The network access control (NAC) market has seen a modest growth over the past few years, but the added pressures of compliance with data protection regulations has sparked increased interest. Established in 2000, ForeScout Technologies has been in this game longer than most and its latest CounterACT 6.3.4 is now available as a virtual appliance.
CounterACT is designed to provide full visibility of all network devices, users and applications, use baselines to determine their security posture and permit appropriate network access based on these findings. ForeScout offers it preinstalled on a range of hardware appliances, but now supports VMware ESX and ESXi
One of the biggest drawbacks of many NAC solutions is their inability to work within existing network infrastructures but CounterACT avoids these problems with two methods of network scanning. An OOB (out-of-band) mode uses a switch span port to see all network traffic and also allows CounterACT to provide intrusion prevention and apply virtual firewall policies. It can also query devices such as firewalls and routers about connected devices. This uses SNMP or CLI access and requires a plug-in for the device which ForeScout provides for all major vendors.
Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port.
CounterACT uses a response port to enforce NAC policies with actions such as HTTP redirection, VLAN quarantining and virtual firewall blocking. If it spots potentially malicious traffic it also uses the response port to redirect the traffic to a virtual host it creates on the fly so it can examine it.
For installation, we created a new virtual machine on one of the lab's VMware ESX Server 4 systems. ForeScout provides an ISO image rather than an OVF template so you need to upload the file into the VM's datastore and set it as the boot media.
For OOB operations you create a new virtual switch with a dedicated physical network port on the VMware host. This is assigned to the CounterACT VM and must be set to promiscuous mode so it can see all traffic.
-
North Korean hackers continue targeting developers in open source malware campaign - and experts say as many as 36,000 victims have been snared so farNews Sonatype spots global spying campaign by North Korean-affiliated hackers targeting open source ecosystems
-
Think DDoS attacks are bad now? Wait until hackers start using AI assistants to coordinate attacks, researchers warnNews The use of AI in DDoS attacks would change the game for hackers and force security teams to overhaul existing defenses
-
OpenAI is teaming up with Nscale and Aker to build Europe's first AI gigafactory – 'Stargate Norway' is set to host 100,000 Nvidia GPUs and will be powered by renewable energyNews Stargate Norway aims to have 100,000 Nvidia processors up and running by the end of next year
