FAQ

General Product Questions

Network Access Control Functionality

Endpoint Compliance

Remediation

Monitoring

Mobile Security

General Product Questions

What is ForeScout CounterACT Virtual Appliance?

ForeScout CounterACT Virtual Appliance gives customers the freedom to deploy ForeScout CounterACT leveraging their hardware and VMware investment. ForeScout CounterACT is installed as a guest host on a VMware ESX virtual machine with reserved processor, memory and storage resources. Customer benefits can include:

  • Easier to maintain hardware based on corporate standards
  • Green – save money on power, cooling and rackspace
  • Convenient remote deployment scale out (no need to ship physical appliances)
  • Takes advantage of VMware provisioning and availability mechanisms
  • On-demand capacity and performance increase, just add more hardware resources as needed

^Top

What is new in ForeScout CounterACT 6.3.4.0?

ForeScout CounterACT version 6.3.4.0 is all about more NAC functionality, more visibility into the network, with increased scalability and ease of use. And endpoint classification was significantly improved with new classification methods. In the mobile arena, mobile device management agent support was added, and devices can be restricted to access only what they need – like web and email. The new Compliance Center for Guest Registration enhances the guest users experience and guides them through making their machines compliant on a step-by-step basis.

A new Inventory view helps ForeScout CounterACT users keep track of corporate assets and activities; for example, users, applications, processes, services, ports, external devices, and Operating Systems. In addition, managers can leverage this information to create black and white lists of more specific network assets and activities. For example lists of authorized and unauthorized processes running on the network.

^Top

Does ForeScout CounterACT include a policy management server?

Yes. Our policy management server is built into the ForeScout CounterACT appliance. It includes a wizard that makes it easy to create and apply policies to single devices/users as well as groups, to schedule policy enactments, and to exclude segments from policy enactments.,. The wizards include a knowledgebase of the most commonly used security policies.

^Top

Does ForeScout CounterACT work with virtual machines?

Yes. ForeScout CounterACT includes the same visibility and control for virtual machine as for physical machines. However, each virtual machine needs to have its own IP address in order to maintain the same level of granular control that ForeScout CounterACT gives you for physical machines. At this time the machine running the hypervisor.

^Top

What reports does ForeScout CounterACT include?

ForeScout CounterACT provides several out-of-the-box reports that specifically highlight different views on:

  • The level of policy compliance
  • Compliance trending
  • Malicious activity
  • Assets (both hardware and software) on your network

The predefined reports are easily customizable by the user and include the following:

  • NAC Policy Compliance Summaries Report
  • Vulnerability Report (Windows)
  • PCI NAC Policies Compliance Report
  • Inventory Report
  • NAC Policy Compliance Trend Report
  • NAC Policy Compliance Details Report
  • Registered Guest Analysis Report

In addition to canned and configurable reports, ForeScout CounterACT includes an Assets Portal which provides visibility into all the information collected by ForeScout CounterACT. Google-like searches can be performed within the Assets Portal in an effort to track assets, view asset details, or generate a list of assets which match specific criteria (i.e. all devices with 255 as the first octet).

^Top

What report export capabilities does ForeScout CounterACT provide, and does it integrate with third-party reporting products?

ForeScout CounterACT reports are exportable to CSV and PDF formats. Integration into third-party systems can be done via standard protocols (SNMP, SYSLOG, EMAIL, HTTP, CSV, PDF). In addition, two-way ticketing information can be shared with trouble-ticketing systems (i.e. Remedy).

^Top

How does ForeScout sell and distribute its products?

ForeScout sells products both directly and through VARs, Distribution Partners, Global Systems Integrators, OEM partners, and product integration partners. For a complete listing of our channel partners (by region), visit our reseller locator.

^Top

Why is the NAC market growing so quickly?

