CounterACT

CounterACT®

ForeScout CounterACT® is a physical or virtual security solution that dynamically identifies and evaluates network devices and applications the instant they connect to your network. Because CounterACT doesn’t require agents, it works with your devices—managed and unmanaged, known and unknown, PC and mobile, embedded and virtual. CounterACT quickly determines the user, owner, operating system, device configuration, software, services, patch state and the presence of security agents. Next, it provides remediation, control and continuous monitoring of these devices as they come and go from the network.

Network visibility is critical today. Every device on your network is a potential attack or reconnaissance point that must be discovered and secured. These myriad devices fall into three categories:

Managed devices. Corporate-owned PCs, laptops, mobile devices and infrastructure components require management agents, allowing IT staff to discover, maintain and control them.

Unmanaged devices. Employees, contractors and visitors use their own laptops, tablets and smartphones to access your network. Since you don’t own these devices, you typically have no authority to put security software (e.g. security agents) on these devices. Therefore, they are invisible to traditional security products.

IoT devices. Today, the majority of the new devices connecting to enterprise networks are IoT devices. These devices can be anything from your video surveillance and audio visual systems to medical devices and 3D printers. The list goes on and on. They have purpose-built operating systems that were not designed to run your security software. Consequently, they are simply invisible to your existing security products.

ForeScout sees managed, unmanaged and IoT devices. ForeScout CounterACT® provides in-depth visibility using a combination of active and passive monitoring techniques to see devices the instant they enter the network—without requiring agents. CounterACT classifies and assesses these devices, then continuously monitors them as they come and go from the network. 

Orchestrate

Orchestrate

Imagine if your existing infrastructure and security tools worked as one truly integrated system. You could automate workflows and accelerate system-wide response without human intervention.

Today’s enterprises typically have a dozen or more security products operating as independent security management silos. This disjointed approach prevents coordinated, enterprise-wide security response, allowing attackers more time to exploit system vulnerabilities. It also results in manual, inefficient processes that can’t scale to address the growth of BYOD and the Internet of Things. ForeScout tears down security silos.

ForeScout orchestrates system-wide security management to make formerly disjointed security products work as one. This unique set of network, security and management interoperability technologies extends the power of ForeScout CounterACT® to more than 70 third-party solutions*, allowing the combined system to accelerate response, achieve major operational efficiencies and provide superior security.
ForeScout achieves this in three ways:

Sharing contextual insight

ForeScout dynamically shares endpoint device identity, configuration and security details with other security and management systems you own and use. This bidirectional data exchange adds to the overall properties that can be applied to the rules engines of other tools, enhancing policies and actions.

Automating workflows

ForeScout allows systems to share policy-based decisions that previously required manual analysis and application across systems. Automating these workflows and processes results in coordinated, instantaneous response.

Automating response actions

Many security products such as advanced threat detection systems, security information and event management (SIEM) and vulnerability assessment tools can inform IT staff about security issues. ForeScout instantly applies this security insight to trigger an automated response and enforce its broad range of policy-based controls, such as isolating the device and remediating the endpoint to eliminate threats.

 

Enterprise Manager

Enterprise Manager

Enterprise Manager can be deployed as a physical or virtual management appliance. It oversees ForeScout CounterACT activities and policies and collects information about malicious activity at an appliance, as well as identification, notification, restriction and remediation actions taken by CounterACT. This information is available for display and reporting at the CounterACT Console.

GAIN CENTRALIZED MANAGEMENT AND CONTROL

Centralized configuration: Settings and configurations for CounterACT appliances can be managed from a single Enterprise Manager console. Settings can be updated en masse, with a single keystroke, and the Enterprise Manager will replicate those settings to the CounterACT appliances that have been registered to the Enterprise Manager.

Centralized reporting: Enterprise Manager collects information from CounterACT appliances that have been registered to it, allowing the Enterprise Manager to produce information and reports for your entire enterprise.

Ease of use: The user interface of the Enterprise Manager is identical to the interface of the CounterACT appliance.
Disaster recovery: A separate Enterprise Manager appliance can be purchased and installed in a remote location for purposes of disaster recovery. The remote appliance can be configured as a “recovery manager,” which automatically maintains a duplicate set of policies and configurations.

Network scope: Enterprise Manager automatically identifies IP addresses or network segments that are not within the management of a CounterACT appliance.

Automated management: Enterprise Manager helps manage upgrades, licenses, backups and restores for CounterACT appliances within the network.

