There are better alternatives in the current market
No photo available
July 12, 2019

There are better alternatives in the current market

Score 6 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Forcepoint Web Security

Forcepoint Web Security, Formerly Websense(used to be called WSG), is Forcepoint's solution for Web Proxy.
This is currently our Proxy solution in the company. We have hybrid deployment - meaning we have an agent on all of our endpoints to make sure that even when using outside the network, the web access will be controlled.
When using in the office, we have on-prem local proxies. The policies allow one to control access to categories/protocols. You can allow, block or limit and also control the ability to download files. There is also a built-in AV, which in my opinion doesn't do much. The new feature of Shadow IT can help you detect the usage of Shadow IT in your network.
  • The ability to set policies is very simple.
  • Logging and monitoring are detailed and easy to run.
  • Deploying new proxies are now much more simple with the proxy appliances. In the past, you had to install the OS and software.
  • From time to time services stop working, so you need to manually restart them.
  • Endpoint agents can cause problems in all kind of situations such as during a flight, hotel wifi, if the user is in China, some ISP's, etc.
  • Some settings cannot be changed from the management server and you'll need to do them on each proxy server manually.
  • Support in O365 apps does not always work and can cause issues. We had to configure some bypasses in order to solve them.
  • All the components can be virtual - no need to purchase any physical appliance.
  • From what I had a chance to see, Forcepoint prices are very competitive (in comparison to other proxy vendors).
  • I spent (or actually wasted) a lot of time with their support when I had problems with the system. This can be very frustrating.
You can purchase the Hybrid module for remote users. This will require you to deploy agents on all relevant users. There are 2 types of agents - one called Proxy Connect and the other Direct Connect. We use both of them. Proxy Connect is the inline proxy with all the proxy capabilities and features. But can cause all kind of issues. The Direct Connect agents were designed to solve these problems, BUT- this agent only does URL filtering which is less secure.
The built in feature can help you detect Shadow IT usage in your network. This is not a full CASB solution! It's nice to have if your policy is very loose. We used it to adjust our policy and blocked some services. I noticed some false positives where the detection was not correct.
Forcepoint has real-time detection of websites. This is in case the URL is allowed but malicious content is found. Theoretically it is a very good feature, but in reality, it sometimes gives false positives.
We POCed the CASB solution. Forcepoint acquired SkyFence, which is their CASB today. I expected it work much more smoothly than it does. But it still looks like the solution is not integrated enough (like working with two different companies). Eventually, we moved to MS.
We're now in the process of moving to Symantec Proxy solution which has additional security features like isolation. We picked the full cloud solution so that there will be no need to install any in premise servers. The fact that we already have their AV makes things more simple for deployment.
I believe Forcepoint Web Security can be very good if most of your users are working from the office. If you have a lot of mobile employees, or if all your workstations are laptops, things get more complicated and problems start to occur. When these happen and you start working with their support - good luck with that. I'm very disappointed with their support, they maybe have a few people there who actually know something. Most of them do very simple checks that I know how to do myself.