We just raised a $30M Series A: Read our story

Forescout Platform OverviewUNIXBusinessApplication

Forescout Platform is #1 ranked solution in top IoT Security tools, #2 ranked solution in top Network Access Control (NAC) tools, and #4 ranked solution in top Endpoint Compliance tools. IT Central Station users give Forescout Platform an average rating of 8 out of 10. Forescout Platform is most commonly compared to Cisco ISE (Identity Services Engine):Forescout Platform vs Cisco ISE (Identity Services Engine). Forescout Platform is popular among the large enterprise segment, accounting for 67% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 23% of all views.
What is Forescout Platform?

ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings.

Forescout Platform was previously known as Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT.

Forescout Platform Buyer's Guide

Download the Forescout Platform Buyer's Guide including reviews and more. Updated: December 2021

Forescout Platform Customers

NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust

Forescout Platform Video

Pricing Advice

What users are saying about Forescout Platform pricing:
  • "It might not be the cheapest solution, but you get what you pay for."
  • "Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money."
  • "We might have paid in the ballpark of $20,000 yearly for our licenses. I do not recall there being other fees over and above the standard licensing fee."
  • "We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility."
  • "The ROI is priceless."
  • "Licenses are perpetual but can come with renewable support."
  • "They base the license on the number of devices, which is quite misleading."
  • "The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access."

Forescout Platform Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
DO
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
Top 20Leaderboard
Identifying potentially unwanted devices on the network has saved the organization time and money

Pros and Cons

  • "Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy."
  • "When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."

What is our primary use case?

Asset Discovery. 

We were not able to accurately see devices in our network and/or have the ability to either remove rogue devices from the network or move them off to another VLAN. With corporate owned assets, we also have the ability to see if something is missing or not up-to-date on a product, then we have the ability to push the update down to the asset. 

We have not integrated the wireless access points into the product, but we are able to gain better visibility with wireless access points for mobile devices to do the same thing.

How has it helped my organization?

We are now able to see the assets connected to our network and classify them based on certain criteria that we can define. We still have a ways to go in getting things setup and more networks defined on what we want to see. Forescout is allowing us to gain that visibility with a few clicks of the mouse. Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy.

What is most valuable?

There are so many to list: 

  • The policies and what you can do with them is amazing. 
  • The ability to narrow down devices online versus offline.
  • Get the MAC Addresses last attributed with a device or IP address on a device and connect that to its switch port or router. This is very beneficial when assisting in tracing back physical connectivity, if needed. 
  • The ability to move a device off the network is very useful. The hardest part is showing the help desk what they need to do when troubleshooting a device connectivity issue.

What needs improvement?

When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies. I could see after doing this repeatedly that it may lead to some premature clicking in an area that you may not have wanted, depending on how your segments are setup, and may cause issues later down the road.

For how long have I used the solution?

Just a few months.

What do I think about the stability of the solution?

In using the product for a short period of time, we have not had any issues with it. This product so far has proven to be top notch and do what is designed to do. The visibility into the network makes things an ease.

What do I think about the scalability of the solution?

It is highly scalable and easy to implement.

How are customer service and technical support?

Customer service and technical support are very responsive. We had one issue integrating a module and had a response within 30 minutes of opening the ticket, then we had a resolution shortly afterwards.

Which solution did I use previously and why did I switch?

We did not use a different solution other than best guess or a manual Nmap with port scanning tools to find out what was on a network segment, which was very time consuming.

How was the initial setup?

Our network is fairly complex. However, the setup of this application was straightforward. It has great documentation on what ports/protocols are needed when communicating with other devices. The documentation was easy to read.

What about the implementation team?

We implemented with Professional Services from Forescout.

What was our ROI?

Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money.

What's my experience with pricing, setup cost, and licensing?

It might not be the cheapest solution, but you get what you pay for.

Which other solutions did I evaluate?

Senior management used this product before and already did a comparison of other products.

What other advice do I have?