Gartner, Inc. evaluated the 2011 NAC market and predicted* NAC sales from pure-play vendors to grow an impressive 39% from 2009 through 2014. The overall growth for Network Access Control adoption is being fueled by five trends:

  • The demand for anywhere, anytime, any means access to network resources and sensitive data, while at the same time limited access based on security policy
  • The failure of traditional security software to assure endpoint compliance and stop zero-day, targeted (APT) and propagating threats such as Conficker and Zeus.
  • Maturing compliance mandates, both internal and external (government regulation), that require controls for all access to, and protection of, sensitive data and personally identifiable information (PII)
  • The explosion of “consumer” devices accessing corporate networks, e.g. iPhones, iPads, Androids, and personal laptop computers.
  • The use of social media, unsanctioned personal data sharing, malware and phishing techniques for social engineering purposes to gain a foothold in endpoint devices

* Gartner, Inc., “Competitive Landscape:  Network Access Control, Worldwide 2011″, Contu, Orans, Pescatore, March 2011.

^Top

What are the key reasons for ForeScout’s success?

Our company’s growth is fueled by the strength of the strength and versatility of the ForeScout CounterACT platform. This boils down to five things:

  1. Easy and non-disruptive. ForeScout CounterACT is dramatically easier and faster to deploy than traditional NAC products. One box, one day to install. Everything is built into the appliance. No software to install. No changes to your existing infrastructure. By supporting both 802.1x and non-802.1x, trusted access and endpoint compliance can be assured with the least impact to your end users and operations.
  2. Integrated. ForeScout CounterACT includes a large range of functionality: An extensive range of automated controls that let you manage your network the way you want to. Full-featured guest registration. Visibility and control of all the most popular smartphones. Extensive information about everything on your network – devices, users, applications, ports, peripherals, etc. Built-in options for remediation that include updating security agents, patching operating systems, even killing unauthorized applications and processes.
  3. Scalability. ForeScout CounterACT scales better than anything on the market. We have customers today with over 175,000 endpoints, all being managed by a single ForeScout CounterACT Enterprise Manager (EM)console.  Currently, one EM can managed up to 100 ForeScout CounterACT appliance for a theoretical  endpoint management yield of 400,000 endpoints.
  4. Manageability. ForeScout CounterACT is easy to manage. Our engineers have a passion for developing good user interfaces and setup wizards. People who test our product and compare it to competitors’ products consistently tell us that ForeScout CounterACT’s user interface is easier and more intuitive than competitors’ products.
  5. Interoperability. ForeScout CounterACT works with your existing infrastructure.  The approach is completely vendor agnostic.  For example, switches, directory services, anti-virus software and other network and security infrastructure from almost any vendor can be used and networks with multiple vendors are easily supported.

^Top

How is ForeScout CounterACT delivered and licensed?

ForeScout CounterACT is delivered in either physical or virtual appliance form.

ForeScout CounterACT is licensed by the number of network devices (IP addresses) that are within the scope of the appliance.

  • Each of our physical appliances is built to handle a certain number of network devices, and each appliance comes with a license for that number of devices. Our range of licenses ranges from 100 devices (CT-R appliance) to 4000 devices (CT-4000 appliance). In between, we have appliances that are licensed for 500 devices, 1000 devices, and 2500 devices.
  • ForeScout CounterACT Virtual Appliance is licensed the same way as our physical appliance. We offer licenses for 100, 500, 1000, 2500, and 4000 devices.

ForeScout also offers a ForeScout CounterACT Enterprise Manager to streamline management of up to 100 ForeScout CounterACT appliances.  Licensed by the number of ForeScout CounterACT appliances under management, ForeScout CounterACT Enterprise Manager enables customers to centrally see and manage all endpoints, policies and appliances.   As a result, ForeScout CounterACT can scale to support a theoretical  endpoint management yield of 400,000 endpoints (calculated at 100 CT-4000 appliances).  We also offer high-availability pricing for our physical appliances. Our HA pricing includes a license for a set number of users plus two appliances covered within the scope of that license.

^Top

How is ForeScout Mobile delivered and licensed?

ForeScout Mobile is a plugin that works with ForeScout CounterACT. The plugin is downloaded from ForeScout’s customer support web site and installed in the ForeScout CounterACT appliance (if the customer is just using one ForeScout CounterACT appliance) or the ForeScout CounterACT Enterprise Manager appliance (if the customer is using multiple ForeScout CounterACT appliances).

