ForeScout CounterACT Features & Pricing

See the complete list of top 9 network access control (NAC) solutions.

Company Description

In 2000, ForeScout entered the security market as an NAC player. Since then, it has expanded its offering to protect organizations against IoT threats. It is a privately held company with investments from several venture capital firms. It has over 700 employees and is based in San Jose, Calif.

Product Description

ForeScout CounterACT provides real-time visibility, control and orchestration across network infrastructures. This includes visibility and control across campus, data center and cloud. It discovers IP-based devices as they connect to a network, classifies them based on characteristics, assesses their security posture based on policy and behaviors, and then takes action as appropriate. With automated policy-based access control and enforcement of devices, users and applications, ForeScout allows organizations to limit access as appropriate, automate guest onboarding, find and fix endpoint security gaps, and maintain and improve compliance. The technology integrates with all major network infrastructures and is able to scale with its customers’ needs.

“NAC solutions must integrate with a diverse group of switches, routers and servers, and not be constrained by a single vendor dependency,” said Jennifer Geisler, vice president of marketing at ForeScout Technologies. “This level of integration is required to enable policy-based segmentation and VLAN assignment. M&A activity and other factors have resulted in a mixed network environment, where 802.1X authentication cannot be assumed.”


It is an agentless IoT security solution that discovers devices, assesses their hygiene and regularly monitors security posture. An optional dissolvable agent (SecureConnector) is available.

Markets and Use Cases

The company has seen strong adoption in government (it protects many DoD networks), financial services, healthcare (it can protect non-traditional devices such as laboratory instruments, heart monitors, infusion pumps, X-ray systems and handheld devices used by clinicians), and retail (cardholder data security, POS systems, security cameras).

Applicable Metrics

CounterACT’s largest customers use it to manage over one million devices. It can discover and classify 500 endpoints in five seconds or less.

Security Qualifications

Center for Internet Security CSCs (Critical Security Controls)
CDM (Continuous Diagnostics and Mitigation)
FISMA (Federal Information Security Management Act)
HIPAA (Health Insurance Portability and Accountability Act)
HITECH (Health Information Technology or Economic and Clinical Health Act)
ISO/IEC 27001 (International Standards Organization/ International Electronical Commission)
NIST (National Institute of Standards and Technology) Risk Management Framework
PCI-DSS (Payment Card Industry Data Security Standard)
SCAP (Security Content Automation Protocol)
SOX (Sarbanes-Oxley Act)


ForeScout uses automation for policy-based segmentation and enforcement of devices, users and applications.


CounterACT can be deployed in multivendor, heterogeneous environments – as a physical or virtual appliance – across the campus, data center and cloud.


Physical appliances with software license start at $4,995. Virtual appliances with software license start at $3,701. Failover Clustering license starts at $2.50/endpoint.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Related articles


Please enter your comment!
Please enter your name here