Forcepoint Secure Web Gateway Reviews

It protects against data leaks and offers us application security.

The solution is a combination of Gatsby web security and the LP. That is why we are pushing Forcepoint ONE. Forcepoint ONE is a product itself that Forcepoint has been recently pushing to the customers.

The product is simple.

It's stable and reliable.

They will require a combination of other brands and other products that actually caters to the data leak portion. Forcepoint ONE, for example, covers for the data leak itself, however, it's just data leaks. In order to have comprehensive security protection for your data, you will need other products, like data encryption. You will need privileged access management and endpoint security to make the Forcepoint product more robust. 

The initial setup can be complex.

I've used the solution for about three years. The company I work for has been working with it for about five years.

The solution is stable.

If you are looking for just data leaks and web security, the product itself should suffice, however, if you want to make your solution or your cyber portion more robust, then you will require other products to be embedded as well to work hand in hand, for your information to be more secure.

Being the distributor for Forcepoint, we have our own engineers to cover from day zero to day two in terms of engineering support for deployment and forming payments and also for troubleshooting. We do leverage Forcepoint, however, we have our own in-house engineers to assist Forcepoint to cover the clinical aspect.

In terms of the policy, the initial setup can be complex.

The solution is simple, however, the complexity comes when you are writing the policy for the data leak part. Even web security is all policy. You would need to translate your business requirements into cyber security requirements so that basically whatever policy that is being in place, covers your business requirements for your cyber footprint.

We help our customers or partners deploy the solution.

We are the authorized distributor for Forcepoint in Asia-Pacific.

Currently, we are pushing Forcepoint ONE into the market.

The thing to consider at the outset is, basically, what they want to protect. Are you protecting internal factors or are you looking at protecting from external factors? Forcepoint DLP covers the internal factor, meaning that you do not want your data to be compromised from internal leaks, and not external. If you're looking to protect against external anomalies, then basically it's Forcepoint Secure Web Gateway that you should be looking at.

I'd rate the solution eight out of ten.

The use case is that they don't want a proxy on-premises. They want everything to be on the cloud, with all processing happening before it reaches the firewall. Typically, in a traditional scenario, when I try to access a website like gmail.com, the request goes through the firewall. The router, and is cached, with multiple security measures applied on-premises. Forcepoint handles all these processes on the backend, so the customer doesn't need to worry about on-premises infrastructure. 

Everything is handled on the backend side. Users don't need to have any proxy on-premises. The solution handles all the dirty or initial traffic from their network, managing it on the backend itself.

The technical support needs to be improved.

It simplifies security by enabling partners to implement it straightforwardly. DLP is essential and requires capable engineers for effective deployment. Currently, opportunities may involve high implementation costs, handled either by distributors or directly by Forcepoint.

I have been using Forcepoint Secure Web Gateway as a reseller. We are selling Forcepoint V5000 appliances.

Stability depends upon connectivity. If your connectivity is good, you get the best stability.

I rate the solution’s stability a nine out of ten.

You need to add the number of users and configure them. 5000 users are using this solution. It is suitable for enterprise customers.

I rate the solution’s scalability an eight out of ten.

Forcepoint offers two levels of support: standard support and premium support. With standard support, you can open a ticket, but you may need to wait up to 24 hours for a response, and sometimes the engineers might not be available promptly. Premium support, which comes at a higher price, promises quicker response times. There is a lack of qualified engineers and partners to implement the Secure Web Gateway.

Neutral

The initial setup is difficult. Integrating it involves connecting with multiple parameters such as data servers, file servers, and email management systems. This integration process can be pretty complex and challenging.

Forcepoint Secure Web Gateway can typically be installed within one day for a hundred users. However, for larger deployments, such as 1,000 or 5,000 users, the installation process may require at least a month.

The product has average pricing.

I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

If you want to deploy Forcepoint Secure Web Gateway on-premises, you'll need a server, a switch, and a firewall, among other components. This setup involves significant initial investment, which affects ROI and total cost of ownership. While a proxy can handle some aspects, it doesn't provide the comprehensive security features that Forcepoint offers.

Overall, I rate the solution an eight out of ten.

