ForeScout's CounterACT 100 NAC solution includes IPS and firewall functionality and is easy to use in the proper environment. It supports common enterprise-class Ethernet switches, including those from Cisco Systems, Juniper, Extreme and Foundry, and integration with endpoint security software from McAfee and Symantec. However, enterprise IT managers should plan their NAC policies before trying to deploy the CounterACT 100.
Enterprises looking for greater protection of their networks often
look to network access control technology to evaluate endpoint security
status and enforce which systems should be allowed on the network.
Typically, a security policy is built and software agents-or in the
case of ForeScout's CounterACT 100, a Web browser with Java-and network
scans interrogate clients to determine their adherence to this policy
and then allow, disallow or allow limited access to the LAN and/or
Internet. This is useful for preventing unauthorized access, shutting
down rogue wireless APs, separating guests from employees and other
valuable internal resources, and just about anything else.
The degree of access varies not only with the security policy, but also with the strength of integration between a NAC solution
the rest of the devices, such as Ethernet switches, and security
solutions, such as endpoint antivirus, it is paired with. This is
because the NAC device can issue commands to compatible switches to
move the unauthorized workstation to a different VLAN or shut down its
Click here to take a look at eWEEK Labs' Walk-through of CounterACT 100.
ForeScout's CounterACT 100 does a decent job of providing full
support for the most commonly used enterprise-class Ethernet switches,
such as those provided by Cisco Systems
, Juniper Networks
Extreme Networks and Foundry Networks. Integration with antivirus and
endpoint security software, necessary to verify and remediate
protection status, is acceptable; present is out-of-the-box coverage
for major vendors such as McAfee and Symantec, but lacking is support
for smaller vendors such as eEye Digital Security (which seems odd
after such good Retina support, see below). It's easy to interrogate a
workstation looking for a specific process, such as "blink.exe", to
verify protection status, but remediation was not nearly as easy as
with supported software.
The ForeScout CounterACT 100 monitors Ethernet switch span ports,
scanning connected devices, sniffing their network traffic and applying
security policy. The first mechanism that the CounterACT 100 uses is
NMAP scans to identify devices and their function, and then logically
group them as in the case of a network printer, which would be placed
into the "printers" group. This is a big step above the rest of the NAC
market as it eases the administrative burden of manually classifying
devices during installation.
I connected the CounterACT 100's monitor port to a recently
configured span (or mirror) port on my Trendnet TEG-240WS switch and
then connected the CounterACT 100's response port to the switch also. I
initially configured the device using an attached keyboard and monitor,
but it would also have been possible to use serial console access.
Setup is intuitive and menu-driven; it even includes a little utility
to flash the lights on the CounterACT 100's ports to identify them. The
unit rebooted, I browsed to its IP address, downloaded the CounterACT
Console app to my workstation and started to build NAC policy.