ForeScout CounterACTâ„¢
KnowledgeIndustry analysts have called CounterACT one of the most advanced network sensors in the industry. It reveals who and what is connected to your network with pinpoint accuracy, and continuously monitors for changes.
Feature/Benefits
- Out-of-Band. Deploys outside of the switch and monitors network traffic as a mirror to the switch port.
- Built-In Threat Prevention. Patented threat prevention engine protects the network against zero-day self-propagating threats and helps to ensure that every device that attempts to attach to the network is free of viruses and malware.
- IT Infrastructure Integration. Leverages and supports all existing IT infrastructure investments. Integrates with all major enterprise switches, both 802.1x and non-802.1x. Provides complete User-to-IP-to-Switch-to-Switch-Port mapping. Pinpoints location (IP->switch->location), user identity (LDAP->authentication) and endpoint system status (patch updates->AV, etc.). Leverages the switch's built-in security mechanism including VLAN assignment and switch post-blocking.
- Clientless Operation. Detects and protects any device with an IP address without the need for a client residing on each endpoint. This includes the detection of devices like VoIP phones, printers, healthcare equipment, manufacturing machinery, etc.
- Secure Connector Dissolvable Client. Persistent, multi-platform client delivers added peripheral protection for guest/contractor laptops and can be used to detect and disable portable data storage devices such as USB memory sticks on a per-policy basis.
CounterACT has been lauded as the most effective, people-friendly and productivity-enabling NAC solution on the market. It automates network access and brings devices into security policy compliance without disrupting the user.
Feature/Benefits
- Policy Creation Engine. Offers flexibility to create the right network policies for your enterprise. CounterACT offers out-of-the-box templates and a simple, easy-to-use wizard that guides you through every step of policy creation. CounterACT also includes a PCI regulatory compliance kit that streamlines the compliance audit and reporting process.
- Policy Compliance Engine. Leverages IT infrastructural and CounterACT's built-in enforcement mechanisms to automate user and device compliance checks and to speed remediation or containment of out-of-compliant devices.
| Audit Mode | Allows IT staff to simulate and fully understand the impact of a specific policy on devices and users before enforcements are turned on. |
| Notifications (Alert/Inform) | Notifying the user of policy violations is the first step towards remediation. Automated notifications and actions such as trouble ticketing, emails, browser hijacks and redirects significantly reduce costly help desk overhead. |
| Access Control, Enforcement & Auto-Remediation | CounterACT limits non-compliant device access to specified resources, thus enabling users to remain productive while their device-compliance violations are addressed. For example, if a user device is found to have an out-of-date anti-virus (AV) definition file, it can be moved to a VLAN, allowing the user to access email and Internet while blocking the device from other critical resources. CounterACT can then work with existing services to provide guided remediation and/or cue the AV server to auto-update a specific device. Once remediation is complete and the device is found to be in compliance, complete access to the production network may be granted or restored. CounterACT integrates with a number of remediation services, including patch management, anti-virus, anti-spyware, vulnerability management, and more. These third-party integrations allow CounterACT to orchestrate and automate the process of correcting policy violations. For example, if a device misses a critical patch, CounterACT detects the policy violation and automatically cues the patching engine (Microsoft WSUS, SMS, PatchLink, Altiris, etc) to update the specific system. Often this can be done without the user's involvement, retaining update report information for future security audits. |
| Blocking | CounterACT provides the ability to completely block the access of any device on the network. This can be accomplished by simply turning off the switch port or by leveraging CounterACT's built-in virtual firewall. The virtual firewall provides the ability to quarantine a device or a specific device port where malicious activity has been detected. |
| Post Connection Monitoring | After initial connection is made, access control policies are enforced on an on-going basis. CounterACT continuously monitors the network for policy violations and/or the introduction of self-propagating threats from connected devices. This advanced capability ensures that the network is always safe and devices are always in compliance with established network security policies. |
| Reporting | CounterACT has a fully integrated reporting engine that allows report-generation filters to be applied to both current and historical data. The reports help IT staff monitor and control device compliance and fulfill regulatory audit requirements. |
Deployments
CounterACT has the best track record in the industry for successful, fast and non-disruptive NAC deployments.
Feature/Benefits
- Integration. CounterACT integrates with numerous third-party solutions, installs in a few hours and begins delivering real value within a day.
- Non-Disruptive Roll Outs. CounterACT initial rollouts follow the same well-articulated, non-disruptive management process used to establish network access control and monitor/maintain compliance.
- Customer Driven, Global Deployment Proven. ForeScout continues to respond to customer requirements, meeting the availability, scalability, and access control demands of the world's largest organizations in the financial, educational, federal, military, health and manufacturing sectors. CounterACT protects over 500 of the world's largest and most secure enterprises and military installations with global deployments spanning 37 countries.