So, You Want to Evaluate CounterACT®?

November 3, 2016 Tamer Baker

You’ve read all the rave reviews. You’ve perused the white papers, case studies and solution briefs. You’ve even called on existing customers—all of whom confirm the benefits your ForeScout System Engineer told you about. At this point, why not just move forward with the procurement?

“Whoa, not so fast.” “My network is completely unique.” “No one has a network like ours!” “I don’t know if it will work in my environment.”

Believe it or not, we’ve heard all of these concerns—and successfully addressed them. We solve the needs of small, discreet deployments in extremely low-bandwidth, tactical environments, and scale all the way up to multi-national global deployments. We’ve got deployments at a single site with multiple Virtual Routing and Forwarding (VRFs) to a centralized deployment supporting 1,000 sites, including a standby Continuity of Operations (COOP). We have deployments in wired, wireless, VPN, 802.1x, non-802.1x, integrating with Cisco, Aruba, Brocade, Juniper, HP, Dell, Palo Alto, FireEye, Intel Security (McAfee) and more. It’s nice being the “Switzerland of Network Security,” because our solutions work in any environment.

That’s okay, though, we get it … you are still “unique” and need to see it for yourself. So what now?

If you are not currently in touch with a ForeScout representative, that’s your next step. Head over to and request a demo (top-right corner, green button). There will be some initial discovery on our part to route you to the correct team, which will take care of your needs from that point on. I highly recommend getting all of your teams involved in this evaluation (network and system administrators and well as information assurance personnel) because CounterACT will impact every one of these teams in a very positive way through automation! When you’re ready, we will work out evaluation details. What does a typical evaluation consist of, you ask?

Every situation is different (just like you). Based on your needs, we will send either a physical or virtual appliance. Not all systems engineers are alike, but I like to go with a physical device for up to 1,000 endpoints. The standard evaluation is for only 30 days. Doesn’t sound like enough time compared to other NAC tools you’ve looked at or heard about, but it is more than sufficient time for ForeScout. If you do your prep-work prior to my arrival, by the time we get back from lunch, you’ll have full visibility into everything connected onto the network segments you’ve chosen to evaluate. By the end of the day, we’ll already have written all your initial compliance checks and started remediation actions. There have been numerous occasions where we’ve even started blocking obviously rogue devices (game systems, non-corporate/government machines and more) by the end of the first day! This kind of quick success depends highly upon me walking into a prepared environment.

The preparation isn’t difficult nor time-consuming. Your ForeScout Systems Engineer will provide a planning document well ahead of time. In it, you’ll see what is needed to get ready. At a high level, you’ll need to create the service accounts CounterACT will use to log into the different network devices (SNMP/CLI) and endpoints (via WMI for Windows or SSH for Mac/Linux). No need to deploy an agent. Make sure you don’t forget to add the proposed CounterACT IP to any Access Control Lists (ACLs)! You’ll also have to have ready the list of network segments you plan on monitoring plus the associated network device IPs that CounterACT will integrate with. If you plan on evaluating any other ForeScout® Extended Modules (SCCM, ePO, Nessus, FireEye or others), make sure you have those service accounts ready to go too.

Finally, think about all the use-cases you want to see proven over the 30 days and write them down! What are you struggling with? What can be done to help make things more secure? What about automation? Where do your other tools fall short? Can CounterACT fill those gaps as well? ForeScout CounterACT can do far more than you realize! The more teams involved in the evaluation, the better you will work together to define the increasing problems CounterACT can solve.

I’m sure you are very curious about what you expect to see when CounterACT is finally deployed. This will be the topic of my next discussion. Stay tuned!

The post So, You Want to Evaluate CounterACT®? appeared first on ForeScout.

Previous Article
A Tribute to Security Researchers
A Tribute to Security Researchers

This blog in the Internet of Things (IoT) series comes as a tribute to security researchers everywhere. The...

Next Article
Lights, Cameras, Hack(ion)
Lights, Cameras, Hack(ion)

It had all the makings of a blockbuster horror movie: Malicious actors, ineffective agents and plenty of ca...

Webinar From Customer’s Perspective: Rapid Response to Security Threats.

Register today!