Network Access Control

ForeScout's Network Access Control (NAC) platform, CounterACT, was developed to help IT administrators govern enterprise-wide access without inhibiting business productivity. Since 2005, ForeScout has worked with Fortune 1000 customer-partners to ensure its access control technology is in sync with business process and to deliver the industry's strongest policy enforcement platform.

Designed to ensure compliant, authorized devices alone can gain access to network resources. But through the process of deploying CounterACT on a global scale, customers have found the built-in functionality of CounterACT provides solutions to a variety of network security challenges.

Network Knowledge

Regulatory Compliance

Threat Prevention
CounterACT integrates the advanced threat prevention technology found in CounterACT Edge into the NAC platform. This ensures that all connecting devices comply with security policies, are free of malware and remain this way throughout the connection session.

Guest/Contractor Control
Managing consultant and contractor access to the network is a key capability for NAC. CounterACT instantly identifies non-company devices and provides several options for enabling authorized user connectivity to network resources. The flexibility of this offering allows the IT administrator to set specific policies for an individual, a group, or an entire network segment. Also, with CounterACT's built-in Virtual Firewall, network guests can be automatically assigned to a virtual LAN (VLAN) and granted access to the resources required to fulfill their assignment.

Role-based Access Control
Enterprise customers need a way to differentiate the access rights of the administrative assistant from those of the CEO. By integrating with a directory store (such as Active Directory), CounterACT can leverage established group roles and enforce access policies based upon determined permissions. Enforcement can be performed in conjunction with the switching infrastructure or through CounterACT's Virtual Firewall. This helps to ensure that users only gain access to appropriate resources.

Security Policy Enforcement
Translating written security policies into enforceable actions is a key requirement for access control. CounterACT's wizard-based policy creation engine provides the ability to build network security policies that can be as granular as a single device and enforced enterprise-wide. The flexibility of this engine gives the IT administrator the control needed to enforce policies to the exact degree of violation, without unnecessary user or network disruption.

Remediation
Governing who and what gains access to the corporate network is only part of NAC's value. Being able to fix identified problems further automates the compliance process. CounterACT automates remediation, integrating with many leading remediation vendors to help streamline the process and increase overall network efficiency and security posture.

Audit Reporting
Comprehensive audit reports contain "snapshots" of all IT security events and reflect current levels of and changes in compliance over time. These reports are required -- to assess, plan and improve security measures on an on-going basis. CounterACT is able to capture detailed information for all devices on the network that reveals the current level of compliance. In addition, it is able to parse this information with eight report filters, providing a powerful tool for conducting internal compliance audits and delivering the right information for Regulatory Compliance initiatives.

802.1x Migration
CounterACT is switch agnostic and supports 802.1x and non-802.1x environments. Where the 802.1x protocol is present, CounterACT can leverage this protocol as one of many authorization mechanisms. On an existing infrastructure that does not have 802.1x, CounterACT can provide complete device authentication without needing to "rip and replace" the switching infrastructure. This maximizes the value of the existing infrastructure while providing a migration path without security compromise.

IT Orchestration
CounterACT provides the ability to leverage many existing systems providing a broad-based ability to respond to each specific violation with an exact level of enforcement. This orchestration allows CounterACT to automate security policy enforcement in a manner that promotes productivity. For example, if a device is attempting to access unauthorized resources, CounterACT can redirect the user's browser with a customized message alerting the user of the violation, automatically leverage the switch to move the device to a limited access VLAN, send a notification to HR and the users manager, and log the security event into the SIM, all without IT management involvement or significant user disruption.

Contact us for more information.