The product has proven to be worth the cost and time savings alone in finding rogue devices. It helps with ROI and increasing our security posture. You can't protect what you don't know about or can't see.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jonathan Soto
Ingeniero Senior en seguridad y telecomunicaciones at a non-tech company with 1,001-5,000 employees
Real User
Top 20Leaderboard
A straightforward setup with good technical support and good stability

Pros and Cons

  • "The user management has been very easy for the most part."
  • "The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective and it's ultimately just too costly."

What is our primary use case?

We needed some protection in our environment. We use this product in some areas in our network to monitor the security of the endpoints of our users. 

What is most valuable?

The environment was easy to configure. 

The user management has been very easy for the most part.

The initial setup is pretty easy.

Technical support has been very helpful.

The stability overall is good.

What needs improvement?

The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective and it's ultimately just too costly.

We may have some problems with compatibility - specifically with Cisco switches. We have the perimeter a Check Point firewall as an alarm for VPN connections. We have users integrating the VPN Check Point with Forescout. We can't seem to scale due to compatibility issues and price.

For how long have I used the solution?

We have been working with the solution for around two years. It hasn't been that long. That said, we are moving away from the solution.

What do I think about the stability of the solution?

Overall, the stability of the product has been very good. It doesn't crash or freeze. There aren't bugs or glitches. It's been set up very well. We've found it to be reliable and the performance is good.

What do I think about the scalability of the solution?

Our issue, in terms of scalability, is that we have a brittle machine. We struggled to get the licenses loaded. We would need to change the machine in order to develop a certain level of scalability capabilities.

At the moment, we have about 100 users on the solution, however, we require more licenses. Our goal was 1000 users on devices, however, it wasn't possible. The economics were against us.

How are customer service and technical support?

While I have never personally opened a case with technical support in the past, my colleague has. He found them to be very responsive and helpful. He was satisfied with their level of service.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. Forescout was our first.

We are just now migrating to Cisco ISE. The problem is that we have around 500 users and we have only 100 licenses from Forescout due to the fact that it is a little expensive for us. We are trying instead to move to Cisco ISE, which has better pricing.

How was the initial setup?

The initial setup was not complex. It was pretty easy. Installation maybe takes one or two days, and the implementation in total takes around two weeks.

We have a partner from Forescout in my country. He came to my company to meet with us. He helped explain a few things and assisted with network displays. 

There were about eight people that handled deployment between our end and the technical support side.

What about the implementation team?

A Forescout representative ultimately came to our company for us. They assisted a little. They understood the cloud very well and were very helpful.

What's my experience with pricing, setup cost, and licensing?

The licenses are quite expensive. Ultimately, we couldn't afford the amount we needed, and therefore we are moving off the product.

We might have paid in the ballpark of $20,000 yearly for our licenses. I do not recall there being other fees over and above the standard licensing fee.

Which other solutions did I evaluate?

We evaluated Cisco. The difference is the compatibility with our network. Other switches are Cisco devices, and therefore the compatibility and the integration were a little easier. With Forescout we have had some issues with some other access points. With Cisco ISE, we don't have that problem.

What other advice do I have?

I do not recall which version of the solution we are using. We use the on-premises deployment model, however, we also have some clients on the cloud.

I would advise other organizations that, if they have multi-vendors in their network, use Forescout. However, if most of the devices are Cisco, it is best to use Cisco ISE.

It is a great tool and solution. We looked into it with the Magic Quadrant of Gartner and we have seen that it is a leader in the space. However, for us, it just doesn't work as well in terms of compatibility.

I'd recommend the solution. I would rate it at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,676 professionals have used our research since 2012.
reviewer1348908
Senior Network Engineer at Tessy Plastics
Real User
Top 20
Our environment is significantly more secure

Pros and Cons

  • "Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security."
  • "They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous."

What is our primary use case?

We primary use the Forescout appliances to identify, segment, and control all of our internal, manufacturing, automation, and IoT networks. In addition, we use Forescout to deploy guest wireless by utilizing self-registration to allow employees and guests onto our network. Forescout is also responsible for maintaining and showing us all threat data, such as vulnerabilities. We also use it to identify and prevent all malicious network scans throughout our entire network. These powerful tools allow us to secure our network end-to-end.

How has it helped my organization?