The most valuable feature for me in Forcepoint Secure Web Gateway is URL filtering, though all other features of the product are okay as well.

A room for improvement in Forcepoint Secure Web Gateway is the support it offers. It's very bad.

What I'd like to see in the next release of the product is for it to be less complicated because at the moment Forcepoint Secure Web Gateway is more complicated than other products. Sometimes issues come up that you can't solve without the support team. For example, you should write the root password to fix the issue.

In the next release of the product, it would be good if it had an easy-to-use interface. Troubleshooting issues in Forcepoint Secure Web Gateway should be less complicated as well.

I've been dealing with Forcepoint Secure Web Gateway for about two years now. My company doesn't use the product. It's the customers who use Forcepoint Secure Web Gateway.

Forcepoint Secure Web Gateway is a scalable product.

We had to contact Forcepoint Secure Web Gateway technical support because some of the features didn't work, but it took them a long time to respond. Sometimes, even if you call support many times, they will not respond. In the end, they weren't able to solve our issues. We solved the issues ourselves.

The initial setup for Forcepoint Secure Web Gateway isn't easy. When you compare it to Fortinet, it's very complicated.

For example, for Fortinet FortiProxy, you don't need to install the database or SQL, and there's no need to prepare a server. You also don't need to do a lot of authentication because it's only one appliance, so it will work via proxy, then you can do the installation.

For Forcepoint Secure Web Gateway, you need two servers: one for installing the management software and the second server for SQL, and only then can you control the appliance.

The initial setup for Forcepoint Secure Web Gateway is complicated, especially when compared to Fortinet FortiProxy.

In terms of Forcepoint Secure Web Gateway pricing, I'm not part of the sales team. I'm on the technical team, so I don't have information on the price.

I work for an IT company that provides solutions to customers such as Fortinet, Palo Alto, Forcepoint, and GoSecure. In terms of Forcepoint, my company focuses on web security, particularly Forcepoint Secure Web Gateway.

My company has enterprise customers who use the product.

The number of users of Forcepoint Secure Web Gateway varies. One customer has around six hundred users. Another customer has three hundred users then there's a customer in the banking industry that has a thousand users.

My advice to others looking into implementing Forcepoint Secure Web Gateway is to prepare a lab and create scenarios in the lab before going to the customers.

My rating for the solution is seven out of ten.

Our primary use case is to control internet access based on security profiles. Users are restricted to legitimate sites and then, based on the business use case, we provide access to streaming sites and the like. We are customers and resellers of Secure Web Gateway and I'm a company director.

All the secure gateways are more or less the same. The value of Secure Web Gateway is the visibility it offers and the ease by which we can put controls in place. We enabled the cloud DLP so we can see what's happening to the data. The solution also provides good filtering features. 

One improvement I'd like to see would be to simplify managing the endpoint for both DLP and web security, so that endpoint management becomes easier. The dashboard is a little old so a new GUI would be helpful as well as updated reporting tools. It currently lacks some features that other solutions have. 

I've been using this solution for over eight years. 

It's reasonably stable but sometimes there are issues in the cloud. 

The scalability is good, our entire organization uses this product including engineers, marketing and administration. 

I'd say that customer service is above average.

The initial setup is straightforward, we deployed in-house and implementation required one person. The initial setup takes two or three days, but rolling it out and making sure that everybody has the required access, and that business applications are accessible, can take a month or so. 

The ROI is like insurance, it's the knowledge that you're protected. The fact that it's taking care of my security needs, is a return.

I'm unaware of licensing costs but there is an extra cost for additional reporting.

It's important to test any solution before making a decision to purchase it. Evaluate your needs and expectations, and carry out a POC. 

I rate this solution eight out of 10. 

We are the implementation partner for Forcepoint, and then we configure and integrate Forcepoint into the customer enrollment.

We personally use cloud Websecurity and cloud Email security of Forcepoint.

The initial setup is easy. It's not difficult. 

They have well-integrated web security. They have the enterprise DLP included in the cloud as well.

Technical support has been okay.

The Bitglass part, right now, we are trying to learn it, and then trying to acquire skillsets around it. 

For cloud web security, there are definitely areas where it requires improvement, Policy changes take 20 to 30 minutes for enforcement.

