Network Access Control

Can your network management system automatically --

• Control who can go where on your network?
• Monitor and enforce endpoint security?
• Warn users when they do something wrong?
• Detect and isolate rogue devices?
• Provision limited network access for contractors and guests?
• Block viruses and malicious attacks?

This is the power of ForeScout CounterACT. One simple appliance can manage all of this. Automatically.

Extensive Automated Controls

ForeScout CounterACT combines two powerful engines to deliver an extensive range of automated controls that let you secure and manage your network the way you want to.

• Policy Creation Engine. Create security policies that are right for your organization using pre-built templates and a simple, easy-to-use wizard that guides you through the process.
• Compliance Engine. Detect when devices or users are out of compliance with your security policy and impose appropriate remediation from a wide spectrum of controls:
• Tailored Enforcement: Custom fit the enforcement action to the level of policy violation. Avoid interruption of user productivity unless absolutely necessary
• Audit Mode simulates the impact of a new security policy on devices and users before enforcement is implemented.
• Notifications can be sent to violating users in the form of a trouble ticket, email, browser redirect, trap, or syslog. An auditable end-user acknowledgement enables tracking of non-compliance warnings to users.
• Access Control. Automatically limit network access for non-compliant devices without disrupting user productivity while remedial action is taken. For example, if a device has out-of-date anti-virus definitions, the device can be moved to a quarantine VLAN, or the access control list (ACL) on the switch can be adjusted to protect other users on the network.
• Remediation. Leverage existing remediation capabilities by directing the anti-virus server to auto-update a specific device or prompting the patch management system to update the device's operating system.
• Blocking. Completely block network access for any non-compliant or otherwise unauthorized device using several different techniques: turn off switch port, update ACL within the switch, or use CounterACT's built-in virtual firewall.
• Disabling. Kill unauthorized or illegal processes and applications on the endpoint.

Benefits

Enhance security through role-based network control. ForeScout CounterACT lets you apply network access policies at the user and group level, based on roles defined in your directory. Confidently deploy wireless networks and keep common-area switch ports open without risking network security.

Make your network self-defending. Ensure only authorized devices have network access. Remediate devices that aren't compliant with your security policies. Block attacks within your network.

Ensure compliance. Limit access for non-compliant devices - with out-of-date anti-virus, DLP, encryption, patch level, configuration.

Minimize the risk of data loss. Prevent users from engaging in risky behaviors such as the use of P2P applications, USB thumb drives, and smartphones.

Educate users. Send users notifications when they do something wrong. Obtain written acknowledgement that they understand your security policy.

Stop the rogues. Detect rogue devices, isolate them, and prevent them from accessing your network, essentially "locking down" your network from unauthorized use.

Details

ForeScout CounterACt provides an extensive range of automated controls that let you secure and manage your network the way you want to. Upon discovering a policy violation, CounterACT can do any of the following:

Contact us for more information.