Data Security, Controls & Solutions

Featured Video

Todd Frazier
Culpepper County
View now

White Paper



ForeScout CounterACT helps protect your sensitive data by providing real-time visibility and control of devices, users and applications on your network.

The Problem

You may have already deployed data security controls such as encryption, DLP, and data access policies. These controls are good, but are they sufficient? Are they working properly on your endpoint systems?   How can you be sure?

Consider these issues:

  1. Agent-based security systems such as encryption, DLP, and host attack prevention (e.g. antivirus) are good, but they are only deployed onto managed systems. They do not protect your network from “unmanaged” systems – computers brought in by guests, contractors, smart printers, and smart phones for example.   These kinds of systems may be connecting to your network in large numbers and introducing security risk.
  2. Agent-based security systems are not always effective.   They can be turned-off. Bypassed. The policies and signature files can become out of date. Most organizations who have suffered embarrassing and expensive data breaches have discovered this fact the hard way. An investigation by Microsoft in 2007 indicated that over 50% of their own computers had a problem with their security agents or configuration.

You may also have security policies that prohibit running unauthorized applications or utilizing unencrypted USB memory devices. But how do you detect whether users are complying with your policies?   How do you educate users of your policies?   How do you enforce your policies?

The Solution

ForeScout CounterACT solves these problems. CounterACT is an automated security control platform that gives you realtime visibility and control over both managed and unmanaged endpoints. Since CounterACT operates over the network, it does not rely on host-based software, thus it avoids the complexity and problematic nature of agent-based security systems.

ForeScout CounterACT includes five layers of data security protection:

Physical Layer Allow only authorized users on your network
Network Layer Block attacks within your network
System Layer Ensure that security agents are deployed and working – antivirus, encryption, DLP, etc. – and the operating system is properly patched
Application Layer Detect which computers have outdated, vulnerable applications
User Layer Educate users with real-time notifications when they violate security policies. Or, prevent use of unauthorized applications or USB devices by automatically disabling them.


ForeScout CounterACT helps you protect your sensitive data by giving you real-time visibility and control of devices, users and applications on your network.   Features include:

Policy Manager

ForeScout CounterACT lets you create and enforce security policies to protect your data. Configuration and administration is fast and easy thanks to CounterACT’s built-in policy wizard and knowledge base of device classifications, rules and reports.

Network Access Control

ForeScout CounterACT will enforce network access policies to ensue that unauthorized users and rogue network devices are not on your network.

Endpoint Compliance

A secure system is less likely to lose data than one which is infected or compromised.   ForeScout CounterACT ensures that your endpoint systems have up-to-date security software (antivirus, encryption, etc.) and are properly patched.

ForeScout CounterACT is agentless, which allows it to work with your endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover gaps and weaknesses in your existing agent-based security systems that would otherwise go undetected.

Automated Remediation

ForeScout CounterACT can automatically remediate endpoint security deficiencies.   CounterACT includes a wide spectrum of remediation options which lets you tailor the action to fit the severity of the incidence:

  • Notifications can be sent to violating users in the form of a trouble ticket, email, browser redirect, trap, or syslog. An auditable end-user acknowledgement lets you track non-compliance warnings to users.
  • Access Control can be automatically applied to limit network access for non-compliant devices without disrupting user productivity while remedial action is taken. For example, if a device has out-of-date anti-virus definitions, the device can be moved to a quarantine VLAN, or the access control list (ACL) on the switch can be adjusted to protect other users on the network.
  • Remediation can be triggered, for example by directing the anti-virus server to auto-update a specific device or prompting the patch management system to update the device’s operating system.
  • Disabling can be performed by killing unauthorized processes and applications on the endpoint.
Threat Prevention

These days, most attacks come from compromised systems inside the network. ForeScout CounterACT contains a patented threat-detection engine that protects your network from zero-day threats and infected systems. Our unique technology does not require signature updates or other forms of maintenance. ForeScout CounterACT provided zero-day protection against Conficker, Zeus and Stuxnet.

User Behavior Control

ForeScout CounterACT lets you monitor who is running forbidden applications such as P2P, or using USB memory sticks, etc. Send users who are violating policies just-in-time notifications, including an auditable acknowledgement that the user has read the security policy that they just violated. Optionally disable or kill prohibited devices or processes.

ControlFabric Integration

The information generated by ForeScout CounterACT can be exported to your other IT management and security systems. Integrations are available for most leading SIEM systems, Advanced Threat Management systems, and other endpoint management systems. Customers can build custom integrations with the Open Integration Module.


ForeScout CounterACT is an extremely valuable component of an overall data security program. Benefits include:

Painless deployment

Unlike traditional agent-based security systems, ForeScout CounterACT is a simple appliance that installs out-of-band on your network.   It requires no software installation. It works without agents.


Unlike traditional agent-based security systems, ForeScout CounterACT allows you to enforce security policies of devices on your network–known and unknown, managed and unmanaged, corporate and personal.

Automated actions

ForeScout CounterACT sees problems in real-time and can react without the need for manual intervention. Response is fast, and valuable time of IT administrators is not wasted.


Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to more assertive (update software) to most aggressive (kill process, block from network). The range of enforcement actions helps you be more successful by working with users, not against them.


ForeScout CounterACT works with what you have–your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems. We take what you have and make it better.

Accelerated results

ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.

Product Tours

Product Demonstrations

Data Security

See how CounterACT lets you enforce data security policies.

Product Screenshots

Click image to enlarge.


ForeScout CounterACT dashboard shows you compliance trends over time.

Compliance Detail

ForeScout CounterACT identifies security gaps on your network, such as security agents that are not working or not up-to-date.

Windows PC inventory with missing updates

ForeScout CounterACT shows you in realtime which PCs on your network contain vulnerabilities.

Unauthorized processes

ForeScout CounterACT shows you which PCs are running unauthorized processes.

Kill peer-to-peer selections

ForeScout CounterACT makes it easy to kill unauthorized software, such as peer-to-peer.