Endpoint Security & Compliance


ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of devices on your network. ForeScout CounterACT automatically measures compliance with your security policies and remediates endpoint security deficiencies.

The Problem

Many organizations spend millions on endpoint security tools – such as antivirus, encryption, data loss prevention (DLP), and so on – only to have end users turn off or disable those tools. Even in well-managed enterprises, host-based security tools sometimes do not work properly.

Obtaining an accurate picture of what is happening on your network is extraordinarily difficult. Security teams are often unaware that the information provided to them by existing agent-based security systems (Symantec, McAfee, Trend, Sophos, etc.) or patch management systems (Lumension, Microsoft, etc.) is incomplete. Despite the availability of sophisticated security tools, Microsoft reported in 2007 that fewer than 50% of their endpoint computers were fully compliant with their security policies.

Another problem is the fact that auditing policy compliance consumes time and resources that can be doing other things. Security teams do the best they can with limited resources, but they need automated tools to audit endpoint compliance, and provide remediation services when required.

The Solution

ForeScout CounterACT solves these problems. ForeScout CounterACT can ensure that endpoints on your network are compliant with your security policies. For example, CounterACT can ensure that antivirus is up-to-date, the operating system is properly patched, and the computer is free of illegitimate software such as P2P. Because ForeScout CounterACT is agentless, it works with your endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover weaknesses in your existing agent-based security systems that would otherwise go undetected.

When CounterACT discovers a security problem, it can automatically fix the problem, or it can leverage your existing remediation or helpdesk systems. A range of integrations are available through ForeScout’s ControlFabric architecture to allow you to leverage the information produced by CounterACT with other IT management systems.


ForeScout CounterACT automatically enforces security policies on your network, which helps minimize your security risks. Features include:

Policy Manager

ForeScout CounterACT lets you create security policies that are right for your enterprise. Pre-built policy templates and wizards speed creation of the policies, and a built-in knowledgebase of common security configurations make it easy.


ForeScout CounterACT can identify non-compliant computers – who owns them, where they are, and how they are non-compliant with your security policies. A few examples of security posture information that CounterACT can see are:

  • Anti-malware agent status (installed/running)
  • Anti-malware signature version
  • Patch management agent status (installed/running)
  • Operating system vulnerabilities
  • Firewall status (installed/running)
  • Processes and services installed or running
  • Registry and configuration
  • Applications installed/running
  • P2P/IM clients Installed/running
  • Peripheral devices (type, make, model)
  • Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
  • Rogue NAT/DHCP behavior
Compliance Engine

ForeScout CounterACT will detect when devices or users are out of compliance with your security policy and track down users who are engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities. Non-compliant computers and/or users will be displayed in the main console, including reason for non-compliance and details such as location of the device. CounterACT’s built-in compliance dashboard and canned reports let you monitor overall compliance trends.

Policy Enforcement

When CounterACT detects a policy violation, CounterACT can automatically take action such as alert, advise, restrict, remediate, and disable. Unlike other products, CounterACT gives you a wide range of actions to choose from, including just-in-time notification to end-users that they have just violated security policy.

Endpoint Remediation

ForeScout CounterACT includes a wide range of endpoint remediation actions. CounterACT can direct the anti-virus server to auto-update the non-compliant host, or it can prompt the patch management system to update the device’s operating system, or it can disable unauthorized software. The range of actions is shown below.

ControlFabric Integration

The information generated by ForeScout CounterACT can be exported to your existing GRC or reporting systems. Integrations are available for most leading SIEM systems, and end-users can build custom integrations with the Open Integration Module.


Improve security
  • Maintains Endpoint Compliance:  CounterACT ensures that endpoints are properly configured, antivirus is properly running and updated, vulnerabilities are patched, and the latest versions of software is installed.
  • Reduce risk of data loss. By ensuring that encryption and DLP agents are running properly, CounterACT ensures that users are not able to run unauthorized applications or peripheral devices (e.g. USB memory sticks).
Save Money
  • Reduce IT support costs. By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. Large organizations have reported savings of approximately $1 million per year with ForeScout CounterACT.
  • Prevent breach and lost data penalties. A secure network, with secure endpoints, is less likely to be breached and lose data, which will let you avoid potential regulatory fines and negative impact to your corporate reputation.
Avoid disruption
  • Flexible enforcement. Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of network enforcement and endpoint remediation actions, ranging gentle (notifications) to assertive (update software or kill processes). The range of enforcement actions helps you be more successful by working with users, not against them.

Product Tours

Product Demonstrations


Watch how ForeScout CounterACT lets IT managers manage security.


Watch how ForeScout CounterACT lets IT managers remediate security.

ForeScout-ArcSight Integration

Watch how ForeScout CounterACT integrates with the ArcSight SEIM platform to provide better security risk awareness and more automated security threat response.

Data Security

See how CounterACT lets you enforce data security policies.

Product Screenshots

Click image to enlarge.


ForeScout CounterACT dashboard shows you compliance trends over time.

Compliance Detail

ForeScout CounterACT identifies security gaps on your network, such as security agents that are not working or not up-to-date.

Windows PC inventory with missing updates

ForeScout CounterACT shows you in realtime which PCs on your network contain vulnerabilities.

Unauthorized processes

ForeScout CounterACT shows you which PCs are running unauthorized processes.

ForeScout Compliance Center

ForeScout Compliance Center shows endusers whether their computers are compliant with your security policies.

Kill peer-to-peer selections

ForeScout CounterACT makes it easy to kill unauthorized software, such as peer-to-peer.




Analyst Reports

Solution Briefs

White Papers

Best Practices Guides

Technical Notes

Webinars and Webcasts

Competitive Analysis




Success Stories