ForeScout updates NAC box

Adds dissolving clients and new high-end system.

By Bryan Betts, Techworld | Techworld
Published: 07:26 GMT, 05 October 07

Forescout has updated the software in its CounterACT NAC appliances, adding features such as a "dissolving client," and the ability for administrators to write scripts that automate the process of remediation - bringing a PC into line with security policies.

The company also said it is adding an appliance that's almost twice as powerful as its current top-end system. The CT-4000 will support up to 4000 concurrent connections, compared with 2500 connections for the CT-2000.

CounterACT's dissolving client works by initiating an outbound SSL connection from the PC back to the NAC appliance, and was developed to cope with personal firewalls on visiting PCs, such as contractors' laptops, said Ray Wizbowski, ForeScout's marketing VP.

"We don't want to put an agent on those PCs because it introduces a point of vulnerability," he added.

He said that ForeScout has also improved its policy creation process, which he claimed makes it more flexible and intuitive, and has extended its device support. In particular, it can now detect and control a VoIP device connected to a PC and sharing its IP address.

"We can separate a phone from a PC by its MAC address and put it in a VoIP VLAN," Wizbowski claimed.

CounterACT combines several features relevant to NAC, allowing a single appliance to replace up to four systems from the likes of Cisco, he said.

As well as inspecting PCs and other network devices for security threats, it applies security policies and monitors the network for non-compliance.

If a policy violation is detected, the appliance can be set up to block the threat, for example by quarantining the suspect device. Alternatively it can simply log the violation, which enables admins to preview the effect of a security policy change, without actually implementing it.

It works out-of-band, so it can be used on an existing network, and it needs no client software on the end device. Instead, it cancels prohibited connections using TCP resets.

Wizbowski added that the upcoming CT-4000 appliance will provide four times the throughput of the 1Gbit/s CT-2000, and will be upgraded to support 10Gbit Ethernet in the future. The CT-4000 will list for $69,000 (£35,000), he said.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Networking news

Cisco free iPhone app grabs security feeds

Cisco SIO To Go iPhone application for IT managers on the road

20 November 2009

Queen's speech promises action on pirates

Government sticks to plans to disconnect illegal file sharers

Ombudsman faults EC's Intel antitrust ruling

European Commission accused of "maladministration"

Blue Coat unveils faster network security appliances

Web security gateways acheive 1Gbps performance

Related Networking reviews

Western Digital WD TV Live media player

Opera 10 browser

Internet Explorer 8 review

SANs tuned for virtualisation

Whether you're using virtualisation to make large applications more manageable or to consolidate many small applications, a SAN packed with features that ease the management of storage for virtual machines is a good thing.

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *