ForeScout ActiveScout 100

Pros: Very informative user interface

Cons: Atypical network configuration

Price: $23,253

Performance: A

Ease of setup: B+

Configurability: B

Value: C+

Also reviewed:

GEOGRAPHY LESSON: ActiveScout 100 shows you a map of where network attacks originate.

The ActiveScout 100 is a self-managed IPS that protects your network without using signatures. It is rack-mounted and takes up 1U of space, but because it's 23 inches deep, some smaller rack configurations might need adjustment to house it.

The ActiveScout has three Ethernet 10/100 ports, PS/2 keyboard and mouse, VGA, two USB and one serial port. It supports Fibre Channel ports as an option and even comes with a DVD-ROM drive.

The initial setup is done through a KVM interface. When it boots, it gives you a line command screen with menu options, which is similar to most COM port interfaces. From here you can set the time, IP addresses of the ports, host name, domain name, and so forth. Once you're done, the ActiveScout is ready to connect to the network.
This is not as easy as it would initially sound, for two reasons. First, the Ethernet ports are not marked on the appliance, and the documentation is little help. There is a menu option that sets each port blinking in turn so you can identify them, but you have to go to the back of the appliance each time and note the blinking port.

Second, the two topologies outlined in the setup guide neglect to indicate whether the IPS should be installed in line with the firewall (just 'inside' the firewall, with all traffic passing through it). Instead, the ActiveScout requires a connection to a point between the firewall and the router so that the ActiveScout is not passing traffic through it, but can still 'see' the traffic. This may require an additional switch outside the firewall.

The Site Manager software can be installed from the supplied CD-ROM on any computer within the network. Once you log in to the IP address of the sensor (either the external or internal IP number, depending upon which configuration you use), you're shown a map of the world illustrating the origins of recent attacks ActiveScout has detected.

Site Manager made it fairly easy to modify the security profile so the ActiveScout could block all our simulated attacks. It was only a matter of setting the sensitivity of the various parameters high enough.

The list price of $26,995 was a bit higher than we'd hoped for, even considering its power and functionality. The government price of $23,253 is a little more palatable, but with a rated throughput (100 Mbps) less than half of IPS devices from Cisco and Juniper, we'd encourage you to shop around. The ActiveScout makes sense for networks that already have switches located outside their firewalls.

ForeScout Technologies, Cupertino, Calif., (866) 377-8771, www.forescout.com

About the Author

Greg Crowe is a former GCN staff writer who covered mobile technology.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.