Network Access Control

Visibility and control of who, what, when and where of your networks.

Forescout is a platform that provides continuous security monitoring and mitigation. It allows IT organizations to efficiently address numerous access, endpoint compliance and threat management challenges even within today’s complex, dynamic and expansive enterprise networks. Taking advantage of next-gen network access control (NAC) capabilities, the Forescout platform delivers both real-time intelligence and policy-based control to preempt threats and remediate problems while preserving business productivity. The Forescout platform integrates with your network, security and identity infrastructure to assure the right users and their devices gain appropriate access. Offering a range of built-in policy templates, the Forescout platform can flexibly manage employee and guest access in a way that is secure and seamless while providing organizations a quick and easy way to enforce Bring Your Own Device (BYOD) policy.

The Forescout platform automatically discovers, classifies and applies policies for users, devices, systems and applications on your network, helping minimize your security risks. Because the Forescout platform is agentless, it works with your endpoints – managed and unmanaged, known and unknown, PC and mobile security, embedded and virtual. With the Forescout platform, you can identify security gaps that may otherwise go undetected by your existing agent-based security systems.

The Forescout platform works with your existing infrastructure via the ControlFabric™ architecture. This set of integration technologies enables the Forescout platform and other IT solutions to exchange information, enhance control context, and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.

Network Access Control

The Forescout platform lets employees, guests and contractors quickly connect, comply and get to appropriate network access, while at the same time providing operations rich device and network access visibility. The Forescout platform offers extensive guest registration options so you can tailor the admission process to suit your organization’s needs. Once registered and admitted, the Forescout platform can limit the user’s access to just the Internet or to specified network resources.

Endpoint Compliance

The Forescout platform automatically enforces security policies for everyone and everything on your network, which helps you minimize your security risks. Because the Forescout platform is agentless, it works with all types of endpoints—managed and unmanaged, known and unknown, physical and virtual. The Forescout platform can discover security weaknesses with your existing agent-based security systems that would otherwise go undetected. When the Forescout platform discovers a security problem, it can automatically fix the problem, or it can leverage your existing remediation or helpdesk systems.

Threat Prevention

The Forescout platform blocks both known and unknown attacks with 100% accuracy by continuously monitoring network devices for evidence of threatening behavior. Our patented ActiveResponse™ technology does not suffer from false positives so you can confidently deploy the Forescout platform's threat prevention system in full blocking mode. Since ActiveResponse does not require signature updates, it’s maintenance free and can ensure that your network is always protected from zero-day attacks, propagating infections and malicious attacks.

Works with What You Have

The Forescout platform works with the majority of popular switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems that you already have. We require no infrastructure changes or equipment upgrades.


The Forescout platform can identify, classify, authenticate and control network access of both managed and unmanaged (BYOD) endpoints without any help from agents or any kind of preconfigured endpoint software. Deep endpoint inspection can also be done without an agent as long as the Forescout platform has administrative credentials on the endpoint. In situations where the Forescout platform does not have administrative credentials (e.g. BYOD), deep inspection can be performed with the help of our optional SecureConnector agent.


Unlike conventional NAC products that immediately disrupt users with heavy-handed access controls, the Forescout platform can be deployed seamlessly without impacting any users or devices. Furthermore, our solution can easily be implemented in a phased approach to minimize disruption and accelerates results. In the initial phase, the Forescout platform gives you visibility to your trouble spots. When you want to move forward with automated control, you can do so gradually, starting with the most problematic locations and choosing an appropriate enforcement action.

Open Interoperability

Unlike infrastructure vendors which offer minor interoperability and modest third-party coverage, the Forescout paltform offers extensive third-party vendor interoperability and an open integration architecture.

Accelerated Results

The Forescout platform provides useful results in days by giving you real-time visibility to assets and security issues on your network. The built-in knowledge base helps you configure security policies quickly and accurately.