Like the rest of us in IT, ForeScout has watched the reign of the wired Ethernet host morph into a wireless-heavy landscape. Networks that were once tightly controlled in both reach and device count are becoming the minority as more environments realize that they have little choice but to accommodate the rush of wireless devices that departments and individuals expect to be able to leverage on the Enterprise WLAN. As an out-of-band Network Access Control solution, ForeScout seeks to be the gatekeeper that tames wired and wireless networks alike as ever more devices show up to the network party.
Having gone through the NAC selection process fairly recently for my own environment, I know first-hand the challenges of finding a solution that will comfortably fit your network, user and device types, and organization policies without making you do back flips. "The network" is becoming increasingly more complicated as, in the words of the Gartner Group, IT becomes more consumerized. So when ForeScout's CEO Gord Boyce reached out to tell me the ForeScout story of taming device sprawl with a solution that fits almost any existing network topology, I was compelled to listen.
Boyce gave me the nickel background on ForeScout, from the company's roots as an IPS solutions vendor to their current standing as NAC provider to large enterprises, Government agencies, and other customers with distributed sites and/or large centralized networks who use their CounterACT appliances. Although ForeScout likes to lead with their ability to provide agentless NAC, my conversation with Boyce revealed that CounterACT is most tightly integrated with Active Directory environments, and beyond the confines of AD an agent is a likely requirement. From where ForeScout sits, domain laptops are as controlled and safe on the wireless network as they are on the LAN. Beyond the basic workstation model, in the waters where employees bring their "consumerized IT" devices like smatphones and the latest tablet of the month to the workplace, CounterACT leverages a variety of interrogation tricks and database queries to figure out who and what is knocking on the network door and responds with appropriate policy-based permissions or denials.
Boyce spoke of short time to value with CounterACT as it requires minimal setup, and how customers are frequently shocked to see the wide range and numbers of devices on the network that were not rolled out by central IT. ForeScout helps educate their clients that trying to keep the many, many latest wireless consumer devices away is akin to holding back a tide that will eventually wear you down- it's far more practical to manage what shows up than to try to remove them. With a built in guest registration portal, ForeScout's CounterAct adds versatility to managing both wired and wireless as networking paradigms get more complex and unpredictable from the client end.
For me, I like the notion of tight AD integration and the ability to really keep important workstations out of harm's way with ForeScout. But this is also the easiest portion of the client pool to manage. ForeScout's promised ability to manage non-AD wireless devices of all flavors by helping them to isolation vlans, keeping them off of specific networks, or otherwise working magic that equals herding cats is the real payoff for the WLAN manager shopping for NAC.
