ForeScout CounterAct

See and Control Everything on Your Network

Product Tabs


ForeScout CounterACT automatically enforces whatever network access policies you desire for your organization. If you wish to ban all guests and unknown computers from your network, ForeScout CounterACT can do that. If you wish to allow guests and handheld wireless devices to access the Internet, ForeScout CounterACT can do that. Features include:


Integrated appliance. ForeScout CounterACT includes everything in a single appliance. No software to install, nothing to configure. Built-in integration lets you leverage your existing infrastructure including directory, switches, endpoint security systems, patch management systems, ticketing systems and reporting systems.


802.1x or not. ForeScout CounterACT lets you choose 802.1X or other authentication technologies such as LDAP, Active Directory, Oracle and Sun. New hybrid mode lets you use multiple technologies concurrently, which speeds NAC deployment in large, diverse environments.


Built-in RADIUS. ForeScout CounterACT includes a built-in RADIUS server to make rollout of 802.1X easy. Or, leverage existing RADIUS servers by configuring CounterACT to operate as a RADIUS proxy.


Automated exception handling. ForeScout CounterACT automates the handling of printers, phones, and other equipment that cannot authenticate via 802.1X. Continuous monitoring of endpoint behavior eliminates the security risk of MAC address or ARP spoofing.


Automated 802.1X troubleshooting and remediation. Identify misconfigured endpoints and switch ports. Automatically remediate 802.1X supplicants by appending configurations, fixing erroneous configurations, or updating configurations.


Visibility. ForeScout CounterACT’s Asset Inventory provides real-time, multi-dimensional network visibility and control, allowing you to track and control users, applications, processes, services, ports, external devices, and more.


Tactical map. Intuitive map lets you spot trouble areas of any sort (compliance, authentication issues, etc.) and drill-down for more information. The map shows alerts and operational information, and lets you drill down to specific sites and devices as required.


Guest registration. ForeScout CounterACT’s automated process allows guests to access your network without compromising your internal network security. CounterACT includes several guest registration options allowing you tailor the guest admission process to your organization’s needs.


BYOD friendly. Accommodate BYOD devices on your network while preserving security. Hybrid mode lets you use either 802.1X certificates or LDAP user credentials to gain access. Flexible policies allow full or limited network access based on user name, device type, and security posture. Control access based on VLANs, ACLs, or built-in virtual firewall.


Real-time mobile device control. ForeScout CounterACT detects and controls hand-held mobile devices connected to your Wi-Fi network. Supports iPhone/iPad, Blackberry, Android, Windows Mobile and Nokia Symbian.


Threat detection. ForeScout CounterACT includes ActiveResponse, a patented threat detection engine which monitors the behavior of devices post-connection. ActiveResponse blocks zero-day self-propagating threats and other types of malicious behavior. Unlike other approaches, ActiveResponse does not rely on signature updates to remain effective, which translates to low management cost.


Rogue device detection.  ForeScout CounterACT can detect rogue infrastructure such as unauthorized switches and wireless access points by identifying whether the device is a NAT device, identifying whether the device is on a list of authorized devices, or identifying situations where a switch port has multiple hosts connected to it. CounterACT can even detect devices without IP addresses, such as stealthy packet capture devices designed to steal sensitive data.


Role-based access control. ForeScout CounterACT ensures that only the right people with the right devices gain access to the right network resources. ForeScout leverages your existing directory where you assign roles to user identities.


Flexible control options. Unlike early generation NAC products that employed heavy-handed controls and disrupted users, ForeScout CounterACT provides a full spectrum of enforcement options that let you tailor the response to the situation. Low-risk violations can be dealt with by sending the end-user a notice and/or automatically remediating his security problem; this allows the user to continue to remain productive while remediation takes place.


Policy management. ForeScout CounterACT lets you create security policies that are right for your enterprise. Configuration and administration is fast and easy thanks to ForeScout CounterACT’s built-in policy wizard and knowledge base of device classifications, rules and reports.


Out-of-band deployment. ForeScout CounterACT deploys out-of-band which eliminates issues regarding latency and potential points of failure in your network.  High availability is available for organizations that require redundancy.


Scalability. ForeScout CounterACT has been proven in customer networks exceeding 250,000 endpoints. ForeScout CounterACT appliances are available in a range of sizes to accommodate networks of all sizes.


Optional agent. ForeScout CounterACT does not require an agent on the endpoint, which is important when dealing with BYOD. If you wish, you can install ForeScout’s lightweight agent on Windows, Mac, Linux, iOS and Android endpoints. Agents and can be automatically installed when the device connects to the network and the user registers their identity.


IT infrastructure integration. Unlike proprietary NAC products, CounterACT is fast and easy to install because it supports an extensive range of third-party networking and security hardware and software, such as network switches, wireless access points, VPN, antivirus, patch management, ticketing, SIEM, vulnerability assessment, and mobile device management (MDM).


Reporting. ForeScout CounterACT has a fully integrated reporting engine that helps you monitor your level of policy compliance, fulfill regulatory audit requirements, and produce real-time inventory reports.


Endpoint compliance. ForeScout CounterACT can ensure that every endpoint on your network is compliant with your antivirus policy, is properly patched, and is free of illegitimate software such as P2P.


Data Exchange. CounterACT can link to your existing databases and directories and pull information that can be used within NAC policies. For example, retrieve a list of MAC addresses of iPads that are owned by the company, and then you can create a policy to block other iPads.


MFG Part Numbers