Granular control based on applications can be further enhanced.

I've been dealing with the solution for six or seven years and Websense for the last 15 years.

It is stable. That said, at times we do get complaints from customers. Some of the government and banking sites not being accessible via cloud proxy. At times it is required to bypass them or route it through different data centers. Though Forcepoint has no say in some websites restricting the access if they can out with a solution to detect and bypass or redirect the traffic through a working data center it will add further value. 

We are integrators. We are supporting from 1,000 systems to somewhere around a 10,000 to 20,000 user base.

We have used technical support in the past. There are two aspects. How quickly they respond is one aspect. Then, whatever the answer that they provide, is it of any use. In terms of the response, it varies. Sometimes they will be able to solve it, and then sometimes it may have to be internally taken up to the next level.

Neutral

The initial setup is very simple and not overly difficult. 

I cannot speak to the exact pricing of the solution.

We are integrators. While we typically do cloud deployments off-late, for on-premises, we have deployed Hybrid and on-premises Websecurity deployments.

I'd advise users, if they want to make use of it, to learn the technology and then the approach the product is trying to take. I'd advise users only proceed once they understand it. That way, they'll be in a good position to manage it. As with any technology, learn the basics and building blocks of it.

I'd rate the solution a nine out of ten.

The biggest issues within the product were that it had become stagnant. For about four or five years, there was very little real innovation going on.

It felt as if they were just sitting back. They were lacking in regards to keeping up with the developments within the cloud. 

Overall, I think they had a good, solid product. I think they failed to add features. It was not as feature-rich as other products. I would say the biggest problem was the lack of features, they just hadn't kept up. Under Raytheon, they were starting to correct this, but it was a work in progress. Overall, the biggest problem with the product itself was the lack of features.

I knew that they needed to handle web sockets in some way, all we could do was effectively bypass it. There were too many times when the connections just didn't work right through the proxy. Our customers would have to bypass and basically go around the product. There were various levels to this and it was a real pain for our customers to diagnose those problems. There needed to be an end-product protocol analyzer output (for lack of a better way to put it), that would help administrators understand why the connection wasn't working.

There was so much legwork involved: someone would have to take a laptop and set up in front of the proxy; then they would have to load Wireshark (as I used to call it) and pull their captures; then they would have to give that to Forcepoint, or they would have to try to reason it out themselves. That caused a lot of problems because most administrations weren't confident or competent enough to do it.

They didn't have the skill-set needed to make proper use of those tools in the first place for analysis. There were a lot of customers who could've gotten value from the product but who were put in a position where they had to basically bypass the product because of certain connections. Some form of connection-troubleshooting should be included within the product, more than just looking at a log that nobody knows how to read except for support. 
There was no way to troubleshoot connections in an effective manner that didn't require a lot of legwork by the user. Whenever you ask a user to do that, nine out of 10 times, they're not going to do it. They're just going to take the easy way out, bypass it, and then they'll bitch about the product, but they won't actually fix it. They won't want to make the extra effort. The problem just remains unsolved. They needed something like a connection analyzer tool to explain why, or at least give a better indication of why this was failing.

Again, it was the lack of development. The GUI is quite nice. I think it's very natural for people once they get used to it. Ironically, the company I'm working for now is actually POCing the DOV product and one of the things they like is the interface. They had a lot of good synergy with their other products. They failed to capitalize on it, ultimately. They're getting there. They got better, but it might be too little too late. That's the problem.

I have been using this solution for nine and a half years.

Forcepoint Secure Web Gateway was pretty stable.

Scalability-wise, It was pretty good. We had deployments that were easily over 10,000 — it could handle it if you scaled it properly with the right hardware. There were deployments that were 34,000 at that point. Now, with very large enterprises (with over 60,000 employees), that's where it starts to get a little tricky. They managed to get the product to that point but it was not cheap either, but it was achieved on the scale pretty well.

The biggest issue that hampered Forcepoint was the lack of development and good consistent support. Because of this, they went from 50,000 to 60,000 customers, down to 16,000 in the space of about three years.

That's a huge drop. A lot of that came down to Palo Alto and a couple of others jumping in the game with filtering but at the same time, Forcepoint had people who were loyal, but they were giving up because of the support situation. 