Before our implementation of Forescout, we had no Network Access Control. This allowed all users, trusted and unknown, to access our internal infrastructure. This was a burden because we are in the contract manufacturing sector where each independent contractor brings in their own infrastructure and it is up to us to secure these networks. Since implementing CounterACT, we have been able to isolate and segment all unknown devices, providing strict requirements for device on boarding. Since implementing Forescout, our environment is significantly more secure.

What is most valuable?

The biggest benefit to our organization is the fact that being in manufacturing you have many different types of devices. Only a small section of these types of devices support dot1x authentication. This makes Network Access Control very difficult to implement. With Forescout, the difficulty becomes significantly less. Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security.

What needs improvement?

The product could be improved in different ways: 

  • The speed of identification
  • More guest management features (i.e. extending time frames)
  • Sometimes, the identification profiles completely change after device upgrades. It would be beneficial to keep or merge these records if enough correlating data points exist, so as not to segment devices. 

Some of the features introduced into the product line could have better documentation, which could provide for an overall better experience for administrators.

For how long have I used the solution?

We have been using Forescout CounterACT for over a year now. We have been very impressed.

What do I think about the stability of the solution?

Forescout is one of the most stable pieces of software that I have ever worked with. Their updates are timely, and their software has an assortment of plugins and bolt-ons. Having a software this flexible would normally present itself with bugs, but we have not run into any software issues with their plugins, modules, or software in general.

What do I think about the scalability of the solution?

We run virtual appliances. We have needed to bring up a fully functional data center in less than 15 weeks. Forescout takes less than a day to implement. Their product is very scalable.

How are customer service and technical support?

Tech support is very good and knowledgeable. 

They need to handle their Tier 1 cases differently. The biggest negative regarding Forescout is their support. Not having the ability to get instantly transferred to a support engineer for Tier 1 cases is pretty ridiculous. In addition to the support, they can take their time getting to you, which is another frustrating item.

How was the initial setup?

The initial setup is very simple. The logic behind policies makes it very straightforward. With that being said, policies can be very complex, and if you are not careful, they could have unintended results.

What about the implementation team?

Brite Computers was a phenomenal asset. I would rate them as a 10 out of 10.

What was our ROI?

The ROI is priceless. How can you put a price on someone's privacy?

What's my experience with pricing, setup cost, and licensing?

We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility.

Which other solutions did I evaluate?

We primarily evaluated Cisco ISE. We looked at Cisco ISE and were in the process of demoing it. We looked elsewhere because the MAC Authentication Bypass feature was not a workaround that we wanted to implement for over half of our environment.

What other advice do I have?

The product has been fantastic for us, meeting our needs. We have hardly had any bugs to speak of. With that being said, please allow Tier 1 cases to be directly transferred to an available engineer. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Top 5Leaderboard
Provides good network visibility, allowing us to detect and remove unknown threats

Pros and Cons

  • "You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as."
  • "The reporting feature needs improvement."

What is our primary use case?

We are using this product as a NAC to secure our network and to meet IRS audit requirements. For example, we are using it to lock down our VPN solution.

Until now we had strict requirements for people logging in through VPN, including AD credentials and multifactor authentication, but no requirements for the actual hardware they were using. With Forescout, we can inspect every computer using VPN and block ones we don't permit, or remediate the ones we do permit.

Also, we will be able to quarantine and block computers that are not agency equipment on regular switch ports or wireless.

How has it helped my organization?

With Forescout we can get a detailed view of every device that attaches or tries to attach to our network. We can write policies that enforce a variety of actions such as quarantine and remediation.

We can prevent rogue actors from utilizing switch ports, wireless, or VPN to access our network.

Another benefit to Forescout is in inventory knowledge. We are seeing many devices that nobody knew were attached to the network and this allows the various teams to remediate or remove devices that could present a threat.

What is most valuable?

I think the most valuable feature is that the port-based 802.1x configuration on switch ports is not required. It operates by listening to the wire and talking to networking devices. That is a huge reduction in configuration complexity.

You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as.

Another good thing about the product that it can examine every endpoint and give information about it, even IoT devices.

What needs improvement?