ForeScout Mobile is licensed according to a specified number of mobile devices. A single ForeScout Mobile license is applied to a ForeScout CounterACT appliance or, if multiple ForeScout CounterACT appliances are in use, to a ForeScout CounterACT Enterprise Manager. For example, suppose you have one ForeScout CounterACT CT-R, one ForeScout CounterACT  CT1000, and one ForeScout CounterACT CT-4000 appliance. In this situation, you have licenses to operate ForeScout CounterACT for  a total of 5100 IP addresses. If you wish to obtain additional visibility and control over 100 mobile devices, you would purchase one ForeScout Mobile license (either the ForeScout Mobile Security Module or the ForeScout Mobile MDM Module) for 100 mobile devices.

Multiple ForeScout Mobile licenses may be purchased in order to achieve a larger license. For example, if you purchase two copies of the ForeScout Mobile Security Module for 100 mobile devices, we will send you a license key for 200 mobile devices.

^Top

What support and service programs does ForeScout offer?

All ForeScout products include a ninety (90) day limited warranty for parts and labor. In addition, ForeScout offers two ActiveCare extended support options. Each option can be purchased for a one year term and renewed on a per annum basis. The benefits include:

  • Support Website unlimited access allowing customers to
    • Download software updates
    • Download purchased plug-ins for integration with other 3rd party systems
    • Download product documentation and manuals
  • ForeScout Technical Support
    • ActiveCare Advanced support provides 24×7 access to a support engineer who can perform remote troubleshooting.
    • ActiveCare Basic support provides access to a support engineer from 8:00 a.m. to 5:00 p.m., Monday through Friday for remote troubleshooting
  • Advance Hardware Replacement. If there is a hardware problem with a ForeScout appliance, ForeScout will send a replacement unit to the customer site prior to receiving the defective appliance. This offers a fast and economical method of maintaining an unlimited “virtual spares” inventory.

ForeScout also offers a range of professional services to meet customer needs at every stage of the product lifecycle, such as site assessment, installation, deployment, policy development, training, health-checks and upgrades.

^Top

What professional services does ForeScout offer?

ForeScout solutions are easy, interoperable, flexible and powerful – they are designed for convenient deployment and rapid results. Customers can expedite implementation and fortify their investment in ForeScout CounterACT by leveraging the expertise provided by us and our partners in order to meet deployment schedules, assure compliance initiatives or improve/refine policies.

The following professional services are offered on-site, remotely or can be customized.

  • Deployment and configuration
  • Policy development and optimization
  • Health check/system review
  • Customer coaching via Web conferencing
  • Software Release Upgrade
  • Hardware Procurement and Installation
  • Custom Services
  • Training: HelpDesk, Basic, Advanced, Custom – On-site or Remote
  • BYOD/ Mobile Security Policy assessment and development
Can ForeScout CounterACT be purchased as a hosted or managed service?

Yes – organizations that would prefer to implement ForeScout CounterACT as a hosted or managed service, ForeScout has a network of service providers ready and able to help you accelerate product procurement, deployment, management and ongoing success.

Learn more about NAC-as-a-Service

Explore service provider advantages

^Top

What is your VMware virtual appliance support policy?

ForeScout is a member of the VMware Technology Alliance Partner Program. ForeScout employs reasonable efforts to maintain interpretability and support for VMware platform and products.

ForeScout CounterACT virtual appliance solution operates as a guest host on VMware ESX or ESXi in accordance with a VMware certified operating system. The company will support customers who run the ForeScout CounterACT virtual appliance product on VMware certified operating environments as defined in our Quick Installation guide and as per our End User License Agreement. The operating environment, procured by the customer, must comply with VMware set of certified Hardware. The customer and VMware will be responsible for any interactions or issues that arise at the hardware and operating system layers as a result of their use of VMware.

