Forcepoint Data Loss Prevention Reviews

We do managed services. We analyze customers' requirements, and then we suggest a proper DLP or endpoint data protection solution. We have implemented Forcepoint DLP and Forcepoint Web Gateway for multiple customers.

Forcepoint DLP helped a lot when an incident was created and we tried to have an auto-remediation of the incident. For DLP, an incident is a key factor. DLP is meant to generate an incident, and that incident should be managed. If no one is managing the incident, DLP is of no use. Forcepoint has an email workflow. It provides email incident remediation wherein an automatic email is generated for the manager. If a person violates a policy, we can configure it in a way that one email is sent to the manager. One email will also go to the end-user. The end-user can again analyze the activity and give us feedback about whether it was a genuine business need and we should release that email, or whether it was a mistake and we should quarantine that email. The decision is made by the manager or by the end-user who sent the email. This helped a lot and reduced the incident count. It was very helpful to have such a report and to be able to say that the end-user was aware of the fact that this email has been quarantined. After providing the legal justification, the email was released by him. It reduced 40% of incidents for emails. This kind of feature is not available in other DLP solutions, and I really appreciate having that feature.

The workflow remediation is quite good. That is a key feature because of which it has the upper hand over other DLP solutions.

Endpoint protection, web protection, network protection, and storage use are valuable features. Among these, endpoint protection is most valuable.

It has good policies and good mechanisms to detect incidents.

They can have less memory consumption for their endpoint channels. They are not that adaptive with other endpoints solutions like EPP and EDR. They can improve in this aspect. 

Their discovery or the way they discover the data at risk can also be improved. There are many database servers that are not supported by Forcepoint.

Their login mechanism to find out the issue is another thing they need to improve. We would like to have the finest login to figure out what exactly is happening and why we are not able to communicate with the detection server. One of the products I have used is better in this aspect. We can have the finest level login, and we can figure it out, but I haven't found such an option in Forcepoint. 

I have been into DLP technology for the last eight years. I have been using Forcepoint for three years.

I have worked with another DLP solution in and out, and I find that solution to be more stable than Forcepoint. Once you implement a policy in that solution, the policy will always function. You can be assured that the policy will be functional. With Forcepoint, I always need to check whether the policy is functional or not and whether my policy is getting synchronized on the detection server or not. There won't be any sort of end trigger if the policy synchronization was stopped. 

It is quite scalable. It is comparable to other DLP solutions in terms of scalability.

I haven't interacted that much with their support, but whenever I created a case, there was proper support. As compared to other solutions, Forcepoint's support is more technical and professional.

I have used other solutions. Many of the customers are switching to Forcepoint. They are not getting proper support from one of the vendors. So, they are switching to Forcepoint. They are getting equal or more benefits with Forcepoint, and its cost is also low.

Incident remediation is awesome in Forcepoint. One of the solutions that I used did not have incident remediation. Forcepoint again has the upper hand in terms of policies. It has nearly 1,700 policy templates that we can use. Many compliance-related and PII-related rules are readily available in those templates. Forcepoint also has a time-based policy, wherein they can detect that a policy is active within a certain period of time. This visibility is not there in other solutions. Forcepoint also supports flow data transfer analysis.

Overall, Forcepoint DLP has the upper hand. Stability and scalability are secondary. The primary thing is that an application should be usable. Forcepoint is really user-friendly, and it has multiple options. They say that they can detect the malware if data leakage is happening to malware. They do have some sort of analysis in their detection engine to detect malware.

As compared to other DLP solutions, it is quite complex because they do have their policy server and analytics server in place, and their Forcepoint manager is also there. With other solutions, we need to have an Oracle Database in place, which is not required with Forcepoint. For Forcepoint, SQL Server can be quickly installed and is ready for use.

The installation duration depends on the organization and the size of the organization. For the same set of organizations, Forcepoint will take 30% less time as compared to others. In many organizations, I have implemented it within a month, and in many organizations, the project took one year.

The implementation strategy depends on the customer, but we do follow the implementation steps, such as gathering information and then deciding which detection server to go for, where to place it, and how many counts are required. If I have more than 30,000 agents, then I definitely need to think about one more endpoint prevent server. So, it depends on the organization size and the response of the organization in terms of how quickly they adapt DLP and how friendly they are with the DLP solution. The biggest implementation that we had done had 30,000 users.

Our customers have seen an ROI. 

