The ActiveScout appliance is a very basic intrusion prevention system that uses behaviour, not signatures to address a possible attack. It will identify whether the network is being scanned and then attempt to block the potential intrusion.
This product was difficult to configure and implement. We found the Java management console hard to navigate, and no documentation had been supplied either about configuration, or on how to get the appliance to work best under our parameters.
Configuring the appliance was by trial and error within our test environment. We also found that once the product is configured, there is really no easy way to change the configuration on the device itself.
The initial setup only gives one opportunity to assign IP addresses and deploy the product. Like several of the other products we tested, ActiveScout seems uncomfortable in an isolated test environment, because it looks for information directly from a live environment.
ActiveScout provided protection against most of our scanner tests. However, the out-of-the-box configuration did not protect against focused attacks by our penetration tool and we were able to get past the system and get through to our target.
This product came with great setup documentation. It has easyto- follow, organised setup instructions that made initial deployment quick and simple.
However, there was very little documentation that helped us to configure the appliance in our test scenario. Also, we had no documentation on how to use the Java management console, which made using it difficult.
We found that only telephone support is offered for this product. ForeScout Technologies does have a support centre, but customers must sign up for the supplier’s maintenance and support programme.
ActiveScout is set at an average price for its capability. It provides acceptable intrusion protection at a reasonable price.
However, there is an extra fee for support and periodic updates are not included.
For: Very simple out of the box
Against: Time-consuming configuration and there is no easy way to change initial configuration.
Verdict: Capable behaviour blocking, but lacking flexibility.