ForeScout reserves the right to request our customers to diagnose certain issues in a native certified operating system environment. ForeScout will only make this request when there is reason to believe that the virtual environment is a contributing factor to the issue. ForeScout will inform the customer to request support from VMware directly regarding any problems that may, in the sole opinion of ForeScout, be directly related to VMware. In such a case, ForeScout will provide detailed information where possible to support the customer and VMware.

^Top

Does ForeScout CounterACT integrate with leading SIEMs?

Yes, ForeScout integrates with leading SIEMs leveraging the Common Event Format (CEF) for syslog parsing. We have official integration with ArcSight and Nitro Security among other SIEM and log management vendors. Beyond syslog, we have additional interoperability with ArcSight which includes the means for ForeScout CounterACT to send real-time configuration and security posture information, and for ArcSight to initiate a policy-based trigger and command for ForeScout CounterACT to remediate non-compliant endpoints and mitigate security threats. See how ForeScout takes “Actionable Intelligence” to a whole new level: watch video.

Is ForeScout certified for use in government and military facilities?

Many government agencies at the Federal, state and municipal levels, and supporting contractors, use ForeScout CounterACT to accelerate “connect to comply” mandate, strengthen security enforcement, and prove regulatory compliance.  ForeScout has achieved the industry’s highest level of security certification for a Network Access Control (NAC) solution involving assurances from the EAL 4+ level.  With EAL4+, government agencies can be assured that the specification, implementation and effectiveness of ForeScout CounterACT for Network Access Control have been evaluated in a rigorous and standardized manner to meet their security and compliance needs.  Additional certifications include FIPS 140-2, as well as listing on the United States Army Information Assurance Approved Products List (AI-APL).

^Top

Network Access Control Functionality

What methods can ForeScout CounterACT use to control access?

ForeScout CounterACT has built-in support for the following methods to control network access:

  • 802.1x: VLAN steering or Switch Blocking
  • Switch Blocking
  • VLAN Steering
  • ACL enforcement
  • Virtual Firewall

^Top

How does ForeScout CounterACT work within an 802.1X architecture?

In an 802.1x environment, ForeScout CounterACT is configured to function as a RADIUS proxy. In this model, ForeScout CounterACT becomes the authentication server for the switch and the authenticator for the RADIUS server. ForeScout CounterACT provides integration with 802.1x switches and supports 802.1x switches from Cisco, Extreme, Foundry, Nortel and HP ProCurve. ForeScout CounterACT places authenticated endpoints into the proper VLAN according to the end-user’s role and as determined by LDAP grouping. ForeScout CounterACT places non-compliant or unverified endpoints in a remediation VLAN or in a lobby VLAN for inspection. The exact behavior is configurable by our customers.

^Top

Does ForeScout recommend use of 802.1x?

802.1x is an authentication protocol, one of many components that comprise a full-featured NAC system. ForeScout CounterACT has a plug-in that allows it to leverage 802.1X. However, many customers find deployment and operation of 802.1x very difficult, so many customers choose alternative authentication methods. For more details, see “Network Access Control and 802.1x: Advantages, Constraints and Capabilities” by Spire Security.

See how ForeScout CounterACT provides port control with or without 802.1x.

 

^Top

In 802.1X environments, how does ForeScout CounterACT handle endpoints without supplicants?

The 802.1x protocol is inherently ungraceful in the way that it handles new endpoints that lack supplicants, such as printers. This is one of the drawbacks to 802.1x and why many ForeScout customers do not utilize 802.1x.

The only way to allow new devices without supplicants (such as printers) onto an 802.1x network is to enter the MAC address of the device into an exception list which is stored on the RADIUS server. This can be done prior to putting the device onto the network, or afterwards. If afterwards, you can configure a policy within ForeScout CounterACT to make this process semi-automated: You can create a policy that will place all unauthorized devices (such as new printers) onto a separate VLAN. Once the device is on this VLAN, ForeScout CounterACT can see it and learn its MAC address. Then, an administrator can take the MAC address and manually add it to the exception list on the RADIUS server. Finally, the administrator can use ForeScout CounterACT to request that the device re-authenticate; when that happens, the 802.1x protocol will see the MAC exception and ForeScout CounterACT will move the device onto the production network.

See how ForeScout CounterACT provides endpoint security without supplicants.

^Top

Does ForeScout CounterACT enforce access control via DHCP?

No. Many NAC solutions rely on DHCP blocking as an alternative to 802.1x enforcement. Unfortunately, DHCP enforcement is an inherently ineffective enforcement option because it is easily bypassed, will not work in certain environments, and is unrealistic for enterprise NAC deployments. Even if successfully implemented, it still lacks the ability to provide point of access control through VLAN steering or port up/port down.

Some of the fundamental issues with DHCP enforcement include:

  • DHCP enforcement is “opt in” enforcement because it relies on the end-user to obey specific rules.
  • DHCP blocking will not work on users that connect to the network with static IP addresses.
  • DHCP blocking is effective only when the end-point requests/renews its DHCP lease. Once DHCP hands out an address, there is no way to take it back. If someone becomes infected or policy needs to block a user after connect, there is no way to take back the IP address until the DHCP lease expires.

In the case of forescout we just use the DHCP as a form of discovery to detect a new admission

^Top

How does VLAN enforcement work?

ForeScout CounterACT can assign an endpoint to an appropriate VLAN based on the policy that you configure within the ForeScout CounterACT policy manager. The actual port assignment can be done via 802.1x or via SNMP. The latter option is plug-and-play, does not require 802.1x, requires no software on the endpoint, and is able to manage any device on the network including guests and non-OS appliances.

^Top

How does ACL enforcement work?

ForeScout CounterACT provides the ability to dynamically update ACL’s on firewalls, routers, and switches. This lets you enforce security policies at a very granular level, leveraging your existing switch infrastructure. Beyond just restricting a device to a specific VLAN, ACL-based enforcement can restrict access on a device-by-device basis or port-by-port basis. ACL management lets you apply different policies in situations where multiple devices are connected to a single switch port, for example when workstations are connected to VoIP phones, or when multiple virtual machines are connected to a single switch port. While some NAC solutions provide basic ACL management capabilities, competitors typically limit their support to L3 switches or routers at the core of your network. ForeScout’s ACL management works at the access layer and gives you tremendous enforcement granularity with no administrative overhead.

^Top

How does ForeScout CounterACT’s virtual firewall work?

ForeScout CounterACT’s Virtual Firewall uses surgical packet injection to offer granular and dynamic control of traffic. Essentially, it is a TCP reset mechanism. Unlike competitors’ TCP reset mechanisms, which send the RESET to the source after the data is already on the wire, ForeScout CounterACT will send the RESET to the destination after the first SYN, tearing down the connection before the handshake completes. This can be done as often as necessary to isolate a device from specific or all network resources. In addition, ForeScout CounterACT tears down UDP sessions by sending ICMP unreachable messages to both client and server. This method is effective in query-response protocols, such as DNS. This system is a very easy and flexible way of providing role-based access, even separating traffic that is on the same VLAN. It can also be used to provide NAC functionality where VLANs are not possible (e.g. flat networks) or where proper role-based access would require too many VLANs (separating employee roles on the same network.)

^Top

What does an end-user experience when ForeScout CounterACT starts to enforce network access control policies?

Enterprise end-users whose credentials are present in the enterprise authentication system will generally not notice anything different–their PCs will be automatically joined to the network. However, users that are non-compliant will see either automatic or guided mediation efforts. These will begin with notification via email, http, or balloon messages.

Your policy on how to handle guest users can be customized to meet the needs of your organization. Most people configure ForeScout CounterACT so it will prompt guests to enter a network password, or to register for a password if they have never before joined the network.

^Top

Does ForeScout CounterACT include a guest networking application?

