The ForeScout CounterACT is a policy-based network access control product that allows for inventory, classification and regulation of endpoints and network devices. It is available in several different configurations allowing flexibility and scalability. It can be purchased as a hardware or software appliance. It can be deployed in two different modes. In the first, CounterACT is a standalone installation, but in the second Counteract can become the manager for all of the other CounterACT instances across a network. This allows one person to manage policy across an entire organization from one console. When setting up this kind of deployment, the admin can set the location of each appliance and it then creates a world map. By looking at the map, administrators can quickly check on compliance statistics in a visual and intuitive way.

We were pleasantly surprised at how easy the ForeScout appliance was to set up. We used a physical appliance for our tests, and after we removed it from the box, connected a monitor and keyboard and turned it on. When we started it up, we were presented with a simple command line setup that was well documented in the included quick-start guide. After we configured the management interface, we were able to access the device via a web browser. It is interesting to note that the device is actually configured by client software, but the machine on which one installs it does not necessarily need to be dedicated to ForeScout. After we installed the included software and connected to the appliance, we were greeted with a well-designed management interface.

The ForeScout CounterACT appliance comes with a robust feature set, but it requires some configuration to make use of all of it. For proper monitoring functionality, it must be connected to a core switch with maximum access to the network. It supports 802.11Q trunking for monitoring across multiple VLANs, but it also comes with plenty of network cards for working with several network spans. Once it is set up, it will automatically begin looking for network devices and categorizing them based on built-in policies. The user interface makes it very easy to add and edit policies. 

The offering came with a documentation packet in the box. Several manuals were included covering topics such as connection, choosing where in the network to deploy the appliance and basic configuration of the management interface. We found that the documentation was well setup and it included many pictures, diagrams and screen shots.

Basic support starts at $2,519 per year for one appliance and includes web and email support, an online portal, all software updates, nine-hours-a-day/five-days-a-week telephone support, and five business-day hardware replacement. Advanced support starts at $3,218 per year and includes everything from basic support, but bumps the telephone support to 24/7/365.

Because of its rich feature set, we find this product to offer great value for its price. Starting at around $14,000, the hardware appliance comes with an excellent user interface and a ton of out-of-the-box functionality. The capability of this device to interface with nearly any network device and endpoint application adds to its value greatly. We select this as our Best Buy.