Quick Comparison Guide Competitive Overview

ForeScout vs. Aruba

January 2015

Executive Summary
ForeScout CounterACT™ dynamically identifies and assesses network users, endpoints and applications to provide visibility, intelligence and policy-
based mitigation of security issues in a single all-inclusive appliance. In contrast, Aruba’s network access control (NAC) system known as “ClearPass
Access Management System” is much more complex to buy and install. You first need to purchase a base appliance, ClearPass Policy Manager, and
then you need to purchase per-device or per-user licenses for each of the following software modules1:
•• ClearPass OnGuard — for endpoint posture assessments
•• ClearPass Onboard — for onboarding management
•• ClearPass Guest — for simplifying workflow process to control network access for guests, employees, and contractors

Additionally, Aruba ClearPass is an 802.1X and RADIUS-based solution that is primarily geared towards Aruba wireless customers. ClearPass does not
provide broad-capability for multi-vendor networks and provides very limited functionality in wired LAN environments.
Compared to Aruba’s offering, ForeScout CounterACT delivers the following key advantages:

1. CounterACT is easier to install and manage. Unlike Aruba ClearPass, CounterACT does not require that you deploy and configure 802.1X
throughout your network and on all your endpoints. The management difficulties and limitations associated with 802.1X are outlined in more
detail in a technote on ForeScout’s web site.

2. CounterACT does not require endpoint agents for endpoint discovery and inspection.

3. CounterACT integrates with many more IT systems than does ClearPass.

Capability Aruba ClearPass ForeScout CounterACT

Licensing Aruba’s NAC solution requires the ClearPass Policy CounterACT includes the following key NAC features with no
Manager appliance plus additional per-device or per-user additional licensing costs:
licenses to enable the following features: •• Endpoint posture assessment
•• Endpoint posture assessment •• Endpoint profiling
(needs ClearPass OnGuard license)
•• Guest management, guest portal, and workflow processes for
•• Guest management managing guests, employees and contractors
(needs ClearPass Guest license)
•• Onboard management for Windows, MacOX, Apple iOS and
•• Onboard management Android devices.
(need ClearPass Onboard license)

..................................................................................................................

1
See ordering information at http://www.arubanetworks.com/pdf/products/DS_ClearPass_PolicyManager.pdf

1
Quick Comparison Guide
ForeScout vs. Aruba

Capability Aruba ClearPass ForeScout CounterACT

Enterprise IT ClearPass integration is limited to a few SIEM and MDM CounterACT provides bidirectional integrations with a wide
Integration solutions (such as AirWatch and MobileIron). variety of IT systems such as SIEM, VA, MDM, ATD and endpoint
protection platforms. A typical use case is to remediate or
restrict an endpoint utilizing a 3rd party device. For example:
•• Dynamically configure firewall rules based on the logged-in
user role.
•• Deploy or trigger 3rd party service (like patch management
agent) on the endpoint.
Policy Customers who’ve evaluated both ClearPass and Easy to configure.
Management ForeScout CounterACT have indicated to us that
Broader spectrum of conditions and actions that provide more
ClearPass policy management is very basic yet difficult to
granularity.
configure.
Profiling Customers who’ve evaluated both ClearPass and ForeScout A large amount of endpoint intelligence about hardware,
CounterACT have indicated to us that ClearPass needs software, operating systems, applications and peripherals is
agents for profiling and provides only basic information. available.
Deployment and Aruba’s dependence on 802.1X necessitates high CounterACT’s simple plug-and-play architecture does not
Administration management overhead and imposes several limitations, rely on 802.1X alone, supports a heterogeneous multi-vendor
as outlined in more detail in this technote. environment, and includes easy control of network devices via
SNMP, XML-RPC, Telnet or SSH. In addition, CounterACT offers a
no-touch enforcement mechanism called “virtual firewall” which
does not require any interaction with or configuration of the
switching infrastructure.
Visibility Aruba ClearPass requires endpoint agents for host and CounterACT provides complete host and OS-based inspection
OS-based inspection provided by the ClearPass OnGuard. with or without agents.
Aruba ClearPass does not detect and classify rogue CounterACT can detect rogue wireless access points and
wireless access points or snooping devices such as PWNIE PWNIE express devices.
express devices.
Post-Connection ClearPass requires integration with other vendors (e.g. CounterACT can identify malicious traffic anywhere on
Monitoring SNORT) to identify malicious network traffic on wired the network — wired and wireless — without relying on
networks. ClearPass requires use of Aruba wireless access integration with other vendors’ products.
points to identify malicious traffic on wireless networks.
CounterACT can identify state changes (for example: antivirus
ClearPass relies on periodic polling to identify state disabled; connection of an unauthorized USB memory stick;
changes. This adds network traffic and greatly impacts execution of an unauthorized application) in near real-time via
endpoint CPU performance. To avoid impact to network the optional ForeScout SecureConnector agent. This reduces
traffic and CPU, administrators have to increase the the customer’s risk exposure.
polling interval to minutes or hours, depending on the
number of endpoints.

2
Quick Comparison Guide
ForeScout vs. Aruba

Capability Aruba ClearPass ForeScout CounterACT

Information Sources ClearPass uses far fewer sources of information, relying CounterACT integrates with a wide variety of existing IT
only on NESSUS for vulnerability scans and NMAP to management systems and passively monitors a wide variety
create post-audit rules for mapping clients to roles. of network information to glean information about endpoints.
This results in improved classification of devices for greater
security (e.g. improving the ability to detect spoofing) and
improved operational efficiency (e.g. relieving the administrator
from the burden of manually classifying wireless access points).
Some of the sources of information are as follows:
•• Traffic monitoring for ICMP, ARP, DHCP, TCP sessions, HTTP
•• Any SQL or LDAP database
•• Directories (Microsoft Active Directory, Novell eDirectory, Sun,
Lotus Notes, TACACS, OpenLDAP Server, RADIUS)
•• MDM systems (Fiberlink, MobileIron, etc.)
•• SIEM systems (ArcSight, McAfee, LogLogic, IBM QRadar, RSA
Envision, Symantec)
•• NESSUS
•• NMAP
•• SNMPv3 (both as client and as agent for 3rd party NMS, SIEM
and alike), traps and informs
•• VPN (Cisco, Nortel, Juniper)
•• Vulnerability (eEye Reitna, Qualys)
•• McAfee ePO
•• Patch management (Microsoft SMS/SCCM, Lumension/
Patchlink)
•• Syslog
•• Firewall (Check Point, Cisco, Netscreen)
•• Remedy ARS
•• Wireless contollers (Cisco, Xirrus, Aruba)

.....................................................................................................................................................

ForeScout Technologies, Inc. Contact Us

900 E. Hamilton Ave., T 1-866-377-8771 (US)
Suite 300 T + 1-408-213-3191 (Intl.)
Campbell, CA 95008 F + 1-408-371-2284 (Intl.)
U.S.A. www.forescout.com

© 2015. ForeScout Technologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT are trademarks or registered
trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners.
Doc: 2013-0039 REV. 06302015