Yes. ForeScout CounterACT provides a built-in policy to identify and distinguish guest users from corporate users. The most critical part of any guest networking application is the ability to determine whether a connecting device is a “guest”. Because organizations have various standards for what constitutes a guest device, ForeScout CounterACT provides several options to identify guest vs. corporate devices. These include — but are not limited to — the following:

  • Device authentication vs. Active Directory
  • Check for presence of SecureConnector installed on the device
  • Check to see if the device is not part of domain or if admin credentials fail
  • Check to see if the device is on an “approved device list”
  • Check to see if the NetBIOS hostname matches corporate standard
  • Query an endpoint for buried registry settings or a specific file
  • Any combination of the above

^Top

Is ForeScout CounterACT able to enforce access control based upon a user’s role?

Yes. ForeScout CounterACT can manage users and enforce their network access based on the role of the logged-in uer. User management can be done internally or via integration with any of the common identity management systems.

^Top

What identity management systems does ForeScout CounterACT support?

ForeScout CounterACT works with Microsoft AD, Novell directory, Sun, Lotus Notes, RADIUS, TACCAS, and any user-defined LDAP server.

^Top

Describe ForeScout CounterACT’s ability to enforce NAC for an SSL VPN and for an IPsec VPN.

ForeScout CounterACT supports Nortel and Juniper SSL VPN gateways and Cisco, Nortel and Juniper IPsec VPN gateways. ForeScout CounterACT provides the ability to conduct complete compliance checks on connecting endpoints (post-connection to VPN gateway). The device is automatically checked for any malicious threat and, if found, the connection is terminated – with temporary revocation of the user’s credentials. ForeScout CounterACT can notify the end user prior to disconnecting their device. Enforcement is completely configurable and can be set for a specific timeframe (e.g., User “janedoe” will not be allowed to logon for 1 hour).

^Top

How does ForeScout CounterACT detect unauthorized WAP’s and other rogue devices?

ForeScout CounterACT keeps track of traffic from all network devices. Rogue devices show up as new network devices that do not conform to policies. For example, they show up as NAT devices, or as devices from an unapproved vendor.

^Top

How does ForeScout CounterACT identify non-PC devices on a network?

ForeScout CounterACT uses both passive monitoring and active scanning to detect all devices on the network, as long as the device has an IP address or is connected to a device with an IP address. The only devices that ForeScout CounterACT cannot detect are completely passive devices like an Ethernet line tap. For more details, see our whitepaper “Device Host and Detection Methods“.

^Top

Does ForeScout offer the means to enable a “Bring Your Own PC to Work” policy?

Yes, ForeScout allows enterprises to quickly enable a bring you own PC to work policy.  Without agents or through a non-persistent agent, ForeScout CounterACT can identify, assess the security posture and apply a variety of controls for any device connecting to the network.  In particular, systems that do not have particular security services invoked can be re-directed to a self-remediation center or  ForeScout CounterACT can attempt to remediate the endpoint with little to no IT intervention.  See a presentation on how ForeScout enables and safeguards BYOPC – IT Consumerization.  Learn how the City of Guelph advanced their BYOPC policy using ForeScout CounterACT.

Endpoint Compliance

^Top

Does ForeScout CounterACT include an agent?

ForeScout CounterACT can be deployed with or without an agent on the desktop. Both options provide 100% full functionality.

The name of our agent is ForeScout SecureConnector. SecureConnector can be installed in either dissolvable or permanent (persistent) mode. Once installed, SecureConnector creates an SSL-encrypted VPN-like tunnel back to the ForeScout CounterACT appliance. SecureConnector supports Windows (2000, XP, 2003, Vista), Mac and Linux/Unix devices.

Regardless of whether you use our agent, the ForeScout CounterACT appliance performs the endpoint interrogation, remediation and enforcement. This includes patch levels, anti-virus status, registry settings, services/processes, firewall configuration, file versions, application compliance, termination of specific processes, USB enforcement, log-off, and shutdown of customer-defined scripts. It is important to note that the trust and logic of policy enforcement is maintained by the ForeScout CounterACT appliance rather than via the endpoint agent. This is a security benefit, because malware will often attempt to spoof or disable the security agents that are resident on the host.

^Top

How does ForeScout CounterACT work without an agent?

