ForeScout Delivers Enterprise-Grade NAC

CounterACT Enhancements and new NAC models meet the enterprise demand for global scalability and granular access control

CUPERTINO, Calif., Sept. 25, 2006 -- ForeScout Technologies, a provider of tailored network access control (NAC) for enterprises, today announced the release of CounterACT 6.0 and the addition of two new products to the CounterACT family. With this announcement, ForeScout responds to the demand of its enterprise customers to meet the need to rapidly deploy NAC globally as well as gain granular control over all devices entering or connected to the enterprise network. By meeting the availability, scalability, and access control demands of the world's largest organizations, the newly upgraded CounterACT family delivers Enterprise Grade NAC.

With this upgrade, CounterACT is the industry's first NAC solution with a built-in application termination function, enabling administrators to automatically stop high-risk applications (such as peer-to-peer applications) that can cause significant security risks to the network. Also included in this release is the ability to deeply inspect Macintosh devices, highly customizable and simplified policy creation, a high-availability feature offering complete redundancy and protection in the event of a failure, and a set of advanced reporting features for ease of management.

Said Kenneth Corriveau, CIO, Omnicom Media Group, "CounterACT 6.0 enables greater application-level enforcement and provides more automatic remediation options, which even further tightens the security we already enjoyed with CounterACT. Add to that the fact that ForeScout simplifies policy creation and is easy to deploy and you've got a must-evaluate product."

Coupled with the release of CounterACT 6.0, ForeScout is introducing two new appliances: CounterACT CT-R appliance, which supports branch offices with fewer than 50 devices, and the CT-2000, which supports up to 2,500 devices for deployment at larger-scale enterprises. This expands the company's current appliance portfolio, which includes the CT-100 that supports up to 250 devices and the CT-1000 which supports up to 1000 devices. The new appliances have been introduced to help global customers create a NAC solution with appropriate appliances that fit perfectly into each location.

"NAC is becoming a critical component of network infrastructure for companies of all types and sizes. It is a technology with broad appeal, but in order for it to be broadly deployable it needs to have a good cost structure, be easy to deploy and easy to maintain," said Jeff Wilson, principal analyst, Infonetics Research, Inc. "ForeScout's CounterACT solutions meet the requirements for broad deployability."

Enterprise Grade Access Control

A key factor to the success of the NAC technology is its ability to provide appropriate access to devices that comply with corporate security policies and ensure all devices remain compliant post-connection. CounterACT 6.0 builds on its policy engine, which currently delivers pre- and post connection NAC, to provide functionality required by global customers. This functionality includes:

  • Remote Application Termination: CounterACT is the industry's first NAC solution with a built-in application termination function, which allows administrators to automatically stop high-risk applications (such as peer-to-peer applications) that can cause significant security risks to the network. Additionally, administrators can audit current processes running on connected devices, and where necessary, turn off barred applications. When audits are complete, all information can be quickly referenced from the CounterACT Enterprise Manager on the administrator's desktop, which provides real-time policy compliance status of the entire network. %%Integration with Microsoft's System Management Server (SMS): Integration with SMS provides CounterACT the ability to trigger remediation via the SMS server automating remediation and patch management.

  • Deep Interrogation of Macintosh Devices: CounterACT 6.0 continues to build on its strength as a clientless solution to extend the ability to perform deep interrogation of Macintosh-based devices, enabling deep compliance checks on any device running MAC OS without the need for any downloaded code.

  • Multi-conditional policy creation: This feature, which provides additional enterprise policy flexibility and granularity, simplifies the rule creation process and allows multiple condition variables, enabling the customization of every policy so that every organizational demand is met.

Global Scalability/High Availability

CounterACT 6.0 includes several global scalability features, including:

  • High Availability (HA): CounterACT 6.0 provides the ability to pair an additional CounterACT appliance with the primary appliance in active-active configuration. The HA unit actively monitors the health of the primary appliance, and if a failure occurs in the primary appliance, the HA unit will assume all configuration and policy settings providing complete redundancy.

  • Streamlined Policy Deployment: CounterACT 6.0 Enterprise Manager can push NAC policies and network tuning from a central location. As new CounterACT appliances are added to the global network, established network policies as well as any customer specific network settings can be imported from the Enterprise Manager, allowing for rapid global deployment.

  • Geographically-Based Policy Enforcement: This allows administrators to customize the enforcement actions based on geographic location and notify users of policy violations in the area's native language.

  • Advanced Reporting Engine: This provides the ability to conduct compliance trend and inventory reports, and it streamlines the logging and filtering of historical information.

Availability and Pricing

ForeScout's entire line of NAC appliances, including the new products mentioned above, will be available October 13, 2006. CounterACT pricing begins at $4,995 U.S. MSRP for the newly introduced CTR. Price points for the remainder of the product family is: CT100 starting at $13,995 U.S. MSRP, CT1000 starting at $28,995 U.S. MSRP, and CT2000 starting at $48,995 U.S. MSRP. More information can be obtained at

About ForeScout

ForeScout's clientless network access control (NAC) solutions enable customers to gain complete control over network security without disrupting end-user productivity. ForeScout's flagship product, CounterACT, combines NAC and signature-less intrusion prevention in a single network appliance that interrogates and controls access of every device and seamlessly integrates with any existing IT infrastructure. ForeScout's NAC is completely transparent and enables enterprises to tailor enforcement to match the level of policy violations, eliminating disruptions during device interrogation. More information can be found at

Must Read Articles