A software upgrade for ForeScout's CounterACT NAC platform will enable it to manage 400,000 endpoints, double the number of previous software releases.
The company's Enterprise Manager in the past could support 50 CounterACT appliances, and now customers can buy licenses to support 100, the company says. The actual number can vary depending on the number of policies being managed, ForeScout says.
The new software release provides a dashboard that gives a real-time snapshot of network activity to show compliance with corporate policies at any given moment. The metrics it gathers can be fed to security information management platforms as well.
CounterACT now enforces access control at the switch port level without using 802.1x or VLANs. Instead, the device can invoke Layer 3 or 4 access control lists (ACL) at the switch port.
This enables quarantining devices before they are admitted to the network at all, so it is unnecessary to provision remediation or guest VLANs to isolate non-compliant endpoints. The ACLs control where they are allowed to go.
The software simplifies control over guests accessing business networks by enabling sponsors to vouch for guests. Guests log on and are directed to a captive portal where they are asked to name a host and the host's e-mail address.
The host - who has been pre-authorized to grant access - confirms or denies access without requiring intervention from the corporate security team.
In addition, a preventative security suite has been added that can block use of USB memory devices that have not been authorized by the corporation. Use of internally issued thumb drives could be white-listed and the use of external ones blocked.
The suite also can block dual-homing, so a device connected to a wireless LAN could be blocked when from connecting to a wired network until the wireless connection is terminated.
ForeScout's new software is due to become available at the end of May.