Network Security for Education


Education chooses ForeScout for strong network security

ForeScout CounterACT helps educational institutions ensure network security, compliance, and guest network access.

The Challenge

Network security is difficult for any enterprise, but educational institutions face a unique set of challenges including:

  • Seasonal spikes in malware introduced by students returning from holiday break
  • Huge diversity of unmanaged devices connecting to the network – laptops, smart phones, etc.
  • Enabling free information flow while protecting students and faculty
  • Exposure to legal liabilities through P2P application abuse

Marquette University & ForeScout CounterACTWhen students arrive on campus, their laptops may be infected with malware and have risky applications like P2P already installed. They may totally lack antivirus software. Students can also bring networking gear from home – wireless access points and wiring hubs – and try to connect it to the campus network.

Illegal file sharing and downloads of copyrighted material was officially criminalized under the 1998 Digital Millennium Copyright Act (DMCA) and later reinforced under the Higher Education Opportunity Act of 2008. Although liability limitations exist for network administrators, Section 512 of the DMCA indicates that if subpoenaed, they must disclose the identity of the offending subscriber. They must also terminate accounts of repeat offenders.

ForeScout’s Solution

ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of devices on your network. CounterACT provides network access control (NAC), endpoint compliance, handheld device security and threat control, in one automated system.

ForeScout CounterACT lets you enforce security requirements for endpoints. If the laptop has no anti-virus, CounterACT lets you install anti-virus to the student system, or point the student to where he can purchase his own anti-virus.

After the student’s laptop is connected to your network, CounterACT will continuously monitor the behavior of the laptop for signs of infection or malicious activity. If danger is detected, CounterACT gives you a wide range of controls to help deal with the situation.

CounterACT can also immediately detect and block any rogue devices such as wireless access points and unauthorized wiring hubs. CounterACT gives you detailed visibility into any equipment connecting to the network, including its physical location.

ForeScout CounterACT can separate students, staff, faculty and guests at the network level. A number of different technologies can be deployed to create and maintain these “Chinese walls” including VLANs, access control lists, and virtual firewalls. See more here.

ForeScout Counter ACT can also detect whether P2P applications are installed and/or running. CounterACT gives you a range of control options to deal with P2P such as:

  • Monitor P2P usage across the student population and identify potential problem areas
  • Send the user a message that they have violated acceptable use policy
  • Disable the unauthorized application
  • Quarantine the user from the network


Guest registration

ForeScout CounterACT includes a built-in automated process which allows guests to register for access to your network.

Role-based access control

ForeScout CounterACT will limit network access depending on who the user is – student, administrator, faculty, guest, or other roles as defined within our directory or the CounterACT policy engine. Once the role has been defined, CounterACT can limit network access to

  • Internet-only
  • Full network access
  • Limited network access based on who the guest is (e.g. a particular contractor)
Pre-admission inspection

If you wish, ForeScout CounterACT can inspect each guest user’s device to ensure that it is compliant with your security policies prior to allowing it onto your network.

Continuous monitoring

Once CounterACT admits an endpoint onto your network, CounterACT continuously monitors the endpoint to ensure that it remains compliant with your security policies and uninfected.

Automated Remediation

ForeScout CounterACT can automatically remediate endpoint security deficiencies.   CounterACT includes a wide spectrum of remediation options which lets you tailor the action to fit the severity of the incidence:

  • Notifications can be sent to violating users in the form of a trouble ticket, email, browser redirect, trap, or syslog. An auditable end-user acknowledgement lets you track non-compliance warnings to users.
  • Access Control can be automatically applied to limit network access for non-compliant devices without disrupting user productivity while remedial action is taken. For example, if a device has out-of-date anti-virus definitions, the device can be moved to aquarantine VLAN, or the access control list (ACL) on the switch can be adjusted to protect other users on the network.
  • Remediation can be triggered, for example by directing the anti-virus server to auto-update a specific device or prompting the patch management system to update the device’s operating system.
  • Disabling can be performed by killing unauthorized processes and applications on the endpoint.

ForeScout Compliance Center helps end-users self-remediate problems on their PCs by indicating what is wrong and how to fix it

Threat Prevention

ForeScout CounterACT contains a patented threat-detection engine that protects your network from zero-day threats and infected systems. Our unique technology does not require signature updates or other forms of maintenance. ForeScout CounterACT provided zero-day protection even against the notorious Conficker and Zeus Trojans.

User Behavior Control

ForeScout CounterACT lets you monitor who is running forbidden applications such as P2P, or using USB memory sticks, etc. Send users who are violating policies just-in-time notifications, including an auditable acknowledgement that the user has read the security policy that they just violated. Optionally disable or kill prohibited devices or processes.

Built-in reports

See who has been on your network, which days, and where they were.

ControlFabric Integration

The information generated by ForeScout CounterACT can be exported to your other IT management systems. Integrations are available for most leading SIEM systems, and customers can build custom integrations with the Open Integration Module.


Improve security
  • ForeScout CounterACT lets you enforce security requirements for student laptops, such as up-to-date security software.
  • By segregating network traffic based on type of user (student, faculty, administration or guest), CounterACT helps to ensure data privacy and regulatory compliance.
  • After the student’s laptop is connected to your network, CounterACT will continuously monitor the behavior of the laptop for signs of infection or malicious activity. If danger is detected, CounterACT will automatically contain the situation.
Improve network reliability
  • CounterACT can detect and block any rogue devices such as wireless access points and unauthorized wiring hubs.   These unauthorized devices can often be a source of network instability.
Gain visibility
  • CounterACT gives you detailed visibility into any equipment connecting to the network, including its physical location. Unlike traditional security systems that require software on each endpoint computer, ForeScout CounterACT allows you to see and enforce security policies of devices on your network–known and unknown, managed and unmanaged, including personal devices like iPhones, iPads, Playstations, etc.
Prevent illegal file sharing activities
  • ForeScout CounterACT can prevent P2P applications on your campus network, which protects educational institutions from legal action by digital content owners.
Extend the life of your network firewalls
  • ForeScout’s ActiveResponse™ IPS technology is extremely scalable and requires very little processor overhead. Installing CounterACT Edge in front of your traditional signature-based IPS systems and firewalls (which are very processor-intensive) will reduce the load on these systems and extend their useful lives.
Avoid disruption
  • Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.
Low cost of ownership
  • ForeScout CounterACT is a simple appliance that installs on your network.   It requires no software installation.   It has the lowest cost of ownership of any NAC solution on the market
  • Vendor-neutral, infrastructure-independence eliminates need for expensive upgrades and prevents vendor lock-in
  • ForeScout CounterACT works with what you have– your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems. We take what you have and make it better.
Accelerate results.
  • ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.

Product Tours

Product Screenshots

Click image to enlarge.

Guest Registration

ForeScout CounterACT allows guests to register for access to your network.

Unapproved Network WiFi device

ForeScout CounterACT identifies rogue WiFi devices.

Kill peer-to-peer user experience

ForeScout CounterACT lets you kill unauthorized software, keeping endpoint systems in compliance with your security policies.

ForeScout Compliance Center

ForeScout Compliance Center shows endusers whether their computers are compliant with your security policies.