Network security basics: A Buyer's Guide
A collection of articles that takes you from defining technology needs to purchasing options
Editor's Note: This ForeScout NAC product overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products and compares the leading network security vendors in the market.
ForeScout is a well-known name in the world of network access control (NAC). The company's CounterACT NAC platform is flexible and easy to deploy; it supports multiple authentication methods -- including a built-in RADIUS server for 802.1X authentication -- or direct authentication with the Lightweight Directory Access Protocol (LDAP), Active Directory, Oracle and Sun platforms. Once authenticated, administrators have a wide range of control options to categorize, permit or deny access and remediate any end-device issues. CounterACT is based on an open architecture called ControlFabric, which allows for easy interoperability with other third-party security and network hardware and software.
ForeScout NAC platform options and features
The ForeScout NAC platform can be deployed either as an all-in-one appliance or as a virtual machine (VM). There are six different appliance models to choose from, which can support between 100 and 10,000 devices per appliance. Multiple appliances can be centrally controlled from a single pane of glass using the ForeScout CounterACT Enterprise Manager.
CT-R / VCT-R
The CT-R appliance and virtual machine equivalent, VCT-R, are designed for remote sites or small enterprises up to 100 devices. These ForeScout NAC products can process up to 100 Mbps. The physical appliance includes four 10/100/1000 Mbps Ethernet physical interfaces for connectivity. On the VM side, the minimum requirements are a two-core CPU at 1.5 GHz, 4 GB of memory and 80 GB of disk space.
CT-4000 / VCT-4000
In the middle of the ForeScout NAC product line is the CT-4000 appliance and VCT-4000 VM. Each can support up to 4,000 end devices and can process multi-Gbps bandwidth. The CT-4000 houses four to eight 10/100/1000 Mbps Ethernet interfaces for connectivity, depending on the specific model purchased. This model also includes dual power supplies for added resiliency. The VCT-4000 virtual appliance requires an 8-core CPU at 2 GHz, 10 GB of memory and 80 GB of disk space.
CT-10000 / VCT-10000
At the high end of the ForeScout NAC product line is the CT-10000 appliance and the VCT-10000 VM. These two products can each handle up to 10,000 end devices and can process multi-Gbps bandwidth. The CT-10000 houses four to eight 10/100/1000 Mbps Ethernet and optional dual-10 Gbps SFP Ethernet interfaces for connectivity, depending on the specific model purchased. The VCT-10000 virtual appliance requires an 8 core CPU at 2 GHz, 16 GB of memory and 160 GB of disk space.
ForeScout NAC pricing and support
ForeScout makes its products available through a partner reseller network, which can assist with integration if required. List pricing for products begins around $4,000 and can top $200,000 for the high-end CT-10000 appliance with optional 10 Gbps interfaces.
ForeScout's support, ActiveCare, is offered either as a basic or advanced product. Each includes online and email support, as well as software updates. ActiveCare Advanced provides 24/7 support and two-business-day shipping for replacement hardware.
Read our Buyer's Guide on network access control.
Examine how network access control has adapted to IoT.
Check out our five tips for managing guest access to your network.