CounterACT Capabilities

Real-time Network Visibility

ForeScout CounterACT gives you real-time visibility into everything on your network -- all devices, all operating systems, all users, all applications -- authorized and unauthorized.

The Need for Visibility

Before you can manage your network, you have to know what is connected to it. As the workforce becomes more mobile, employees are taking communications into their own hands, connecting personal devices to the network as well as extending the network with inexpensive wiring hubs and wireless routers. Add to this mergers and acquisitions, along with the increasing integration of the supply chain directly into the corporate network, and the network boundary is more fluid - and porous - than it's ever been.

ForeScout CounterACT Discovers What's on Your Network

CounterACT reveals everything on your network: computers, switches, VoIP phones, printers, iPhones, rogue wireless access points, USB drives, and more. It incorporates the most granular host interrogation engine in the industry and can determine almost every configuration detail on any endpoint. CounterACT automatically builds a complete profile of each endpoint, including:

identity of the person logged in
user's behavior once logged in
operating system
applications running
patch levels for all software
status of security agents (running or not running)
endpoint-connected devices such as USB drives
network-connected mobile devices, such as smart phones

Administrators can access this information using a simple Google-like search interface that displays a detailed catalog of all connected users and devices. From there, they can easily locate problematic or nonconforming users, endpoints, and devices - right down to physical switches and switch-ports.

CounterACT Network Visibility Benefits

Determine what is accessing your network. Discover everything on your network -- managed or unmanaged devices, wired or wireless. Gain deep visibility into connected systems - type of device, operating system, patch level, location, applications, security status, and more.

Determine who is accessing your network. Match user identities to roles as defined in your directory services.

Identify the rogues. Uncover infrastructure not provisioned by IT such as wiring hubs, wireless access points, and DHCP servers.

Identify gaps in your existing security investments. Don't risk network protection with a false sense of security. Pinpoint which endpoints have broken, out-of-date, or missing anti-virus, patch management, encryption, or DLP tools.

Reduce the risk of data loss. Track down users engaging in risky behavior such as using P2P applications, USB drives, smart phones, and other unauthorized activities.

Reduce IT Support Costs. By revealing the unmanaged systems and /or insecure endpoints connecting to your network, you can proactively target remediation activities such as updating/activating anti-malware and applying patches. No more fire drills to plug security gaps and repair infected workstations.

The Devil is in the Details

Using the most granular device interrogation in the industry, ForeScout CounterACT builds a complete profile of every object connected to the network. Armed with this level of detail, you can see exactly what's going on where, and who's doing it.

User Information
- Username
- Full name
- Authentication status
- Workgroup
- Email address
- Phone number
- Guest/authentication status Device Information
- Device type (printer, wireless network device, laptop, etc.)
- Device authentication/NETBIOS/domain membership
- MAC/IP address
- NIC vendor
- Hostname

Operating System Status
- Type
- Version number
- Patch level
- Processes and services installed or running
- Registry and configuration
- File name/size/date/version
- Shared directories Security Status
- Anti-malware agents status (installed/running) and database versions
- Patch management agent status (installed/running)
- Firewall status (installed/running)
- Audit trail of changes to OS/configuration/ application

Application Information
- Authorized applications installed/running
- Rogue applications installed/running
- P2P/IM clients Installed/running
- Application name and version number
- Registry values
- File sizes
- Modification date and patch level

Peripheral information
- Device class (disk, printer, DVD/CD, modem, NIC, memory, phone, etc.)
- Connection type (USB, Bluetooth, infrared, wireless, etc.)
- Device information (make, model, device ID, serial number, etc.) Network Traffic Information
- Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
- Traffic source/destination
- Rogue NAT/DHCP behavior

Device Information
- Device type (printer, wireless network device, laptop, etc.)
- Device authentication/NETBIOS/domain membership
- MAC/IP address
- NIC vendor
- Hostname

Security Status
- Anti-malware agents status (installed/running) and database versions
- Patch management agent status (installed/running)
- Firewall status (installed/running)
- Audit trail of changes to OS/configuration/ application

Physical Layer Information
- Switch IP, description, location
- Switch port
- VLAN
- Number of devices on any port
- 802.1x authentication status

Network Traffic Information
- Malicious traffic (worm propagation, device spoofing, intrusion, spam, etc.)
- Traffic source/destination
- Rogue NAT/DHCP behavior

Print Page

“Using CounterACT we have gained the ability to see any and every device on the network, their interconnections to other network devices, and the ability to control how that device is being used - in real time.”

Anthony Soucek, Network Admin, Culpeper County

Webinars

Whitepapers

Datasheets

Flash Product Demo

Success Stories