I constantly dealt with customer support. There wasn't a week that went by where I didn't have to talk to somebody.

They knew me by name and I knew them by name and we were all one big happy family, but when they moved from San Diego to Austin, they lost people.

They gave good, consistent support for about a year, but then they began losing staff because they weren't paying enough. They hired a bunch of people and claimed that they adjusted their wages, but then the same cycle occurred another year later.

That's been the biggest problem. It wasn't the product that caused them to lose people (even though they had some innovation issues), it was the support. At the end of the day, the innovation was causing them to look weak in customers' eyes; when you couple that with the support problems, that's when they started really losing customers.

The initial setup was pretty straightforward.

In fact, you could literally load it, install it, and have it up and working in no time. All you had to do was point a browser to it and you could prove it worked. Now, if we wanted to take it and fully integrate it onto the network, then nine times out of ten, we used one particular method called WCCP.

Overall, on a scale from one to ten, I would give this solution a rating of seven. 

The product was sitting at about a seven. Support was dragging it down to a six. So, if I had to be honest, they had some very good analytics — just counting the product itself, I would say it's a seven.

It wasn't perfectly stable, but it was pretty good. I would say it would need to be more feature-rich. It would need to be more helpful for troubleshooting problems with connections and it would need more stability — then I would give it a higher rating. Under all of those things, it's the support that's the problem because that's a different question from the product itself — it's the Achilles heel.

We use it for internal monitoring of internet access as well as for controlling internet access.

It has got a really good URL categorization database. It is simple to set up. It is also easy to use and quite intuitive. It has got a nice utility for troubleshooting.

We are using a V10000 G3 appliance. It is just a proxy. It is just HTTP, FTP, and HTTPS. Now, as our website has developed and we are using rich time-connectivity protocols, the proxy doesn't have the ability to work with these protocols. It would be nice if the UDP feature was there for it to filter UDP traffic. It needs firewall capabilities for UDP filtering.

Its upgrades can be quite complex, and they don't always go as per the plan. Its reporting could be a bit more granular. 

I have used it for quite some time.

I am satisfied with its stability. We have got a good network infrastructure.

It is easy to scale. You can just add another box to scale it up. 

We are using it for about 3000 users, but it can take a lot more. You have to look at the box you choose and use it as you require.

I have interacted with them. Nine out of ten times, their support is really good. There are different packages you can buy for support. The one we have is really good. We usually get a response within four hours, and they are available seven days a week. They have been helpful, and they do point you in the right direction. If they don't have a solution, they will go back and solve it through another team member.

I can't remember, but I think we used Blue Coat. We switched because at the time, most of the technology modules were embedded into one appliance in Forcepoint Secure Web Gateway, which is how you can reduce the number of boxes you would have in your server, which is really good. In terms of cost also, it was working out better for us.

The initial setup was straightforward. The upgrades, however, are not straightforward, and they don't always go as per the plan. It also depends on your environment and the configuration. The advantage of going for a cloud solution is that you don't have the overhead of managing upgrades and downtime. The advantage of an on-premises solution is that you have more control, which is really nice. You have ownership, and you have the chance to develop your own solution, which is fantastic.

We got help from a third-party vendor.

I would not recommend the version that we have, that is, V10000 G3. I would recommend the later versions. 

Its implementation depends on your working environment. You might want to go for a hybrid version where it is partly on the cloud and partly on-premises. You also have to look at deploying agents on your systems. So, it just depends on how you are planning on working. Are you working from an office or are you going to be working remotely? That would dictate how you implement the solution. It is a fine product for what it does. Going forward, it would need firewall capabilities for UDP filtering.

I would rate Forcepoint Secure Web Gateway an eight out of ten. It needs UDP support and a bit more granular filtering of reports, but all in all, it ticks most of the boxes.

We are implementing Forcepoint Web Security Gateway on corporate, and on enterprise levels. We're not only maintaining Forcepoint, but we are also maintaining McAfee and Symantec as well. I implement and maintain Forcepoint.

The primary use case of Forcepoint Secure Web Gateway is focusing on the advanced malware detection for our customers. We deployed it in multiple locations, and we ensure that the customer's requirements are achieved.