ForeScout CounterACT can obtain some information about endpoint devices through passive listening and interrogation of the switch infrastructure. In order to obtain detailed information about endpoints devices, ForeScout CounterACT conducts a remote login to the device. Once logged in, ForeScout CounterACT can inspect virtually any criteria, including registry settings, and active/inactive processes. ForeScout also offers a lightweight agent called SecureConnector which is helpful for :

  • Killing or controlling USB ports
  • More frequent killing of a process (up to once each second, instead of once each minute without SecureConnector)
  • Balloon messages
  • Voip environments

present/missing applications. This covers standard NAC criteria (AV, patch level, IM, etc.)

^Top

Does ForeScout CounterACT detect the existence of malware on an endpoint?

Yes, using multiple methods:

  1. Detecting attacks on the network, using ForeScout’s patented ActiveResponse technology.
  2. Detecting unexpected behavior, such as when a printer starts acting like a Windows host.
  3. Detecting effects of malware, e.g. when antivirus is repeatedly disabled on a system
  4. Unauthorized configuration changes or drifts, e.g. change to registry settings

Remediation

Does ForeScout CounterACT support automated remediation?

Yes. ForeScout CounterACT offers fully automatic remediation. In addition, it can integrate with third-party patch management systems (such as Microsoft SMS/SCCM, WSUS, Lumension, etc.). ForeScoutCounterACT provides complete automated remediation using clientless or agent-based methods. This includes patch management, anti- virus updating, registry and configuration management, application and service control, file version management, as well as a completely scriptable configuration and installation system.

^Top

Does ForeScout CounterACT support remediation through dialogs with the quarantined user?

Yes. ForeScout CounterACT offers Web-based interactive user dialogs with automated or self-guided remediation.

The ForeScout CounterACT system communicates with the user with personalized, customizable web pages. Because ForeScout CounterACT can open these web pages automatically (without waiting for the user to browse the web) the user is immediately informed. The web interface can direct the user to resolve the problem with detailed instructions, web links or contact phone numbers, or merely inform the user of the remediation that is being done automatically by the appliance.

^Top

Does the ForeScout CounterACT agent pass parameters (e.g., missing patch) to a remediation agent, or does it simply “kick off” the remediation agent?

Both are possible. When remediating the endpoint using its own clientless or agent-based method, the ForeScout CounterACT system passes on specific parameters (i.e. configuration, registry value, etc.). When leveraging a third-party agent, ForeScout CounterACT will cue the update agent then monitor for completion of the remediation process.

^Top

Does ForeScout CounterACT pass inagformation to a trouble ticketing solution?

Yes: ForeScout CounterACT integrates with Remedy and can send alerts to most any trouble ticketing system using industry-standard protocols (SYSLOG, SNMP, SMTP). In addition, the ForeScout CounterACT plug-in integration offers two-way communication for ticketing (Remedy) or other management systems (SIM).

^Top

Who are ForeScout CounterACT’s remediation partners?

ForeScout CounterACT is fully integrated with any of the following patching systems (via software plug-ins and partner agreements):

  • Microsoft SMS/SCCM
  • Patchlink (Lumension)
  • Remedy (for trouble ticketing)
  • Qualys (for vulnerability detection)

If an endpoint is found to be out-of-compliance due to out-of-date anti-virus (anti-spyware, OS) software, ForeScout CounterACT can execute a patch-application launch sequence. Most importantly, ForeScout CounterACT offers a scripting engine that integrates with virtually any remediation product. In short, a customized script can be written to cue any patch process based on policy results: for MAC/Linux, this will be a shell script; for Windows this will be a C-script; we also support standard console scripts that will initiate .bat and .exe files.

Monitoring

Does ForeScout CounterACT provide the ability to monitor the network for anomalous traffic?

Yes – based upon ForeScout’s patented technology. ForeScout CounterACT can instantly identify both human and self- propagating threats without requiring signatures or anomaly detection.

Following the patented ActiveResponse methodology, the appliance uses specially-crafted information to respond to network reconnaissance and access attempts. If a device takes this information and attempts to use it to gain access to the resource, ForeScout CounterACT determines this to be a malicious threat. Based upon enforcement policy in place, the device will be isolated, quarantined or blocked.

