Strong Network Access Control
ForeScout CounterACT is a military-grade security product ideally suited to protect the network infrastructure of the U.S. Department of Defense (DoD), military contractors and suppliers.
In the United States, all Department of Defense (DoD) networks and their connecting networks are required to have an advanced level of security. Some of the specific security requirements include:
- Network access control. The requirement for port-based network access control is contained in the Security Technical Implementation Guide (STIG) that is published by the United States Defense Information Systems Agency (DISA). This document states that all DoD networks must control access at the switch port.
- IAVA. United States DoD networks must comply with Information Assurance Vulnerability Alerts (IAVA) standards.
- Unauthorized devices and applications. Many defense organizations have restrictions against the use of USB memory sticks and peer-to-peer (P2P) applications.
In 2008, ForeScout CounterACT was added to the United States Army Information Assurance Approved Products List (AIAAPL), demonstrating that CounterACT met the Army’s high standards for security, ease of use and deployment, low end-user impact, and interoperability with existing remediation solutions and infrastructure requirements. Since then, many U.S. Department of Defense facilities have deployed CounterACT.
Much of our success is based on CounterACT’s ability to see every IP device connected to the network, control all connections down to the switch port, and provide complex policies to enable and enforce security processes and standards. Enforcement actions can include post-connection monitoring for threat prevention, and detection/blocking of banned devices (such as unencrypted USB memory devices). CounterACT can be deployed with or without 802.1x.
ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of all devices on your network.
The features which make ForeScout CounterACT uniquely suited to address the needs of defense and military organizations include:
- Port-level access control. ForeScout CounterACT helps organizations meet the access control requirements as detailed in the DISA STIG.
- IAVA integration. ForeScout CounterACT integrates with products from eEye Digital Security to deliver a combined vulnerability assessment (VA) and network access control (NAC) solution which automates the process of ensuring that all devices on the network are in compliance with IAVA standards.
- Control unauthorized USB devices and applications. ForeScout CounterACT blocks unauthorized USB devices and applications (e.g. P2P) from all computers on the network.
- Integration with McAfee ePolicy Orchestrator (ePO™). ForeScout CounterACT integrates with McAfee ePO. Specifically, ForeScout CounterACT provides ePO with real-time information about computers on the network, including many parameters (such as the location of computers) that is otherwise unavailable to ePO. This additional information gives security managers a higher degree of Situational Awareness and a greater degree of control over managed endpoints (those within the scope of McAfee ePO).
- Scalability. ForeScout CounterACT has more large deployments than any other network access control solution. Our product has been proven in organizations as large as 190,000 endpoints who manage their entire network from a single centralized ForeScout CounterACT enterprise manager console.
- Compatibility. ForeScout CounterACT is an out-of-band, network-based appliance that works with your existing network infrastructure – no switch upgrades, no network reconfigurations. CounterACT integrates with all major enterprise switches, both 802.1x and non-802.1x.
- Certifications. ForeScout CounterACT is a military-grade security product that has achieved widespread utilization within military environments. ForeScout CounterACT has achieved the following certifications:
- Government contracts. ForeScout CounterACT is listed in several government contracts to ease procurement:
- GSA Schedules (also referred to as Multiple Award Schedules and Federal Supply Schedules)
- NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
- ITES/2H (Managed and used by US Army. Also used by DoD and other federal agencies)
- Encore II (Managed by DISA, Defense Information Systems Agency)