ForeScout updates NAC box
Adds dissolving clients and new high-end system.
By Bryan Betts | Techworld | Published: 07:26, 05 October 2007
Forescout has updated the software in its CounterACT NAC appliances, adding features such as a "dissolving client," and the ability for administrators to write scripts that automate the process of remediation - bringing a PC into line with security policies.
The company also said it is adding an appliance that's almost twice as powerful as its current top-end system. The CT-4000 will support up to 4000 concurrent connections, compared with 2500 connections for the CT-2000.
CounterACT's dissolving client works by initiating an outbound SSL connection from the PC back to the NAC appliance, and was developed to cope with personal firewalls on visiting PCs, such as contractors' laptops, said Ray Wizbowski, ForeScout's marketing VP.
Related Articles on Techworld
"We don't want to put an agent on those PCs because it introduces a point of vulnerability," he added.
He said that ForeScout has also improved its policy creation process, which he claimed makes it more flexible and intuitive, and has extended its device support. In particular, it can now detect and control a VoIP device connected to a PC and sharing its IP address.
"We can separate a phone from a PC by its MAC address and put it in a VoIP VLAN," Wizbowski claimed.
CounterACT combines several features relevant to NAC, allowing a single appliance to replace up to four systems from the likes of Cisco, he said.
As well as inspecting PCs and other network devices for security threats, it applies security policies and monitors the network for non-compliance.
If a policy violation is detected, the appliance can be set up to block the threat, for example by quarantining the suspect device. Alternatively it can simply log the violation, which enables admins to preview the effect of a security policy change, without actually implementing it.
It works out-of-band, so it can be used on an existing network, and it needs no client software on the end device. Instead, it cancels prohibited connections using TCP resets.
Wizbowski added that the upcoming CT-4000 appliance will provide four times the throughput of the 1Gbit/s CT-2000, and will be upgraded to support 10Gbit Ethernet in the future. The CT-4000 will list for $69,000 (£35,000), he said.
