Miercom – An Independent Assessment of Forescout CounterACT® capabilities

Security attacks are getting more sophisticated, often involving several systems. In order to break the kill chain, it’s essential for organizations to be able to see the various links in that chain. Also, they need to ensure that antivirus software and patches are up to date for all connected devices—including endpoints, in-house systems and servers—to reduce the security attack surface. Alarmingly enough, HP’s 2015 Cyber Risk Report found that 44 percent of known security breaches came from vulnerabilities that are more than two years old. These include vulnerabilities that are known: vulnerabilities for which there is a cure and, in principle, could have been easily mitigated if the company had been aware of them.

Another alarming data point comes from the Mandiant report ²⁾: on average it takes 205 days to detect a security breach. After it has been detected, it takes another 32 days to respond. No wonder the average cost of a breach is as high as $3.5 M per incident.

And if that wasn’t bad enough, the task of the IT Security Manager today has become incredibly more complex, caused by the large proliferation of devices being connected to the network: corporate managed PCs, personal devices and a wide range of IoT devices.

It’s time for improvement. Hence, Miercom was engaged by Forescout Technologies to independently verify the capabilities and effectiveness of its CounterACT appliance.

The Miercom testing focused on CounterACT’s agentless ability to quickly discover, classify and assess endpoints, including those that IT managers are typically unaware of and its ability to apply network and host-based controls to enforce security policy.

And the results were impressive. Main findings¹⁾ include:

• CounterACT discovered and classified 500 devices in less than 5 seconds. This is an unprecedented detection rate in the NAC industry. To reduce their security attack surfaces, companies need continuous monitoring—not periodic monitoring. Devices are added all the time and the ability to see 500 devices every 5 seconds scales well.
• CounterACT promptly discovered and provided full visibility of 100 percent of endpoints in all network environments tested. This is not only about discovering every IP-addressable device, but also classifying each device without the need for agents.
• Posture assessment and compliance monitoring. CounterACT’s compliance assessment policies provided real-time information about endpoint security posture and state changes.
• No impact on endpoint or network performance. There was no appreciable CPU usage increase on endpoints during connection, while installing a dissolvable client, or when notified of noncompliance. Also, on a SPAN link, CounterACT observed network traffic passively, with little to no impact on network performance.
• Simplified control, automation and time savings. Setting up policies for hosts and the network is straightforward via CounterACT’s console and wizards. Endpoint policies are readily understood and easily modified. Instead of requiring IT staff to manually query endpoints and determine their individual policy compliance, CounterACT automates this process, saving time and resources by mitigating problems.

“Based on test results validating the efficacy of discovery, classification, assessment and control capabilities, and the ease of management and customization, we proudly award the Miercom Performance Verified Certification to Forescout CounterACT” – Robert Smithers, CEO Miercom

¹⁾ According to the 2016 Miercom independent study
²⁾ MANDIANT M-TRENDS REPORT, PONEMON COST OF DATA BREACH STUDY

Jan