Network Access Control

Visibility and Control of who, what, when and where of your networks.

ForeScout CounterACT™ is a platform that provides continuous security monitoring and mitigation. It allows IT organizations to efficiently address numerous access, endpoint compliance and threat management challenges even within today’s complex, dynamic and expansive enterprise networks. Taking advantage of next-gen network access control (NAC) capabilities, CounterACT delivers both real-time intelligence and policy-based control to preempt threats and remediate problems while preserving business productivity. ForeScout CounterACT integrates with your network, security and identity infrastructure to assure the right users and their devices gain appropriate access. Offering a range of built-in policy templates, CounterACT can flexibly manage employee and guest access in a way that is secure and seamless while providing organizations a quick and easy way to enforce Bring Your Own Device (BYOD) policy.

ForeScout CounterACT automatically discovers, classifies and applies policies for users, devices, systems and applications on your network, helping minimize your security risks. Because ForeScout CounterACT is agentless, it works with your endpoints – managed and unmanaged, known and unknown, PC and mobile security, embedded and virtual. With CounterACT, you can identify security gaps that may otherwise go undetected by your existing agent-based security systems.

ForeScout CounterACT works with your existing infrastructure via the ControlFabric™ architecture. This set of integration technologies enables ForeScout CounterACT and other IT solutions to exchange information, enhance control context, and efficiently mitigate a wide variety of network, security and operational issues. As a result, you can achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources.

Network Access Control

ForeScout CounterACT lets employees, guests and contractors quickly connect, comply and get to appropriate network access, while at the same time providing operations rich device and network access visibility. CounterACT offers extensive guest registration options so you can tailor the admission process to suit your organization’s needs. Once registered and admitted, CounterACT can limit the user’s access to just the Internet or to specified network resources.

Endpoint Compliance

ForeScout CounterACT automatically enforces security policies for everyone and everything on your network, which helps you minimize your security risks. Because CounterACT is agentless, it works with all types of endpoints—managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover security weaknesses with your existing agent-based security systems that would otherwise go undetected. When CounterACT discovers a security problem, it can automatically fix the problem, or it can leverage your existing remediation or helpdesk systems.

Threat Prevention

ForeScout CounterACT blocks both known and unknown attacks with 100% accuracy by continuously monitoring network devices for evidence of threatening behavior. Our patented ActiveResponse™ technology does not suffer from false positives so you can confidently deploy ForeScout’s threat prevention system in full blocking mode. Since ActiveResponse does not require signature updates, it’s maintenance free and can ensure that your network is always protected from zero-day attacks, propagating infections and malicious attacks.

Works with What You Have

ForeScout CounterAct works with the majority of popular switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems that you already have. We require no infrastructure changes or equipment upgrades.

Agentless

ForeScout CounterAct can identify, classify, authenticate and control network access of both managed and unmanaged (BYOD) endpoints without any help from agents or any kind of preconfigured endpoint software. Deep endpoint inspection can also be done without an agent as long as CounterACT has administrative credentials on the endpoint. In situations where CounterACT does not have administrative credentials (e.g. BYOD), deep inspection can be performed with the help of our optional SecureConnector agent.

Non-disruptive

Unlike conventional NAC products that immediately disrupt users with heavy-handed access controls, ForeScout CounterACT can be deployed seamlessly without impacting any users or devices. Furthermore, our solution can easily be implemented in a phased approach to minimize disruption and accelerates results. In the initial phase, CounterACT gives you visibility to your trouble spots. When you want to move forward with automated control, you can do so gradually, starting with the most problematic locations and choosing an appropriate enforcement action.

Open Interoperability

Unlike infrastructure vendors which offer minor interoperability and modest third-party coverage, ForeScout CounterACT offers extensive third-party vendor interoperability and an open integration architecture.

Accelerated Results

ForeScout CounterACT provides useful results in days by giving you real-time visibility to assets and security issues on your network. The built-in knowledge base helps you configure security policies quickly and accurately.