Some other issues: Cybereason requires a large resolution monitor (1920x1200 is best) to view its console; it would be nicer if the software had responsive design to fit into smaller screens. And the listing on the System/Probes screen that shows healthy PCs doesn’t really mean that they are infection-free, but that their agents are up and running and can communicate back to the management server. That is somewhat confusing. These drawbacks show that Cybereason is still adding features and abilities that most of the competition have. While its console is nicely designed, it still needs some work.
Cybereason’s agents are visible in the Windows Control Panel Programs listing, but that is all that an end user can see. Agents can be remotely updated from the management console, and an administrator can disable data collection or restart the agent too. Users can be added in one of several roles such as analyst, sysadmin, or executive: that level of granularity is superior to most of the other products we’ve tested.
Pricing starts at $75 per endpoint per year, with substantial quantity discounts available. This puts it at the top of the price range of the products we reviewed.
ForeScout’s CounterAct grew out of its early experience in the Network Access Control (NAC) market and still strongly reflects that history, although you can use the product without ever turning on any of its NAC features and just focus on the endpoint controls. Unlike most of the products that are part of this review, you can operate CounterAct without installing agents, although they are available for Windows, Mac and Linux endpoints. Because it doesn’t exclusively rely on agents, it is good for monitoring headless IoT and other embedded types of devices. It is now used in several very large installations, including one with managing more than a million endpoints.
CounterAct comes in two pieces. First is either a dedicated rack-mounted appliance or as a physical server or VM that can run on ESX or Hyper-V. This is running its own version of Linux. Second is a dedicated Windows-based management server. Getting both to work together is somewhat involved. There are dozens if not hundreds of options to get the product working correctly, and easy to miss a checkbox here or there: this is definitely a product for experienced consultants on a professional services contract to help get you started.
The management console is where you apply updates – and there are more than a dozen software modules that needed updating on our box. This took several hours to download and install. Once this is done, you create specific protection features and other administrative tasks. Then you need to start setting up your protection policies, which are written in XML and can be downloaded from the ForeScout support site to get started before you customize them for your own purposes. These policies are the heart of the product, and where the meat of its activities takes place. Policies can be mapped to particular network segments, or types of endpoints (such as embedded devices or guest smartphones).
Sign up for CIO Asia eNewsletters.