See the complete list of top 9 network access control (NAC) solutions.
In 2000, ForeScout entered the security market as an NAC player. Since then, it has expanded its offering to protect organizations against IoT threats. It is a privately held company with investments from several venture capital firms. It has over 700 employees and is based in San Jose, Calif.
ForeScout CounterACT provides real-time visibility, control and orchestration across network infrastructures. This includes visibility and control across campus, data center and cloud. It discovers IP-based devices as they connect to a network, classifies them based on characteristics, assesses their security posture based on policy and behaviors, and then takes action as appropriate. With automated policy-based access control and enforcement of devices, users and applications, ForeScout allows organizations to limit access as appropriate, automate guest onboarding, find and fix endpoint security gaps, and maintain and improve compliance. The technology integrates with all major network infrastructures and is able to scale with its customers' needs.
"NAC solutions must integrate with a diverse group of switches, routers and servers, and not be constrained by a single vendor dependency," said Jennifer Geisler, vice president of marketing at ForeScout Technologies. "This level of integration is required to enable policy-based segmentation and VLAN assignment. M&A activity and other factors have resulted in a mixed network environment, where 802.1X authentication cannot be assumed."
It is an agentless IoT security solution that discovers devices, assesses their hygiene and regularly monitors security posture. An optional dissolvable agent (SecureConnector) is available.
Markets and Use Cases
The company has seen strong adoption in government (it protects many DoD networks), financial services, healthcare (it can protect non-traditional devices such as laboratory instruments, heart monitors, infusion pumps, X-ray systems and handheld devices used by clinicians), and retail (cardholder data security, POS systems, security cameras).
CounterACT's largest customers use it to manage over one million devices. It can discover and classify 500 endpoints in five seconds or less.
Center for Internet Security CSCs (Critical Security Controls)
CDM (Continuous Diagnostics and Mitigation)
FISMA (Federal Information Security Management Act)
HIPAA (Health Insurance Portability and Accountability Act)
HITECH (Health Information Technology or Economic and Clinical Health Act)
ISO/IEC 27001 (International Standards Organization/ International Electronical Commission)
NIST (National Institute of Standards and Technology) Risk Management Framework
PCI-DSS (Payment Card Industry Data Security Standard)
SCAP (Security Content Automation Protocol)
SOX (Sarbanes-Oxley Act)
ForeScout uses automation for policy-based segmentation and enforcement of devices, users and applications.
CounterACT can be deployed in multivendor, heterogeneous environments – as a physical or virtual appliance – across the campus, data center and cloud.
Physical appliances with software license start at $4,995. Virtual appliances with software license start at $3,701. Failover Clustering license starts at $2.50/endpoint.