So, You Want to Evaluate CounterACT^®?

You’ve read all the rave reviews. You’ve perused the white papers, case studies and solution briefs. You’ve even called on existing customers—all of whom confirm the benefits your Forescout System Engineer told you about. At this point, why not just move forward with the procurement?

“Whoa, not so fast.” “My network is completely unique.” “No one has a network like ours!” “I don’t know if it will work in my environment.”

Believe it or not, we’ve heard all of these concerns—and successfully addressed them. We solve the needs of small, discreet deployments in extremely low-bandwidth, tactical environments, and scale all the way up to multi-national global deployments. We’ve got deployments at a single site with multiple Virtual Routing and Forwarding (VRFs) to a centralized deployment supporting 1,000 sites, including a standby Continuity of Operations (COOP). We have deployments in wired, wireless, VPN, 802.1x, non-802.1x, integrating with Cisco, Aruba, Brocade, Juniper, HP, Dell, Palo Alto, FireEye, Intel Security (McAfee) and more. It’s nice being the “Switzerland of Network Security,” because our solutions work in any environment.

That’s okay, though, we get it … you are still “unique” and need to see it for yourself. So what now?

If you are not currently in touch with a Forescout representative, that’s your next step. Head over to www.forescout.com and request a demo (top-right corner, green button). There will be some initial discovery on our part to route you to the correct team, which will take care of your needs from that point on. I highly recommend getting all of your teams involved in this evaluation (network and system administrators and well as information assurance personnel) because CounterACT will impact every one of these teams in a very positive way through automation! When you’re ready, we will work out evaluation details. What does a typical evaluation consist of, you ask?

Every situation is different (just like you). Based on your needs, we will send either a physical or virtual appliance. Not all systems engineers are alike, but I like to go with a physical device for up to 1,000 endpoints. The typical evaluation is for only 30 days. Doesn’t sound like enough time compared to other NAC tools you’ve looked at or heard about, but it is more than sufficient time for Forescout. If you do your prep-work prior to my arrival, by the time we get back from lunch, you’ll have visibility into the devices connected on the network segments you’ve chosen to evaluate. By the end of the day, we’ll already have written your initial compliance checks and started remediation actions. There have been numerous occasions where we’ve even started blocking obviously rogue devices (game systems, non-corporate/government machines and more) by the end of the first day! This kind of quick success depends highly upon me walking into a prepared environment.

The preparation isn’t difficult nor time-consuming. Your Forescout Systems Engineer will provide a planning document well ahead of time. In it, you’ll see what is needed to get ready. At a high level, you’ll need to create the service accounts CounterACT will use to log into the different network devices (SNMP/CLI) and endpoints (via WMI for Windows or SSH for Mac/Linux). No need to deploy an agent. Make sure you don’t forget to add the proposed CounterACT IP to any Access Control Lists (ACLs)! You’ll also have to have ready the list of network segments you plan on monitoring plus the associated network device IPs that CounterACT will integrate with. If you plan on evaluating any other Forescout Extended Modules (SCCM, ePO, Nessus, FireEye or others), make sure you have those service accounts ready to go too.

Finally, think about the use-cases you want to see proven over the 30 days and write them down! What are you struggling with? What can be done to help make things more secure? What about automation? Where do your other tools fall short? Can CounterACT fill those gaps as well? Forescout CounterACT can do far more than you realize! The more teams involved in the evaluation, the better you will work together to define the increasing problems CounterACT can solve.

I’m sure you are very curious about what you expect to see when CounterACT is finally deployed. This will be the topic of my next discussion. Stay tuned!