The reporting feature needs improvement. An example is that currently, you cannot configure what report files will be named. I think that the reporting feature needs more flexibility. It has about 15 templates and you have to use one of them, but it is not easy to understand what each of them is. It would be nice to have more control over the format of the reports.

Also, it would be nice if the configuration backup feature had more flexibility. It only supports FTP, SFTP, or SCP. That makes it impossible to write backups to a Windows share.  

For how long have I used the solution?

We have been using the Forescout Platform for about a year.

What do I think about the stability of the solution?

We have had no problems with stability.

What do I think about the scalability of the solution?

It is very scalable. You can set up an appliance as an Enterprise Manager, which means it can manage a large number of other appliances or VMs. The Enterprise Manager can operate in HA (High Availability) mode, and can manage 100 of the 5160 appliances. Each 5160 can mange 20,000 endpoints, so Forescout can scale to around 2 million endpoints.

How are customer service and technical support?

Technical support is generally very good.

Which solution did I use previously and why did I switch?

This is our first NAC product.

How was the initial setup?

The initial setup is fairly complex and it would be a good idea to employ Forescout Professional services for this phase. Special attention needs to be paid to SPAN sessions or taps to allow Forescout to listen to the wire. 

What about the implementation team?

We used a combination of vendor services and in-house staff for the deployment. The vendor team was competent.

What was our ROI?

I cannot speak to ROI.

What's my experience with pricing, setup cost, and licensing?

Licensing is per endpoint that uses a discrete IP address. Licenses are perpetual but can come with renewable support. The product is complex so do not skimp on training, certification, and professional services.

Which other solutions did I evaluate?

We looked at Clearpass and ISE.

What other advice do I have?

It is the only NAC product I know of that does not require 802.1x on every switch port. Big win. But, make sure that you invest in training up your personnel. It is not a simple product. 

Importantly, the vast capabilities make it worthwhile. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
KK
Products & Solutions Manager Cyber Security | Forensics at a tech services company with 201-500 employees
Consultant
Top 20
Implements well, and has and outstanding agentless visibility that is unmatched

Pros and Cons

  • "The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done."
  • "As a user, if I am using a laptop that is Wi-Fi connected, Forescout identifies my port connectivity as one user license, and if I take that same laptop with the same username to a wired network, which is also the same network that is used for the Wi-Fi connection, Forescout detects it as a separate license."

What is our primary use case?

I am a freelance cybersecurity consultant. I provide and implement products for our clients.

What is most valuable?

Forescout Platform is a very good NAC solution.

It's a very good product.

The agentless visibility is definitely unmatched and outstanding. 

The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done. 

It is a good solution, Garner rated because their leadership quadrant position is responsible for their market.

What needs improvement?

As a user, if I am using a laptop that is Wi-Fi connected, Forescout identifies my port connectivity as one user license, and if I take that same laptop with the same username to a wired network, which is also the same network that is used for the Wi-Fi connection, Forescout detects it as a separate license.

At times, I am working on wireless and sometimes I enter a zone where there is no wireless connection, which forces a land connection. This is an issue that needs to be resolved because it consumes another license for the same device and the same user.

This issue has been escalated to Forscout directly.

There was integration with Microsoft SCCM previously, and have suddenly stopped the open integration module for Microsoft. Customers are not aware of what is available to them in terms of the open integration module. 

Forescout Platform advised that there are many options available and many things they can do, but they don't tell customers exactly what they are. 

They need clear documentation and direction as to what the customer can expect from the open integration module. Customers need some clarity on what they can do and what is not possible to do.

When it comes to a full open integration we need to rely on the professional services from Forescout directly, no one can implement it as there is a limited amount of knowledge available.

They need to be more considerate, and there should be good documentation available to the customer.

They need to improve their selling approach or the consultant approach.

One of their use cases is an ITM use case, and ITSS asset management, but they don't really do ITSS management. They only detect the ITSS and all the parameters around that test, but they do not have any integration with any database system where they can store all these details and act like a typical ITSS management system. 

They should remove that use case in full. They should say that we complement your ITSS management by detecting the unknown assets in your network. This would be right.

For how long have I used the solution?

I have been familiar with the Forescout Platform for more than four years.

How are customer service and technical support?

