the same time. Many of our customers find that the optimal security solution is to reserve the more expensive solution for those users with the highest need for mobile security on their devices.
The foundation of ForeScout’s mobile security solution is ForeScout CounterACT. This network-based appliance works with PCs and handheld devices. It gives you immediate, real-time visibility of device on your network without the need for agents. No software to download, no enrollment to administer. It tells you who each user is and who owns each device. It ties into directory services and provides role-based network access control. Different users and devices get different access. The price is low, and the impact to your users is trivial because it’s transparent.
The benefit of device visibility cannot be overstated. Gartner estimates that the typical enterprise is aware of only 80% of the devices that are active on its network.1 ForeScout CounterACT shows in real-time devices on your network, including devices that you don’t own. CounterACT categorizes devices by type—Windows, Mac, Linux, Apple iOS, Android, Blackberry, printers, etc. CounterACT also categorizes devices by ownership—corporate devices vs. personal devices. For more information on CounterACT’s visibility features, see here.
ForeScout CounterACT also provides network access control. You can define and enforce different network access policies that support your mobile security strategy. For example, you might want to allow devices that contain an MDM agent onto the production network, and send other personal devices onto a guest network. Or, you might want to restrict personal devices with MDM agents to certain portions of your network. Different users or different devices can be given different limits, dynamically managed by ForeScout CounterACT.
If you need stronger mobile security, then we offer ForeScout CounterACT with our optional ForeScout Mobile Security Module. With this you get enhanced device security for Android and iOS devices. ForeScout Mobile Security Module gives you deep inspection of Android and iOS devices, so you can determine the device’s configuration. Is a password configured? Is encyption turned on? This lets you enforce more sophisticated network access control policies than you can with just CounterACT by itself.
In addition, ForeScout Mobile Security Module lets you manage the configuration of Apple iOS devices. The product leverages Apple’s built-in MDM API to control most aspects of the device, using Apple’s policy framework which is built into the iOS 4 operating system. This does not require the installation of any type of agent on the Apple device. The visibility and control is provided natively from within the iOS operating system, using ForeScout CounterACT with ForeScout Mobile Security Module. You can directly set the password policy, remotely wipe the data, and many other functions.
In this solution tier, the impact on users remains very light, and the price is slightly higher than the first tier.
However, there are many cases where the user role, the sensitivity of data, the management of applications and the risk of device loss and data leakage risk is significant to require a mobile device management (MDM) system. MDM platforms gives you the most extensive coverage aspect of a wide range of mobile device operating systems and extensive level of control: user, device, applications and data.
ForeScout MDM Integration Module provides the most flexible, comprehensive and seamless integration between ForeScout and the leading MDM vendors: Fiberlink MaaS360, AirWatch, MobileIron, and Citrix XenMobile and SAP Afaria*. Additional integrations are under development (*Contact us for SAP Afaria Early Availability release). This approach secures enterprise mobility by giving you the advantage of automated enrollment, on-access MDM profile checking, network mitigation and unified network security. Rather than manage separate network security policies for PCs vs. handheld devices, you can see devices (managed, unmanaged, wired and wireless, PC or mobile) and configure a single set of network access control policies – within ForeScout CounterACT. This way you can easily track and enforce those policies regardless of whether the user has a PC, a Mac, a smartphone or a tablet.
For those that prefer buying MDM and NAC from one vendor, we offer ForeScout MDM Enterprise – a cloud-based MDM platform that lets you manage the mobile device lifecycle – from enrollment to security, monitoring, application management, containerization and support.
Regardless of whether you use MDM from a leading MDM vendor or ForeScout, for optimal security and operational efficiency you should tie your MDM platform into ForeScout CounterACT via our optional MDM Integration Module.
Note 1: “Strategic Road Map for Network Access Control”, Gartner, 11 October 2011, Lawrence Orans and John Pescatore.
ForeScout MDM Enterprise, powered by MaaS360, provides a comprehensive set of capabilities to get devices configured for enterprise access and makes sure corporate data stored on these devices is secure. Features include:
With our MDM Integration Module, security teams can achieve network access control and greater operational efficiency by merging NAC and MDM security functions, and enabling unified access control policies not available in MDM.
- ForeScout CounterACT limits guest access, preventing them from accessing sensitive resources
- ForeScout CounterACT ensures that guest devices meet your security policies while they are connected to your network
- ForeScout CounterACT continuously monitors guest systems to ensure that they do not attack your network.
Click image to enlarge.
Best Practices Guides
Webinars and Webcasts
Blogs and Articles