Mobile Security


ForeScout CounterACT and ForeScout Mobile Security Module provide real-time visibility and control over smartphones, tablets and other handheld devices on your network. With our solution, you can let users enjoy the productivity benefits of mobile computing devices while keeping your network safe from data loss and malicious threats.

The Challenge

Gone are the days of standardized PC configurations, managed and locked-down by the IT department. Now, you are dealing with a multitude of endpoint devices, some owned by the organization, some owned by employees. Increasingly, employees are bringing their own personal devices—PCs, Macs, smartphones and tablets—into the office and expecting to connect them to your network.

Clearly, mobile computing devices introduce security risk. Surveys indicate that IT managers are most concerned about the risk of data loss and infection by mobile malware.

If a user has corporate data on his mobile device, and then he loses that device (or sells it), the enterprise has just suffered a data loss incident. Depending on your local data privacy laws, your corporation may also be assessed with penalties.

Data loss caused by malicious applications is also a risk. When a user installs an app, he grants it certain privileges which may include access to his physical location, contact information, and other data on the device. You can’t control how the app developer may use this information.

No matter where your organization is on the consumer IT adoption spectrum—blocking, tolerating, supporting or promoting the use of personal mobile devices for business use—you need a way to enforce security policy. You need real-time visibility and control over your network and the mobile devices.

ForeScout’s Solutions

ForeScout offers a range of solutions for mobile security.

ForeScout CounterACT is an automated security control platform that gives IT security managers an easy way to reduce mobile security risks. ForeScout CounterACT provides real-time visibility of personal and mobile devices on your network, limits the network access of those devices, and prevents those devices from spreading malware on your network.

ForeScout Mobile Security Module augments the capabilities of ForeScout CounterACT with additional visibility and control over iOS and Android devices. The Mobile Security Module collects detailed mobile device information including configuration, applications and security posture. This enables CounterACT to enforce granular network access policies and directly remediate security deficiencies on iOS devices.

ForeScout MDM Enterprise, powered by MaaS360, includes the essential functionality that you need for end-to-end management of iOS, Android, Blackberry, and Windows Phone devices. It supports the mobility lifecycle including provisioning, management, security, monitoring and help desk support. ForeScout MDM Enterprise Edition provides additional mobile security features such as secure mail, secure apps and secure browser. ForeScout MDM is a cloud-based solution, so deployment is quick and easy.

MDM Integration Module allows you to leverage your existing MDM solution within the broader context of unified security control that ForeScout CounterACT provides. In conjunction with your MDM system, ForeScout CounterACT with the MDM Integration Module provides real-time visibility and unified security policy management for your network – wired and wireless, managed and unmanaged, corporate and personal, PCs and handheld devices.


Easy to deploy.

  • Works with your existing network infrastructure
  • Has few moving parts. The fewer appliances, servers, and software that you need to install and configure the better.

Managed and unmanaged.

  • Gives you visibility and control over both managed and unmanaged devices, without the need to deploy agents

Wide range of enforcement actions.

  • Monitor-mode which lets you detect (and report on) policy violations without taking action.
  • Notifications which let you send emails or HTTP hijacks to endusers who violate policies
  • Restrict traffic to certain portions of the network
  • Block network access using a wide range of technologies such as 802.1x, SNMP, ACL management, TCP reset
  • Directly enforce policies on the device, such as password, encryption, required applications, and removing or disabling prohibited applications

Automated guest registration. Identifies users trying to connect their wireless devices to your network and provides them an opportunity to request permission to use your network.

Post-connect monitoring. Monitor a handheld device after it has been admitted to the network, checking to ensure that it does not begin to behave in a threatening manner.


  • Increased employee productivity and retention. ForeScout CounterACT and ForeScout Mobile empower workers to use devices of their choice for maximum productivity and employee satisfaction.
  • Improved visibility: ForeScout CounterACT lets you identify devices on your network in real-time, including personal devices without any agents installed. ForeScout CounterACT categorizes devices by type—Windows, Mac, Linux, Apple iOS, Android, Blackberry, printers, etc. ForeScout CounterACT also categorizes devices by ownership, e.g. corporate devices vs. personal devices. ForeScout Mobile Security Module provides additional detailed information about managed devices such as configuration, installed applications, and security compliance.
  • Better security: ForeScout CounterACT provides two important elements of security, even if you already have other mobile security solutions in place (such as MDM system):
  1. CounterACT provides advanced network access control (NAC). ForeScout CounterACT can determine the type of device, the ownership of the device, and the user identity. Based on those attributes, ForeScout CounterACT can allow, limit, or block access to the corporate network. By ensuring that only trusted devices (e.g. with encryption, passwords, etc.) and authorized users are allowed access to sensitive data, ForeScout CounterACT reduces the risk that sensitive data will be compromised or lost.
  2. CounterACT continuously monitors mobile devices to ensure that they do not attack or infect your network. If a mobile device starts to exhibit malicious behavior, ForeScout CounterACT can quarantine the device until remediation can occur.

Additionally, ForeScout Mobile Security Module can directly remediate security issues in supported mobile devices, for example: enforce password policy; require apps such as anti-virus, MDM or virtualization; remove or disable native apps such as the camera; and enforce specific WiFi access methods.

The MDM Integration Module, in conjunction with ForeScout CounterACT can automate the process for mobile devices to enroll in your MDM system the moment they connect to the network. Additionally, CounterACT can trigger the MDM system to re-assess the security and compliance status of each mobile device when they connect to your network, and base its network access decision on the result of this assessment.

Product Tours

Product Demonstrations

Mobile Handheld Security

This video demonstrates the use of ForeScout CounterACT to identify mobile handheld devices on the network and offer role-based access. Corporate devices are provided full access automatically while guests can be registered via SMS for user verification.

Product Screenshots

Click image to enlarge.

Guest Registration

ForeScout CounterACT allows guests to register for access to your network.

Mobile Devices

ForeScout CounterACT identifies handheld devices on your network – iPhone, iPad, Android, Windows Mobile, Blackberry, Nokia Symbian.

Mobile Device Properties

ForesScout Mobile Security Module shows you the properties of mobile devices on your network.

Mobile Application Inventory

ForeScout Mobile provides a real-time inventory of mobile apps on your network




Analyst Reports

Solution Briefs

White Papers

Best Practices Guides

Webinars and Webcasts



Blogs and Articles

Success Stories