Recently, we tested Cisco ISE vs Forescout CounterACT. We have implemented and integrated our Incident Response System with three different authentication systems like this and this post highlights some of the features and facts that we really liked about CounterACT v7.0.0.

We have worked and integrated with Cisco ISE v1.2 as well as Extreme’s Mobile IAM solution.  We contacted Cisco several times about their v1.3 release, but they did not get back to us. Similar to what the Tolly Group published about ForeScout CounterACT  Vs. Cisco ISE back in March of 2012, we really like the CounterACT solution for several reasons.

  • no dependency on 802.1x
  • very easy to configure < less than 8 hours
  • little operational impact once it is deployed
  • provides many built in classifications and remediation options
  • worked with switches from all of our different vendors.  We like our Cisco hardware, but we are not all Cisco.
  • easily enhanced the protection of our mobile environment
  • no infrastructure upgrades
  • no agent to install on systems wanting to access the network
  • ability to correctly identify devices (e.g. smart phones) via hijacking or other non agent method
  • in-line deployment is optional
  • ease of compatibility with devices like printers and desk phones without blocking them by default
  • ease of classifying devices into types of devices or departments

The Tolly engineers evaluated 34 criteria across 6 categories and ForeScout CounterACT scored the highest.

Cisco ISE Vs CounterACT

Many of our customers have purchased some type of NAC authentication system.  When we ask them if they want to integrate the contextual details they collect with our system ‘Scrutinizer’ they almost always reply with the same answer “we don’t have NAC solution setup yet because we ran into some problems”.   My fear is that the expensive system they purchased will eventually become shelf ware.  CounterACT customers do not appear to be experiencing this nearly as much as other vendors. This was an important point because we wanted to integrate with something that people were actually using and appreciating the value of after deploying.

The CounterACT API was straight forward to integrate with.  In fact, what we wanted to do was simply URL driven and we had the basic integration shown below set up in a day.  Notice below, you can click on a host, and follow the menu options to ‘CounterACT’.

ForeScout CounterACT vs CIsco ISE

Once you select the above CounterACT menu option, the ForeScout interface appears.  Notice below that we pass the IP address to CounterACT which it uses to look up contextual details about the host viewed in our NetFlow collection system ‘Scrutinizer’.

CounterACT Integration

Although the integration at this level is fairly simple, this simple passing of variables to another application makes life easier for many engineers that use both of our products.  If you have questions about this integration or if you would like to try it, please reach out to our team.

Steve

Steve

Stephen joined Plixer in 2011. Steve’s efforts over the years have helped many customer gain better Visibility and Network Analytics. With more than 5 years of successful technology consultation, Steve has become a thought leader, focusing on how Scrutinizer can be part of a system incorporating other solutions such as Gigamon, Statseeker, Uptime, InfoBlox and Splunk. Firm believer that most organizations will have a larger SDN implementation and greater leveraging the Cloud in the next few years. Steve resides in Scarborough, ME with his wife and two sons.

Related