ForeScout CounterACT is a hardware appliance which works out-of-band on the network to control access for endpoint devices. The appliance is installed out-of-band to the switch directly or via port tap integration. It integrates with many third-party products and solutions to help identify and validate levels for authentication, anti-virus, operating system, firewall and more.
We were able to configure and install the appliance in a fairly short amount of time. One thing we noticed is that the interface is intuitive and the reporting/dashboard features are slick. Device monitoring can take place through many different implementations, including traffic and port monitoring, SSH, SNMP, 802.1x, ARP cache and more. Administrators have several options to deploy the solution. Some may choose to use existing 802.1x features if they are currently available, others may opt to deploy the solution differently. Overall, we believe there is a good amount of flexibility in the deployment considerations.
Ultimately, the device analyzes the hosts it sees, decides on how to deal with it based on custom policy configuration and then re-assigns the host to the appropriate VLAN based on its compliance posture. Devices also can be recognized and grouped together in logical buckets (Windows, Linux and NAT devices, hand-helds and more) for easy asset classification. This makes reporting and filtering the data easy, and it also helps tremendously when investigating a possible rogue or unknown device.
Overall, CounterACT has many useful features and granular options under the hood.
The supporting documentation is excellent and the ForeScout support portal has many useful options available, including a knowledge base, documentation and more.
Basic eight-hours-a-day/five-days-a-week support is available for 18 percent of the tool''s list price. Advanced 24/7 support is available for 23 percent of the list price.
Computer Technology Review-CounterACT
SANS What Works: Blocking Network-based Attacks