ForeScout CounterACT Administration Guide

ForeScout CounterACT Administration Guide Version 8.0

About ForeScout CounterACT Administration Guide

This guide is a manual for new users and a reference tool for experienced users. It is designed for users who have logged in to the Console from a ForeScout CounterACT® Enterprise Manager or Appliance. Instructions and explanations in the guide refer to both login scenarios, unless specifically noted. Refer to the CounterACT Installation Guide for information on software installation, post-installation and other installation procedures for CounterACT components, including the Enterprise Manager, Appliance and Console. See Additional CounterACT Documentation for information on how to access the Installation Guide.

CounterACT Help Tools

Access information directly from the CounterACT Console.

Console Help Buttons

Use context sensitive Help buttons to quickly access information about the tasks and topics you are working with.
CounterACT Administration Guide
Select CounterACT Help from the Help menu.
Plugin Help Files

  1. After the plugin is installed, select Options from the Tools menu and then select Modules.
  2. Select the plugin and then select Help.

Documentation Portal

Select Documentation Portal from the Help menu.
Identifying Your Licensing Mode in the Console
If your Enterprise Manager has a ForeScout CounterACT See license listed in the Console, your deployment is operating in Centralized Licensing Mode. If not, your
deployment is operating in Per-Appliance Licensing Mode. Select Options > Licenses to see whether you have a ForeScout CounterACT See license listed in the table.

CounterACT License Setting

Contact your ForeScout representative if you have any questions about identifying your licensing mode.

About CounterACT

The CounterACT platform provides infrastructure and device visibility, policy management, orchestration and workflow streamlining to enhance network security. CounterACT provides enterprises with real-time contextual information of devices and users on the network. Policies are defined in CounterACT using this contextual information that help ensure compliance, remediation, appropriate network access and streamlining of service operations. This is delivered by providing:

  • Real-Time Network Visibility
  • Policy-Initiated or Manual Control
  • Comprehensive Third-Party
  • On-Demand Asset Intelligence

Real-Time Network Visibility

CounterACT classifies devices the moment they attempt to access your network. For example:

  • Desktops, laptops and servers
  • Mobile devices such as smartphones and tablets
  • Personal vs. corporate devices
  • On-premise virtual machines and off-premise cloud instances
  • Switches, WLAN controllers and access points, devices connecting via VPNs, routers, printers, modems, VoIP phones (including PoE-connected VoIP phones and devices), WLAN access points and other network devices
  • Peripheral devices such as USB memory sticks, external disk drives and webcams
  • IoT devices
  • Rogue device

CounterACT inspection capabilities resolve an extensive range of information about these devices, for example:

  • Desktop and mobile operating system information
  • Virtual machine details; for example, VMware Guest Machine health status or Amazon EC2 instance type
  • User directory information
  • Applications installed and running
  • Login and authentication information
  • Software patch levels
  • Endpoint-connected devices, such as USB drives
  • Switch ports to which devices are connected
  • Windows registry information

Policy-Initiated or Manual Control

Networks are constantly changing in device types connected, software and configurations, compliance requirements and the internal and external threat landscape. Controls from notification, remediation and restriction are needed based on enterprise policies enacted by CounterACT to secure the network. Some examples of CounterACT’s capabilities include:

User Enforcement and Education

  • Open trouble tickets
  • Send email to users or administrators
  • Personalize captive portal messages to notify end users, enforce policy confirmation and allow self-remediation
  • Force authentication/password change
  • Log-off user, disable user AD account

Application Control and Remediation

  • Start/stop applications
  • Start/stop peer-to-peer/IM
  • Apply updates and patches
  • Help ensure antivirus products are up-to-date
  • Start/stop processes

Network Restrictions

  • Port disable (802.1X, SNMP, CLI)
  • VLAN control
  • VPN disconnect
  • ACL block at switches, firewalls and routers
  • Wireless allow/deny
  • Quarantine until the devices is remediated

Traffic Control

  • Virtual firewall
  • Update network ACL (switch, router, firewall)

Operating System Control & Remediation

  • Patch/hotfix update
  • Registry configuration

Device Control

  • Disable NIC
  • Disable use of peripheral devices

Comprehensive Third-Party Orchestration

CounterACT allows information sharing with third-party network, security, mobility and IT management products, allowing for automated workflows, time and cost savings and enhanced security. This sharing of information can resolve security issues and contain compromised devices. Use this guide to integrate with a variety of third-party systems, for example:

  • Advanced Threat Detection systems
  • Security Information and Event Management systems
  • IT Service Management systems
  • Endpoint Protection Platforms/Endpoint Detection and Response systems
  • Vulnerability Assessment systems
  • Next-Generation Firewall systems
  • Enterprise Mobility Management systems
  • Almost any third-party product using a web API, SQL or LDAP

When integrating with third-party systems, use the CounterACT tools described in this guide to:

  • Trigger third-party remediation and ticketing systems
  • Efficiently exchange information with third-party systems
  • Mitigate a wide variety of network, security and operational issues
  • Extend the network visibility provided by CounterACT to third-party systems
  • Set up third-party systems to trigger CounterACT actions

Integration is carried out by working with ForeScout Extended Modules.

Readmore and Download ForeScout CounterACT Administration Guide

Title : ForeScout CounterACT Administration Guide
Format : PDF
Pages : 798 Pages
Language : English
File Size : 15 MB

ForeScout CounterACT Administration Guide 

Download PDF