In terms of technical support, their engineering team is very rigid. They must provide us with some clear answers and if they exceed the time it takes to resolve the issue, they will charge for that extra time. For example, if they go one day more, they will charge for that extra day.

How was the initial setup?

We have completed significant deployments which are more than 4,000 endpoints. There was a complex network architecture.

All of the implementations have gone very well and the customers are satisfied.

What's my experience with pricing, setup cost, and licensing?

They base the license on the number of devices, which is quite misleading. If I am one user, it should be based on that rather than how many devices I use with the same user name. 

To base it on the number of devices it can reduce one more license from my overall license allotment. It can result in four or five licenses for one user.

What other advice do I have?

I was a partner of the company who was a Forescout Platform partner and I was responsible for bringing in Forescout, and establishing the service line for the Forescout Platform sales, pre-sales, and the implementation, but I am no longer with that company.

I would rate Forescout Platform an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
CA
Product Manager - IT Security at a tech services company with 11-50 employees
Real User
You can configure granular controls just as you want those policies to be implemented

Pros and Cons

  • "Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it."
  • "I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy."

What is our primary use case?

Our primary use case is for device compliance and access control.

What is most valuable?

Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it. 

The pricing, technical support, stability, scalability, initial set up, interface, dashboards, management, and monitoring are fantastic. They are excellent. 

The licensing of the solution is pretty simple. The process of deploying the solution is pretty straightforward. The dashboard, in terms of monitoring and management, is pretty simple. Maybe because I have a very robust technological background is why I don't struggle with these things. In terms of management, deployment, and support, although I really don't require their support, so far, so good.

What needs improvement?

Truth be told, I'm good with it. I'm yet to have something with the solution that I don't feel comfortable with. It's fine. I've not seen a cause or a reason why I should want something to be changed, but that doesn't take out the fact that there's always room for improvement. What I would love to see is a situation where my Forescout can integrate with different security technologies. Where it can share contextual information bidirectionally. I had written to Forescout about this and they told me they have that functionality already. So I think that settles it. They can share device context with the security technology and that technology can also be shared with Forescout. To build a form of connective strategy towards security. They have a dedicated module for the security technology I'm concerned about.

But with that software, I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy I talked about. So far, it's good. It meets my requirements that I had concern about.

For how long have I used the solution?

I have been using Forescout Platform for one year.

What do I think about the scalability of the solution?

In terms of scalability, my deployment architecture is central, so it scales with respect to the number of devices I have to add to my network. The licensing is based on the number of devices you have currently with regards to the future growth in the number of connected devices to your IT network or to your IT infrastructure. That gives you room to scale. So if I know that in the next two years, I would have an additional 50 or 100 users connecting to my network, either directly or remotely, I go for an appliance that accommodates that growth. Which is what I currently have.

So there's room to scale. Then the licensing is based on the number of devices you have currently. So if I have more devices come to my network, I can just acquire more licenses to take care of them. So I think that's fine.

How are customer service and technical support?

I've been very conversant with the technology for areas where I've experienced some challenges and I had to fix it up myself, but it's straightforward.

In terms of support, I've had to reach out to technical support. He was readily available and we made progress. So support is also good. My experience so far has been good. That's why I told you earlier that it's difficult for me to really point to somewhere where I could make an improvement.

What other advice do I have?

On a scale of one to ten I would give Forescout Platform a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1348911
Sr. Network Engineer at William Blair & Company
Real User
Top 20
Monitors network access globally and improves overall security while reducing risk

Pros and Cons

  • "Forescout CounterACT has allowed us to better open our access and control wireless access globally from our HQ. This allows us to monitor the network access for every office globally. This has improved overall security, reducing risk and opening up the opportunity to provide greater end user flexibility."
  • "More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated."

What is our primary use case?

To be able to improve security within our network. We needed Network Access Control (NAC). As such, we reviewed the available vendors who could provide this service to us and selected the Forescout CounterACT (CA) product primarily because we needed to be able to position the product in several regional locations. At the same time, we managed and controlled it locally and dynamically where we have it responding to a single control center. While we have implemented today strictly for wireless access, we will be extending that to include wired access in the future.