^Top

Can ForeScout CounterACT track changes that occur on endpoints?

Yes, ForeScout CounterACT allows you to define a change tracking policy. This feature allows the administrator to take automatic action when a specific property of an end-point changes (for example, if an end-point profile changes from “Printer” to “windows”).

Mobile Security

Does ForeScout CounterACT provide mobile security capabilities?

ForeScout CounterACT provides real-time visibility and control over smartphones, tablets and wireless devices on your network. With our solution, you can let users enjoy the productivity benefits of modern handheld devices while you protect your network against malicious threats and data loss. Capabilities include:

  • Detection:  Identify mobile devices the moment they try to connect to your network, either via a wireless access point or a wired network port. No agents or software are required.
  • Visibility:  Categorize and report handheld mobile devices by brand and by user. ForeScout supports Apple iPhone and iPad, Windows Mobile, Nokia Symbian, Android, and BlackBerry devices. With the addition of ForeScout Mobile, you can see detailed information about each device such as hardware model, OS version, installed apps, IP address, serial number, phone number, and more.
  • Registration: ForeScout CounterACT can force mobile users to go through an automated guest registration process via HTTP hijack.
  • Network Control:  Apply custom network access policies to corporate and personal smartphone and mobile devices. Available control options include Allow, Block, or Limit. ForeScout CounterACT lets you automatically control where different types of people can go on your network, based on who they are or what device they are using.
  • Device Control: With ForeScout Mobile, you can directly control the configuration settings and remediate security deficiencies. ForeScout Mobile Security Module lets you remediate iOS devices with actions as remote wipe, enforce password policy; require apps such as anti-virus, MDM or virtualization; remove or disable native apps such as the camera; and enforce specific WiFi access methods. ForeScout Mobile MDM Module lets you automatically trigger device remediation as provided by your MDM system.
  • Protection: If malware exists on the mobile device and tries to propagate or interrogate your network, ForeScout CounterACT will detect the malicious behavior, block the threat, and can automatically quarantine or remove the mobile device from your network. ForeScout CounterACT for mobile security includes ForeScout’s patented ActiveResponse™ technology.
  • Productivity: ForeScout CounterACT frees workers to use mobile and wireless devices of choice, for maximum productivity.

^Top

What handheld devices does ForeScout CounterACT identify?

ForeScout CounterACT identifies iPhone, iPad, Android, Blackberry, Windows Mobile, Nokia Symbian.

^Top

Does ForeScout CounterACT require deployment of an agent to handheld devices?

No, the features shown above do not require the presence of an agent on the handheld device.

^Top

Does ForeScout CounterACT or ForeScout Mobile replace Mobile Device Management solutions?

No, ForeScout CounterACT and the ForeScout Mobile add-on modules complement MDM solutions, as per the following chart:

Feature ForeScout CounterACT MDM Solutions
Network Access Control Yes – unified network access controls for PCs and handheld devices No, MDM only controls access to email via ActiveSync
Real-time visibility of everything on the network Yes No – only managed handheld devices
Compliance management and remediation ForeScout CounterACT provides compliance management and remediation for PCs. 

ForeScout Mobile provides compliance management and remediation for iOS devices

 Handheld devices only
Security management (password, encryption, remote wipe, etc.) ForeScout CounterACT provides compliance management and remediation for PCs 

ForeScout Mobile provides security functions for iOS such as set encryption, remote wipe, remote lock, set password

 Handheld devices only
How does ForeScout address BYOD?

Bring Your Own Device (BYOD) represents a daunting security challenge. ForeScout’s products let organizations accommodate personal mobile devices on the network without compromising security. ForeScout CounterACT provides real-time visibility of personal and mobile devices, limits the network access of those devices, and prevents those devices from spreading malware on the network. ForeScout Mobile provides additional capabilities including deep inspection of handheld device’s properties and compliance status, and the ability to manage configuration of supported  devices. For more information, see here.

 

^Top