The majority of customers are using the on-premises solution of Forcepoint, and hybrid solutions. But, during this COVID period, they are upgrading that Cloud Web Security console with the availability of the categorization, and there is a GRE tunnel. You can use the GRE tunnel between your organization and the Forcepoint cloud with the IT-based policy applicable to your prospective user.

Forcepoint provides you with the reporting that allows you to see the threat information and if there are any threats present.

You can see traffic going to a different country like China as an example. We can see the traffic and decide if they are going to block it and if we are able to block that IP from the firewall.

Also, it will check the functionality that is the most inexpensive and we can see the most important features. We can see whether some country is malicious. We can say this specific connection going to the specific malicious country, we can block that specific URL or specific country IP address from that security console. So, that is the most useful feature in the Web Security console.

The feature that I find to be most valuable is the flexibility of the single endpoint.

The Single endpoint for DLP and Cloud Web Security can be used for the DLP as well and Cloud Web Security as well. This is the most useful functionality from Forcepoint that is driven, and they are even providing the CASB, which is inbuilt on that endpoint as well.

They are providing CASB functionality on that same endpoint.

No other solution provides a single endpoint for the CASB, DLP, and that proxy solution.

Forcepoint has recently made changes on the cloud level. Previously, they did not have any flexibility on the cloud level. During this COVID period, Forcepoint has updated the cloud and now has more functionality on that level. For example, integration of CASB solution, cloud app, and DLP, which is also flexible. They're also adding on-premises data security solution integration with Cloud Web Security.

Also, URL filtering, which is filtering based on the categorized filtering, based on the content filtering, that is available on the Cloud Web Security Gateway, and even has an inbuilt DLP functionality, that limited functionality on the Cloud Web Security Gateway. This is free of cost. 

Forcepoint also includes a cloud app called Shadow IT visibility, which is very useful for the customer to identify whatever application accessed by the user from his endpoint machine, which is installed with the Forcepoint Cloud Web Security Gateway endpoint.

They have improved the cloud app functionality and they're giving the visibility of the accessibility of all the cloud applications accessed by users.

Forcepoint provides some more functionalities on the DLP.

They're going to integrate on-premises DLP solution with the cloud solution, Cloud Web Security Gateway.

With IP-based protection, you can put your ISP IP address and you can define a single policy for your organization, and any traffic coming from your organization will be filtered out with the specific policy.

There are many options and a lot of customization available in the reporting. There is a report builder, report viewer, and a customized reporting template is there. So, you can just customize your reporting, which is the best feature added by Forcepoint.

The ability to display the reporting to higher management is good. They just added that feature to the Cloud Web Security console.

CASB integration has just been added. With the CASB solution, you can select your sanctioned applications or your unsanctioned applications, and define a policy based on them.

The self-user registration is not a part of the domain. Previously, they only had two or three predefined templates, now they're adding four or five templates with the limited DLP functionality.

Web isolation, which was not previously included with the Forcepoint, can now offer a web isolation license. If there is some malicious URL or there is some uncategorized URL and you want to permit, or you want to block that URL, but you can just define the web isolation. In this scenario, that URL will be opened in the remote server, which is an isolated environment. In this scenario, if there is any malicious activity happening on that specific URL then it might not reach on your system because that is open on the isolated environment. Even if you are going to download any files from that site, and if there is a malicious file, they're going to sanitize on that isolated environment, and if it has found any malicious activity, it is automatically blocked.

In regards to decryption, the deep level inspection for all the sites is now available. Earlier, there was limited functionality for this.

Shadow IT provides you with risk level information, for example, it can identify what applications are high-risk and all the applications that are low-risk.

Based on the risk level, you can just block the application.

Forcepoint giving only on-premises solutions and hybrid solutions.

They're also providing the Cloud Web Security, but there is limited functionality, limited categorization, and limited protection.

Stability needs some improvement, we have on occasion experienced some delay when it is synchronized.

With stability, the only thing is that that policy synchronization is sometimes delayed, but not much of a delay.

Generally with Forcepoint documentation, whenever we want to change anything on the policy level on the cloud console, it can take 10 to 15 minutes to update the endpoint machine, but generally, it will be updated in one or two minutes. 