Its pricing is quite low considering the features they are offering. As compared to other solutions, it is reasonable. 

They do have professional support. If we need professional support, then there will be additional costs.

You definitely need to do a proper calibration of the organization and data flow analysis. Even though there are 1,700 policy templates, each and every organization will have a different set of rules and data to be analyzed. So, data flow analysis is a must with Forcepoint DLP to create a proper policy.

Cost-wise, it is a very good product. An organization should really consider this product if they are in process of DLP implementation, or if they are thinking of switching from any other DLP solution. If there is a budget constraint or you need a good DLP solution, I would definitely recommend Forcepoint DLP.

I would rate Forcepoint Data Loss Prevention an eight out of 10. There is no DLP that will score a 10.

I am using Forcepoint Data Loss Prevention for security.

We have not implemented the solution fully and it is still being configured.

The solution is stable overall.

The implementation could be improved.

I have been using Forcepoint Data Loss Prevention for approximately three months.

I did not experience any crashes. The solution has been stable in my usage.

I rate the scalability of Forcepoint Data Loss Prevention a four out of ten.

I have used the support from Forcepoint Data Loss Prevention.

I rate the support from Forcepoint Data Loss Prevention a seven out of ten.

Neutral

I have used a similar Microsoft solution to Forcepoint Data Loss Prevention, and the Microsoft solution was better. However, we were using Forcepoint Data Loss Prevention because we had a contract.

The initial setup of Forcepoint Data Loss Prevention is of medium difficulty level.

I have not seen an ROI at this time. I have only used the solution for a short time. I would need approximately one year to determine the ROI.

The price of the solution is expensive.

I rate Forcepoint Data Loss Prevention a five out of ten.

For our clients, the use of Forcepoint Data Loss Prevention is to protect their data through web endpoints.

Endpoint security and DLP are the features I have found to be the most valuable ones in the solution.

The solution's interface is still not user-friendly for some customers. So, its interface can be better.

We have a partnership with Forcepoint. Also, we are selling Forcepoint Data Loss Prevention. Basically, we are resellers. I have been working with this solution for the last two to three years. I have been using the latest version of the solution. Currently, my colleagues are using the solution.

Stability-wise, I rate this solution an eight out of ten.

Scalability-wise, I rate this solution a nine out of ten. We serve enterprise-level customers.

I rate the technical support of the solution to be an eight out of ten.

Positive

I rate the initial setup of the solution nine out of ten. The solution's deployment time depends on the customers' requirements. It also depends on the environment of the customers. If the customers have a deployment tool, the deployment will be done quickly. Else, it will take some time. To deploy the solution, we provide the customers with a technician to assist them. After that, the customer is responsible for taking care of the people they need for any additional assistance.

We do not handle pricing ourselves. Our pre-sales and sales teams are responsible for pricing. After deployment, the engineer involved in the deployment also assists with pricing.

From one to ten, where one is low, and ten is high, I rate the solution's pricing to be an eight.

Also, there are some costs in addition to the standard licensing fees.

Its availability as an on-premises solution is something that I like most about the product. Overall, I rate this solution a nine out of ten.

The solution has a lot of use cases. 

In our case, it was to protect content based on keywords and typical actions like copying to external devices, printing, or taking snapshots, et cetera. 

It has helped us protect our internal data from external threats. It ensures no data reaches the outside via intentional or unintentional sharing of data. 

The email-sharing capabilities are good. We can watch email sharing based on content, keywords, key phrases, et cetera.

The initial setup process went well. 

It is stable.

The solution is scalable. 

I'd like the data classification to be better.

I worked with the solution previously and only just started to use the product again. I've used it for about a year and a half.

It's a stable product. I'd rate it eight out of ten. This is a highly reliable solution. We haven't had performance issues. 

The scalability is pretty good. I'd rate it eight out of ten in terms of growth capabilities. 

We have more than 7,000 people on the solution right now. 

I'm currently not using it, although I have been. I'm not sure if there is a plan to increase usage.

We have used McAfee DLP also.

It is straightforward to set up. It's not difficult at all. I'd rate the ease of setup eight out of ten.

The deployment process took us about two months.

We only needed two people to handle the deployment and maintenance tasks. 

The deployment was on a third-party server. We handled the deployment itself in-house using our own personnel. 

I have not seen an ROI. However, it is worth the money we've invested in it so far.

I'd rate the pricing seven out of ten. It's moderately priced and not too expensive. We pay an annual subscription. There are no hidden costs. You just pay one flat fee.

