CounterAct works best when authenticating users through Active Directory or some other LDAP service. Being a NAC product, it also would like to connect to a network span port and managed your switches so it can keep track of what is running on which switch port for further network protection. But even if you don’t set these features up, there is still a lot that you can control and manage on your network.
If you already have a solid idea of what your network compliance rules are or have a high confidence that you have a properly documented network, this is a great product that can encode these rules directly into its protective features. If your network has grown or changed since you last attempted a compliance audit, then this product will force you into cleaning up your act and that could be very painful.
Once you have your policies, you can start examining your network. If your PCs aren’t compliant, you can remediate each PC, run a script to force an update to install a piece of software, send a notification email, and dozens of other actions. All of this is available via a series of choices with a right mouse click.
This product is a user interface nightmare, mainly because of the numerous controls and methods that you need to access its various pieces. There are actually two separate menu displays. First are icons across the top labeled NAC, Inventory, Threats, Policy, and the main dashboard display. Second are the series of text-based menus (such as File, Reports and Tools), some of which duplicate the icon-based menus. Then there is the appliance, which has a Web-based interface: this is where you access some of the various reports – others are in the previous menu.
Agents (which ForeScout calls its secure connectors) can be installed from the web interface of the appliance as permanent applications or as dissolvable, meaning they don’t survive a reboot. What makes this product impressive is the level of control that you have even if you use agentless operations. As evidence of this, the documentation runs to more than 750 pages.
ForeScout has designed this product more for enforcing network policies and orchestration with other network security tools. There are more than a dozen extra cost integrations with Palo Alto Networks, Bromium, FireEye and numerous others documented here. On that link are a long list of other vendors of anti-virus tools and network switches that it integrates with. Sadly, each of these integrations is specified in a different part of the product, which adds to its configuration complexity. Some of these integrations carry additional fees.
Sign up for CIO Asia eNewsletters.