Forcepoint Web Security

Forcepoint Web Security is well suited because it provides on-premises as well as cloud functionality, so instead of fully migrating to cloud we can have a few users on on-prem and few on cloud. It gets easy to identify which users should be on cloud or on-prem. It is always better to use a generic policy for everyone, otherwise it can cause issues while creating exceptions. The scenario where it is less appropriate is when there is a function where the agent can automatically get updated but when we do that, the agent does not get updated properly, which causes a lot of trouble as we need to uninstall the agent and then re-install it.

Scenario: Hybrid mode for home and remote users scenarios Out china office is not able to deploy force point due to Forcepoint Web Security moving out of the China market.

It is very well suited for [an] environment where the internet usage is high and most business applications are either cloud or internet-based e.g. SAP, GST, E-way billings, etc. It is not appropriate for organizations where the hardware is not being updated for a long time as it requires good hardware to run it without any hassle.

It is well suited to on-premises web filtering. We have recently attempted to implement the agent for remote users and have had issues with it interfering with our VPN software.

Over the years, [in our experience], the maintenance of the Forcepoint Web Security solution proved to be more cumbersome and troublesome with each version upgrade. In addition, it did not transition well to support the large increase of remote workers. We also experienced weird incompatibilities with the client. We have since replaced this solution with Zscaler Internet Access, a cloud-based secure web gateway solution with a client that behaves as expected, is more flexible, and requires significantly less administration.

If you are looking for web security with DLP, it works well, but if you are more interested in application-level visibility and granular control and CASB integration, then it has some scope to improve. For roaming users, DNS and non-web protocol control [are] not of industry standard.

It can be used as [an] explicit proxy, especially when combined with a proxy PAC file that lists the exceptions, and we have a lot of them (e.g., Microsoft apps like Teams). Then the exceptions will bypass the proxy and need to be able to pass through the firewall. A transparent setup should be possible, but we never got it to work reliably, [...] because this depends on [a] redirection by switches or firewalls, for which no modern protocol is being supported.

Forcepoint Web Security is well suited to tightly controlled corporate environments where policy enforcement, centralized management, and off-network protection of end-user compute devices is important. On mixed-use networks, loosely controlled environments, and environments with a mixture of mobile, BYOD, and guest devices, it is less well suited.

[Forcepoint Web Security is well suited] if you have an organization where there are quite a few servers and PCs that access the internet. If a user's internet usage logging is needed, then this product is well suited for your environment. If you have a smaller organization, Forcepoint Web Security may be overkill for your establishment.

Forcepoint Web Security is a suited solution for all the kinds of organizations who are accessing the web internet, be it small size, mid-size or larger organizations. Its content filtering feature is just awesome which is not available with other vendors. If you want to allow Sports category and block movie category on the same URL (youtube) then this kind of scenario can be achieved by Forcepoint Web Security. It has intuitive management and reporting and the largest intel database.

Forcepoint most importantly helps protect the organization from various cyber threats and has supported our organization by identifying and flagging suspicious activity that otherwise may not have ever been discovered. Fine-tuning for web filtering and DLP has enabled to minimize false positives while supporting the security posture of the organization.

[Well suited for] project specific restriction. DLP restriction works well. Shadow IT is not visible.

It works in work from home. Its agent is small and can be easily installed.

It suits well on site offices, using cloud proxy defining the filtered location.

As above, worst scenarios of implementation are countries where government intercepts and modifies secured connections.
In those locations we had to disable cloud proxy and permits access using only local Content Gateways.

Also for VPN users, to grant them to accesso to Gsuite, we set up to allow them to use office Internet line to access this service.

Forcepoint is great for monitoring users online browsing behaviors and time spent being less productive, it also provides a layer of security to block malicious websites.

Scenarios where you have people working remotely dealing with sensitive material.

I strongly believe every small organization or IT department can benefit from Forcepoint. The dashboard is a quick way to see what is going on in your environment. The application is set it and forget it and gives me a strong secure feeling knowing malicious sites or content is being updating constantly. User do not know it is on their machine or device. They are alerted by a page saying that is a blocked site, if they really need access, they let me know and if I approve, I can quickly give them access.

Due to the diverse and roaming demography of our users, Forcepoint suits us with its global flexibility and its ease of use, endpoint and web interface management, and deployment. Providing trends and user habits has been great for reports to the business, as well as defense security blocking reports presented at board reporting intervals.

Protection from web traffic, content filtering etc. are the best use-cases. Not suited for large organisations having private WAN with multiple ISPs and intend to use it a transparent proxy for all outbound traffic. It supports only HTTP and required non-HTTP traffic to be divereted to some other appliance. Web and Email being one of the most common requirements of any organisation, support for Email protocols is also a must.

Without disclosing too much information Forcepoint Web Security is well suited in HR related issues where performance management/productivity or breach of internet use policy is questioned. The reporting can be very granular and damming for individuals being investigated.
It is less appropriate for real-time monitoring as this is not possible at this point in time from what I understand.

Forcepoint Web Security is the best by far I have come across for on-campus web security gateway implementation. I would recommend it for all those who are budget concerned but really serious about protecting their assets with less effort and lower maintenance costs. Forcepoint Web Security is a reliever of browsing worries. However, I had some concerns with hybrid deployment where some ISP connection was not making it through but have heard it's been fixed with the latest releases.

Forcepoint all the way around is a very good web security tool. In my opinion is well suited for organizations that have multiple remote sites in the states and around the world. Given that you can manage the whole organization from the cloud, I believe a company will benefit from using Forcepoint web security. Scenarios where it may be less appropriate and the company could possibly save money by going with something simpler, could be a small company. A single office company with no remote users. I strongly believe Forcepoint will still work well for this type of companies, however the company would not be taking advantage of all the Forcepoint Web Security benefits.

It is suited for any company that needs to monitor web usage and block sites that are dangerous or inappropriate. I honestly cannot think of any scenarios where Forcepoint Web Security isn't a valuable tool.

Forcepoint Web Security is for companies that have well-established policies that are clearly defined. The cloud deployment is useful for companies that want an easier deployment and a mostly remote workforce. The hybrid works better for a company that has internal resources that have the knowledge to deploy and manage a proxy environment.

We deployed it across the entire company. We are using just the Web Security Gateway portion of the product at this point. We use a 95% virtualized workstation environment (VDI). We were able to add the agent to all of our VDI clients before resynchronizing them and we used GPO to push out the agents to our physical devices. We are leveraging the cloud based system and it is working very well for us. Our previous solution would not allow us to download at speeds greater than 1Mbps and ForcePoint allows us to leverage our full bandwidth. It allows us to monitor and block web pages as necessary. We now only need to block on content and productivity since Forcepoint always scans the content. This is a specific distinction because many people block webpages due to risk and with Forcepoint, we don't have to worry about risk. We can focus on productivity factor of the websites instead. Due to the flexibility of the product, I cannot imagine the product not being able to handle any scenario.