I did look for various advanced switches and other advanced features and chose this product.

I am a partner. 

I'm not sure which version of the solution we're using.

I'd recommend the solution to others. 

Overall, I would rate the solution eight out of ten.

The most valuable feature of this solution is that it captures where the data is being moved.

Forcepoint is the one I see most frequently mentioned in a lot of webinars or insider threat discussions. 

It is a product that is commonly referenced.

Everything takes a long time, as it does in every software company, especially since COVID. That is something I notice with every product I use.

I have been working with Forcepoint Data Loss Prevention for three years.

We are working with the most up-to-date version.

Forcepoint Data Loss Prevention is a stable solution.

Forcepoint Data Loss Prevention is scalable.

It is widely used throughout the business.

Response time is slow.

The initial setup is typically straightforward. 

It is unique to every environment. Some things break when you set up a new network or system. It's trial and error.  

Compared to other products, it wasn't overly complicated, It is the same or standard.

I would rate Forcepoint Data Loss Prevention a seven out of ten.

It is a good product. 

I am not overly excited about it, but I believe that all of the software has the same issues that I do.

It is the same problems I have had with other software, such as the customer service being slow, something breaking, or there's a patching issue. 

We are customers of Forcepoint and I'm a senior information security engineer.

I like the encryption feature of this solution as well as the proxy aspect of it. 

The deployment and troubleshooting aspects of Forcepoint are very difficult. Implementation is complex and not user-friendly. In addition, we have a problem because our Mac systems are not able to support Forcepoint which requires us to have two softwares to make it work. 

I've been using this solution for one year. 

The solution could be more stable. 

The solution is somewhat scalable but could be more so. Our whole organization uses the product, we have over 20,000 users. We have at least 10 staff involved in maintenance.

Technical support is good but lacking in troubleshooting skills when it comes to Forcepoint. 

The initial setup is straightforward. 

Licensing costs could be cheaper. 

I rate the solution five out of 10.

We are a solution provider and Forcepoint DLP is one of the products that we implement for our clients. We have Forcepoint DLP at one of the telcos and one of the things that we are trying to discover is information, across the organization, that is of a personal nature. We are using it to comply with POPI, which is the equivalent of GDPR in South Africa. We are also using it for PCI-DSS requirements. This discovery component works quite well with respect to the search.

When we deployed it for a bank, it proved highly efficient in terms of PCI compliance. It was very quick to pick up where people were divulging personal information regarding credit card holders. We then deployed very simple rules that we had customized, without the need for data classification.

Initially, if you were just doing PCI-DSS, because it's very limited information that you needed to protect, you could do it without data classification. This was good for an organization that had data to protect and wanted to comply with PCI-DSS, but had not done the data classification at that point.

The rules that we put into place were simple. For example, if more than two credit card numbers are being pushed out then block it, or first put it into monitoring mode and then block it.

One thing that I really like is that you can customize the rules. 

The challenges that we've had are related to deployment, especially around the discovery component, and with the local support that we receive in South Africa.

With respect to the discovery component, the reports are very hard to interpret because they come out in an illogical format. We forwarded the reports to our local support team, who were also unable to help me. Eventually, the problem went to the UK for that team to interpret the report.

Ultimately, my biggest challenge is the discovery component with respect to the reports, as good as it is in terms of the integrity, or the search. It is a question of how you translate technical reports into business language. We tried the cloud version, which is Forcepoint CASB, and we found the same thing.

The local support team is made up more of salespeople than engineers and as such, the support in South Africa can be improved.

My experience with Forcepoint Data Loss Prevention goes back to 2005 when it was still called PortAuthority. The product has evolved massively since that time. I have deployed it and worked with it for different organizations at different locations.

Initially, it takes a little bit of processing but nothing to be too concerned about. Stability-wise, nothing has really annoyed us. 

The scalability is fantastic. One of the things that I like about Forcepoint is that I can customize the solution to suit my objectives. For example, if I only wanted to prevent PCI then I could just go in and do that.

One of my clients has quite a large deployment, with approximately 30,000 users. They have plans to roll it out to the rest of Africa.

Technical support from the UK is good. However, the experience of local support in South Africa is not at the level it should be. Most of the local staff are salespeople, as opposed to engineers. Support for the deployment of the product is seriously lacking.