ControlFabric Architecture

The ControlFabric® Architecture is a set of open integration technologies that enables ForeScout CounterACT® and other IT solutions to exchange information and more efficiently mitigate a wide variety of network, security and operational issues. As a result, customers can achieve continuous monitoring and mitigation capabilities that better leverage their infrastructure investments and optimize IT resources.

Today, more than 70 different hardware and software products* leverage our ControlFabric Architecture to orchestrate multivendor interoperability and security management via ForeScout Base and Extended Modules.

Why ControlFabric

Unify system-wide security management

ForeScout ControlFabric Architecture extends the power of ForeScout CounterACT to leading IT solutions, allowing you to:

• Share contextual insight with IT security and management systems
• Automate common workflows, IT tasks and security processes across systems
• Accelerate system-wide response to quickly mitigate risks and data breaches

Features

• Agentless: No endpoint agents are required for authentication and network access control, allowing CounterACT to see and control managed, unmanaged and IoT devices.
• Open interoperability: CounterACT works with popular switches, routers, VPNs, firewalls, endpoint operating systems (Windows®, Linux, iOS®, OS X and Android), patch management systems, antivirus systems, directories and ticketing systems—without infrastructure changes or upgrades.
• Security orchestration: Optional modules orchestrate information sharing and policy-based security enforcement between CounterACT and leading IT and security management products.
• 802.1X authentication, or not: Choose 802.1X or other authentication technologies such as LDAP, Active Directory®, RADIUS®, Oracle® and Sun. Hybrid mode lets you use multiple technologies concurrently.

Deployments

Governement

Local, state and federal government agencies are prime targets for hackers, whether politically motivated, seeking information they can sell, or simply engaged in mischief. By providing secure network access for a wide range of devices and user populations, ForeScout CounterACT® can help government agencies protect their confidential data and support their compliance efforts with mandated policies and regulations such as FISMA, NERC, ISO/IEC 27001 and the GDPR. ForeScout can:

• Identify managed and unmanaged devices and control the spread of malware across the network
• Guard against targeted threats that can result in stolen data and network downtime
• Address endpoint compliance issues related to Security Content Automation Protocol (SCAP)

Financial

Protect information assets and fortify security, privacy and compliance

Although financial institutions face threats from a multitude of sources, today’s primary risks are internal. Employees and contractors misuse and abuse corporate data resources—intentionally or otherwise—and their personally owned devices can wreak havoc on network security and stability. CounterACT delivers real-time visibility and automates control of devices the instant they connect to your network to:

• Improve security posture without impeding customer service
• Reduce risks of data breaches and malware attacks
• Support your compliance efforts with regard to FINRA, GLBA, PCI DSS, SOX and other regulatory mandates

Retail

Reduce risks of data breaches and malware attacks

Cybercriminals constantly look for—and find—opportunities in the retail environment. As breach disclosures continue unabated, retailers need better ways to secure POS systems, ATMs, kiosks and other endpoints while keeping pace with regulations. CounterACT helps retailers address PCI DSS 3.0 compliance and reassure customers and shareholders. This powerful appliance can:

• Continuously monitor POS machines and other devices
• Automatically detect and remediate retail endpoints
• Identify and control devices that are attempting to access the network

Healthcare 

Boost security, privacy and compliance in clinical settings

Healthcare organizations are facing constant threats as new types of devices add vulnerabilities to medical networks. CounterACT sees devices including medical, personally owned and IoT devices, the instant they connect. Its policy engine identifies devices from nearly 100 medical device manufacturers to help you:

• Improve security posture without impeding medical care
• Expand network access to doctors and other clinicians, caregivers, research organizations and contractors
• Support compliance efforts with regard to mandates from HIPAA, HITECH, OSHA and other regulatory bodies

Education

Maintain security and privacy while facilitating learning

Security teams at educational institutions face a unique challenge: dealing with a constantly changing array of unmanaged devices connecting to the network even as they must try their best to maintain the free flow of information. But with CounterACT, you can:

• Control access to networks by students, teachers, administration and guests
• Automatically enforce limits based on identities
• Continuously monitor the behavior of devices on the network and automatically execute a range of responses

Manufacturing

Protect intellectual property, business operations and your company’s brand

Cybersecurity in manufacturing is extremely complex because there’s so much at stake—everything from factory floor operations to reputations, not to mention productivity and profitability. Fortunately, CounterACT lets you:

• Gain real-time visibility and endpoint compliance by continuously monitoring the vast array of small-footprint, IP-connected devices
• Automate remediation of vulnerabilities on managed and unmanaged endpoints
• Rapidly respond to incidents without human intervention

Knowledge Base

Documents