Forescout: More Than Your Average NAC
November 4, 2019
Today’s Brite Insight is brought to you by one of Brite’s certified Forescout Engineers, Matt Ostrowski. Matt specializes in unique Forescout deployments and enjoys finding new ways to utilize the technology.
When people are first exposed to Forescout, it’s typically as a Network Access Control (NAC) solution. But what is NAC? NAC is a security solution to manage both known devices and unauthorized devices the instant they connect to the network. While Forescout’s NAC solution is popular, Forescout’s capabilities extend far beyond.
An organization revolutionize its security approach with Forescout’s CounterACT platform. And it’s really the NAC solution is the tip of the iceberg where Forescout’s CounterACT is concerned. Typically, organizations let the NAC component limit the possibilities of CounterACT. Because of these preconceived notions, CounterACT is often an underutilized software. Let’s talk about why CounterACT is more than your average NAC.
Forescout from an Engineer’s Eyes
As a certified Forescout engineer, one of the biggest mistakes I see customers making is confining CounterACT to the Security and/or Networking teams. CounterACT is an incredibly versatile product that provides value to many different areas of an organization. With numerous control and remediation options (like the ability to run scripts, check for and stop running services/process, installed applications, etc.), CounterACTs uses become near limitless.
An Advanced Use Case
I’ve had the opportunity to deploy CounterACT to solve some unique use cases in my numerous installs. In one particular deployment we were able to use CounterACT to replace a device inventory solution. We wrote a policy to parse through the registry of detected endpoints, which are agentless detected, and modify the list to just company assets. Then, we tied those devices to their serial number and connected it to the company’s active directory.
Complimenting Forescout’s NAC Capabilities
By utilizing the well known device detection capabilities of CounterACT and integrating it to the AD group, Forescout and Brite were able to provide a better solution then the software previously purchased for this function. CounterACT checks for minimum software versions on a system and automatically places the devices on a quarantined network or pushes a remediation (depending on customized settings put in place) which is an added bonus to what is typically an asset management software.
Want to Know More?
Don’t let the NAC categorization of Forescout’s CounterACT disqualify them from being an incredibly versatile tool. Interested in learning more of what CounterACT can do? View Forescout’s white paper – Automating System-Wide Security Response Through Orchestration.
Prefer to have a Brite representative work through how Forescout can benefit your unique environment? Contact us and we will be in touch shortly!
Posted in Cybersecurity Technology, Security (Legacy)