ForeScout Looks to Lead NAC Pack

ForeScout enhances its NAC product to help secure VOIP deployments and enforce policy at the endpoint.

ForeScout Technologies is expanding the capabilities of its flagship network access control product with the goal of adding flexibility and security to endpoints and voice over IP deployments.

CounterACT 6.2, announced Oct. 1, includes a number of new enhancements—from a dissolvable client option to a new, powerful scripting engine for tailored automated remediation—ForeScout officials said will offer customers more options in securing their networks and remediating out-of-compliance machines.

"The feedback we receive from customers is that mature NAC doesnt box in customers," Ray Wizbowski, vice president of marketing at ForeScout, told eWEEK. "We really need to be flexible and meet the needs of a specific environment."

CounterACT 6.2 extends support for VOIP devices by identifying endpoints and providing policy enforcement without disrupting VOIP connections and functionality, ForeScout officials said. One of the challenges with network access control is how to handle a laptop plugged into the back of a VOIP phone if it needs to be remediated, Wizbowski said.

"Weve now been able to separate that and look at the devices as two individual devices, even though they are sharing a single connection," he said. "So we can remediate, quarantine, we can block the laptop or the connecting devices on the other side of the VOIP phone without dropping the call if some sort of remediation action needs to take place."


Click here to read more about NAC attacks.

CounterACTs latest release also introduces a set of new features for advanced device detection and policy enforcement capabilities, including protection against ARP (Address Resolution Protocol) spoofing, session-specific policy creation and enforcement, open-port hardening, and network-agnostic surgical blocking.

The appliance handles the remote inspection of the endpoint, and all security and compliance enforcement are still taking place on the network, Wizbowski said.

"The last couple years at Black Hat [conferences], the thing that has been hacked when it comes to NAC is the Cisco Agent," he said. "They hack the agent, they falsify the health statistics going into the system and bypass the system. This doesnt allow for that to take place. It cant be spoofed. If they spoof it to make the connection back to the appliance, the NAC functionality and the policy enforcement will still remain the same."

CounterACT includes a dissolvable client that can bypass remote connection barriers by automatically initiating an outbound SSL (Secure Socket Layer) connection with the CounterACT appliance. The new Secure Connector feature allows CounterACT to conduct a network-based, in-depth interrogation of guest devices.

Meanwhile, a logic-based policy creation process allows users to address policy violations with multiple remediation options within a single policy. For example, enforcement actions can be set so that they escalate over a time according to the severity of a violation, Wizbowski said.

Founded in 2000, Cupertino, Calif.-based ForeScout has tried to position itself against Cisco Systems, the pioneer and leader in NAC, as well as Juniper Networks and Microsoft.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.