In the UK, they were much more knowledgeable about the product, as well as the outputs and how to actually read them to make business sense out of them. It was much better than what we had in South Africa. Locally, they simply said that they didn't understand it. Most customers will shy away from products when the support is like this.

Because they answer the phone, I would rate the local support a two out of ten. The European support was better, so I would rate them a five out of ten. There were delays in their response but I'm not sure if it was related to the difference in time, or it was part of the ticket escalation process.

One of our clients was using the Symantec solution prior to Forcepoint. We convinced them to switch because Symantec does not have a great presence in South Africa and support was an issue.

They had been using it for quite a long time and had not seen the necessary return on investment. With the new legislation, it was time for them to change to something that was more practical, and more user-friendly. The product works great now.

The implementation is not as easy as people make it out to be. Once you get it right, the product is fine, but this requires understanding it and getting the proper training. A novice that has begun to work with the tool can find it quite difficult to implement if they don't have a good understanding of the product, and do not have the right support.

For example, in one organization it took us about three months to implement it, whereas it should have taken about a month.

Our clients have hybrid deployments, where they are part on-premises and part cloud. The choice of cloud provider is made by the client but they either choose Microsoft Azure or AWS.

The implementation strategy that we use varies depending on the client. For example, at the bank, we wanted to prevent data breaches, especially with credit card information, and ensure compliance. Therefore, our strategy was focused on just the PCI requirements so that we could take reasonable measures to protect the organization. Essentially, we wanted to go from zero to hero quite quickly. That was possible because of the flexibility and agility of the product.

When it came to the telco, it was a completely different strategy. It was a long-term strategy in terms of protection of personal information and preventing it from being divulged without authority to would-be criminals.

When we deployed it, we literally had to look at the requirements and configure it from a POPI perspective. In this regard, the deployment was skewed toward personal information breaches.

We worked with a local reseller, Performanta.

Their skills were meant to be the best in the country but it left a lot to be desired. We had to use the UK offices and that's a challenge with most of the organizations in South Africa. With big vendors, South Africa is a small market, so the investment in South Africa is not what it should be. Understanding, managing, and integrating products needs to be improved, in general.

For deployment, there were eight of us in total. Two were engineers, there were four analysts because we had to write the business rules and document them, there was a project manager and a few others.

Maintenance is being done by the client, in-house. They have two engineers that are responsible for it, and they have purchased support from the local providers.

My clients are seeing ROI because the privacy office is quite comfortable now that they've done everything reasonable to meet the compliance requirements. There is a level of assurance provided by the DLP solution.

In terms of pricing, it is good for a corporation but they do not cater to small to medium businesses. They have to look at a different pricing structure for small to medium-sized enterprises because the cost is too high.

This is compounded for the African market because of the exchange rate. One dollar is equal to approximately 15 rands and if you were to multiply that by the price of the product, it becomes quite costly.

There are no costs in addition to the standard licensing feed, although you still need to understand the operational impact that it has on an organization from a resource perspective. That needs to be factored into the total cost of ownership.

We compared Forcepoint with NetSkope to assess its reporting capabilities and we found that the NetSkope report was very easy to translate, understand, and explain to a business. Forcepoint was instead very cumbersome, unstructured, and illogical. It required an expert to actually interpret the report, which is something that you don't want.

We have also looked at the McAfee product, as well as the one from Microsoft. At that stage, the solution from Microsoft was a little immature and I have not looked at it since. Forcepoint was the leader when we implemented it for our clients.

Comparing Forcepoint to the other products in general, the data discovery capability was great, except for the interpretation of the report. The OCR capabilities were also good for us because it's a telco and they have a lot of paper going through. 

The tool works great but they don't talk about the operationalization of the tool from a process perspective. When people sell DLP solutions, they talk about the efficiency of the tool, but they don't talk about the impact that it has on an organization from a resource perspective.

You would need a team to analyze all of the exceptions that you have, like the way they do in a SOC, where you have analysts looking at the incident. They analyze and investigate it, and then determine whether it is positive or negative and something that we have to be worried about. For example, our organization had approximately 70,000 end-users, who were employees. There is quite a large amount of data that is transferred across our network.

In our case, if a person is sending more than one credit card credential out of the bank, it was flagged. If it was more than one, you had to have a whole backend process where the analyst had to look at it, then perhaps ask the person why they were sending out this information.

When we were first looking at this product, there was nobody who informed the customer as to the complete ecosystem that would be required to have an effective DLP solution in play.