That is not a challenge, but sometimes it's taking more than 15 minutes. 

Forcepoint is also performing some back-end activity to update the Cloud Security console, and they are experiencing some downtime. It will be a total of 12-hours to make some changes to the cloud environment that they also pushed the mail to his customer, whoever is using the Cloud Web Security component. So, they're going to upgrade the solution for the specific region. Region-wise, they mentioned for example the India region or any other region. With this specific region, the server going to update, which might be impacted. 

They will have a 12-hour downtime, and after that, the stability will be resolved.

If I am talking from my perspective and my organization's perspective, we have more than 25 plus customers in my range that are using Cloud Web Security. They are going to move the Cloud Web Security console because earlier, they were using an on-premises solution. Now, you know that the future is on the cloud, so that's why most customers are going to the cloud solution.

With on-premises, you require a server, you require caching, you require an appliance, and you are required to update each and every server. That is why customers are moving to Cloud Web Security. They don't need to upgrade the server because that is back-end activity. The only thing that you can just protect your system in the office and in roaming mode as well.

Technical support is great with the priority level. 

When you're going to raise a case that might be of severity, you can define the severity with the technical levels, business server, or any support level, which is taken by the customer or partner. 

According to this, we're getting the response, we're getting the proper article on that console, whenever we're going to raise the case with a specific problem. With the problem, when we are going to put that problem information, there is automatically an article that is attached.

The maximum problem will be resolved on that tech knowledge-based article. But if there is nothing returned, or there is no resolution with the knowledge-based article, at that time we definitely raise it with the support team and they respond immediately.

The initial setup is straightforward. 

You just need to put a server to sync your user information with the cloud for the authentication perspective. If you're not using the AD environment, you can just send an invitation link for your user, so they can register themselves with that Cloud Web Security console and use the functionality and the admin can apply the policy for specific or the email ID based users. 

Definitely, if we are talking about the Cloud Web Security solution, not only Web Security solution, any cloud solution, so generally, they're asking for the email addresses when they are going to integrate the AD environment on the cloud. So, that is recommended for all of the web solutions.

This is a flexible environment; you can just put that agent on machines through AD or any third-party deployment tools. There is the flexibility of the port connectivity, where you can just keep open the ATA 443 port that is generally used in the organization environment, and you can suggest the customer open the specific port for the specific cloud ranges. 

You cannot open that traffic for all of the internet.

Licensing cost is also dependent on the number of licenses. 

When users increase from 100 to 500 or from 1,000 or even 20,000, that licensing cost automatically decreases. And if there is a limited license, you can say there is a fixed price, for use of the licensing.

Licensing is flexible. License pricing information is based on the customer, their environment, and on the future approach. For example, are they're going to move forward with this environment? Will they be increasing their system to more users?

There are additional costs for URL filtering, Web isolation, and CASB integration. 

For the normal scenarios, if I am talking about URL filtering, there is no additional component for that. There's a single license, the standard license for the URL filtering and if you want to add web isolation, that is definitely something you need to pay more for. Even if you want to increase your storage limit for the log, you definitely need to pay for the storage as well. To start with, the retention period is 90 days.

I am evaluating several solutions to compare with Forcepoint Web Security Gateway such as McAfee, Symantec, DLP, Web Security, CASB, and Email Security as well.

Generally, the McAfee team is a different one in my organization. But if I am talking about McAfee with the Gartner Report, the categorization is limited for McAfee

If we are talking of Forcepoint, there are more than 101 categorizations included. Based on the categorization, you can just identify which URLs come over the specific categories, and you can identify them immediately.

If you are talking about the URL categorization based on that behavior, that is also positive, proper categorization performed by Forcepoint so that you can get the response from the internet as well.

With Cloud Web Security, of course, Forcepoint is providing the hybrid. The scalability on the hybrid and cloud web security, that is visible.

With McAfee, from my organization, there are limited customers for this because they are facing many issues, which is why they maybe moved on to Forcepoint.

We deployed this solution during COVID, for two or three customers, and the customers are very happy with this product.

I can recommend Forcepoint.

I would rate this solution a nine out of ten.