How has it helped my organization?

NAC: Forescout CounterACT has allowed us to better open our access and control wireless access globally from our HQ. This allows us to monitor the network access for every office globally. This has improved overall security, reducing risk and opening up the opportunity to provide greater end user flexibility. 

What is most valuable?

The key feature we use is AD integration. That feature needs the least amount of attention once set up. 

Monitoring and logging are the pieces that we use most day-to-day. These are used by both our network and security teams to ensure proper operation with minimal risk. Whether machines attempting access are firm managed, vendors visiting, or IoT, all are available within the CA appliance. We plan to extend the use to further support growth functionalities and new work from home initiatives going forward.

What needs improvement?

Better reporting and analysis of access (based on client) would be helpful. Also, a tool that allows tracing a user through the rules to authentication.

More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

ForeScout CA has proven itself to be very solid.

What do I think about the scalability of the solution?

It is very scalable with a lot of features that we aren't even using yet today.

How are customer service and technical support?

Technical support has been great. They are very knowledgeable, helpful, and considerate.

Which solution did I use previously and why did I switch?

We used Cisco ISE but found that it did not have the flexibility that we needed within our organization.

How was the initial setup?

Setup was anything but straightforward, but this had nothing to do with Forescout. This is the nature of NAC solutions in general. 

Setup takes significant preplanning. Don't expect to just drop it in, then have it up and running, even if you already use an alternative NAC product. However, it is worth it.

What about the implementation team?

We used a Professional Services engagement from Forescout, but still experienced a lot of issues.

What was our ROI?

I don't know.

What's my experience with pricing, setup cost, and licensing?

The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access.

Which other solutions did I evaluate?

We had ISE. As that product reached EOL, we considered whether there were alternatives to a NAC that we should consider but felt that a NAC is a security requirement.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Miguel Santiago
Owner at Securnet
Real User
Top 20Leaderboard
Has a valuable Bring Your Own Device feature and good usability

Pros and Cons

  • "We think it's simple. We think it's very useful and we really like reports and everything."
  • "The biggest disadvantage is the pricing."

What is our primary use case?

We are using the Forescout Platform mostly for the Bring Your Own Device features. So we like it very much. We like the dashboard, the usability, and the Bring Your Own Device feature. That's our main usage of the Forescout.

How has it helped my organization?

We are really adapted to the product. So we find it perfect.

What is most valuable?

Now that I'm used to it I don't see many places to improve it. We really like it as it is. We think it's simple. We think it's very useful and we really like reports and everything. We like it very much.

What needs improvement?

The biggest disadvantage is the pricing. I can see that the product has value. I see that the product is really good. I think that the pro is it's really stable, but price-wise, I think it's bad. But you have to pay for quality. But the pricing can be a little bit improved in my point of view. It will be harder to choose if we start comparing features and prices and when we made the initial choice. Our choice was based mainly on features. There was no price comparison involved. I think that it is not in the same landscape. The landscape has changed and there are a lot of contenders in this field. The price scale could be improved.

For how long have I used the solution?

I have worked with Forescout Device Visibility and Control Platform for two years.

What do I think about the stability of the solution?

The availability is one hundred percent available. So we don't have issues with that also, so very good.

What do I think about the scalability of the solution?

The installation is small enough, it's 500 users and there are no issues with the performance. So our escalation costs, we are small so it's perfect. I've had no issues. The availability is one hundred percent available. So we don't have issues with that also, so very good.

How are customer service and technical support?

Technical support was really great at the beginning of the setup. At the moment we don't use it because the product is very good. I cannot say if it's good or it's bad because we don't use it, we don't see any issues. It's very good. So for me, I cannot tell you if the support is fast or it's slow, or if it's good or bad because we don't use it. No, we don't use the support.

How was the initial setup?

The initial setup was straightforward. We have help from the manufacturer, so to put it in place it was straightforward. We have been using it for two years now with no issues.

What's my experience with pricing, setup cost, and licensing?

The pricing is really bad. We think that it's expensive. So the pricing part is expensive.

What other advice do I have?

I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will buy it. 

I would rate Forscout Device Visibility and Control Platform at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.