My advice for anybody who is looking at Forcepoint is that they need to understand what it is that they are trying to prevent. You cannot be totally dependent on the tool to do everything. This is not a criticism of Forcepoint but rather, a criticism of the way it's sold. The product will do what it's built to do. But, if you're expecting it to automatically manage the incident, then it cannot do everything. It can block, it can monitor, and it can create alerts, but you still need your analysts. For most CSOs or IT managers that are looking to deploy, they must factor in the practical implications of operationalizing it. They need to have a process in place. They need to have an escalation process in place, and they need to have resources like analysts to actually look at the exception reports.

This is an effective data leakage solution, it does what it's meant to be doing, and the interfaces are great. The biggest lesson that I have learned from using it is to understand the total cost of ownership.

I would rate this solution an eight out of ten.

It's for DLP and to monitor and make sure that no key files are being sent out of the organization. It also helps in terms of tracking any abnormal behavior.

We have about 700 users and it's endpoint-based. We add an agent to the endpoints and it coordinates with the server.

With Forcepoint we found that one employee who left had taken some files, and we were able to stop it. And if somebody is under a notice period, we now monitor whether any files are about to go out. When they take something with them, we can see that. We can also identify any abnormal behaviors that are happening. A lot of times it happens that if somebody is about to leave, they try to take some information away with them. We catch that fast.

It also helps in terms of HR stuff because file movement can indicate people who are looking for jobs. We can see CV movements and it helps as an indicator of a dissatisfied employee. We can at least see the behavior and see if we can do something about it.

Before Forcepoint, we had data in terms of how many terabytes go in and out, but now we can specifically see what goes where.

One of the most valuable features is being able to see file movement, where files are going. Every week we review the files. It can identify software codes, so we code files and we know where they're going and who's doing what. It gives us visibility. It shows any key files, any strange behaviors, such as if somebody is taking too many screenshots, and alerts us about that.

I would like to see improvement in the reporting. We can only get one week's worth of data; we can't get more than that. Also, the reporting console is very slow, making it very frustrating to use. There are times when I open it up on a Monday and take a download, but it takes so much time. You can get busy with other things and come back and it's still hanging and you can almost forget about it. 

Also, the server goes down and we have raised tickets to resolve that. In the past two weeks, we've had to deal with that two or three times. It's been a little annoying lately.

I have been using Forcepoint Data Loss Prevention for one year.

The system is stable, but as I mentioned, the reporting portion is very unstable. If I want to get reports out, it takes a long time. Sometimes the server is down, and I have to raise tickets. I have had problems there.

The scalability is okay, there are no problems with that. We can add on more agents as we expand with more people. We haven't had any issues there.

I would rate customer service at 8.5 out of 10. When we have problems with the system, they respond and they generally resolve things within half a day.

This is our first solution of this kind.

The initial setup was straightforward but setting up the rules was very complex. It is something where things don't actually work as we think they will work. It generated a lot of false positives in the beginning.

Our deployment took about a month.

Our strategy was to start with auditing first. We haven't actually moved to blocking yet. When we tried to move to blocking critical files, it ended up blocking some other people at work. There are some issues around that and we have had to be careful.

We let it run on its own. I look at the data in Forcepoint on a weekly basis, but we don't have any administration of it, per se. My IT team handles the deployment of new employees coming in, meaning the deployment of the Forcepoint agent on their laptop. That's about it in terms of admin.

An integrator helped us, somebody who deals with Forcepoint products. There were no problems with that, although they were billing by time and the system is a little complex.

We have seen return on our investment because we're able to track our data. It's not so much an active return on investment, but more like an insurance policy. It prevents bad things from happening.

The pricing is reasonable. That's why we went with Forcepoint. They were pretty competitive.

There are no additional costs, other than the cost for additional licenses that we have to pay for ad hoc.

It's not as easy as Zscaler to connect. To be very honest, I think Zscaler has a better product with a better interface, but the cost of Forcepoint is more attractive. That's why we went for it. We looked at McAfee as well. McAfee is a bit resource-heavy. 

Zscaler was very good. The interface was really good and it's easy to set up. Forcepoint is okay. I spoke to some other customers who used Forcepoint and they said, "Look, the interface is a bit complex, but it has everything in place."

You need to put a lot of time and effort into Forcepoint, you need a dedicated team for it. You also need to have a data classification strategy firmly in place. You should classify your data before you get it. You also need to test your rules thoroughly before you implement them.