Forcepoint Data Loss Prevention Reviews

We use this solution for data theft and for some forensic work.

Forcepoint DLP has very good reporting whether it is at the gateway or it is the LP. The product is user-friendly. 

We faced some issues with the endpoint installation of the agent as it is not from a common ground. Rather than being able to give a command from the central control and install the agents on the laptop, you need to install them one by one.

I have been using Forcepoint Data Loss Prevention for 10 and a half years.

This solution is stable. There is no specific maintenance of Forcepoint DLP, it is just a matter of tweaking the product to comply with any new or amended corporate policies.

Forcepoint DLP is scalable, it is just a matter of installing the agents.

Previously, I worked with Symantec DLP and McAfee DLP. Forcepoint is more user-friendly than both of these products.

The initial setup of Forcepoint DLP is neither easy nor complex. The technical setup is easy, however, the user education takes time and can be a bit of a strain. 

If you are considering implementing Forcepoint Data Loss Prevention into your organization, be sure to be clear of your initial requirements. Sometimes users are thinking something totally different and the DLP will not meet those needs. 

Overall, I would rate this solution an eight out of 10.

I am not satisfied with the tool and will replace it since its integration with the Microsoft platform solution, which the company has chosen currently, would be difficult, and we don't want to spend too much time on it. It is easier to have a fully integrated stack. Forcepoint Data Loss Prevention is not a very well-integrated tool. We also have artificial intelligence, which is easier to directly integrate into the heart of the platform.

The main issue is that you cannot be in security staff and put your data center in Dubai. You need to master your data redundancies. Putting two data centers in Switzerland is fine, and we can use it, but you cannot have DLP rules, and you put your data in Dubai, which can lead to mistakes. Even the rules are really sensitive data. We could think that only the patterns would go in Dubai or whatever, but the rules are the most important part because the rules define what is going to be detected and what won't be detected, and inside the rules, we have everything customized.

No financial institution will be able to keep Forcepoint in Switzerland when they move outside of the data center. The other issue is that when you are doing a setup with the on-premises version of Forcepoint, the big mistake here is the way the software is split. Speaking about the version of Forcepoint you are going to install in your data centers, the issue here is that it is done for a VMware setup inside the data center, so you can have many servers. In the cloud, you are going to pay for what you are using. If you are using eight or ten servers, you are going to pay for ten, making it really expensive. The web version that you can set up of Forcepoint has not been designed for the cloud. The cloud version is located in Dubai.

I have been using Forcepoint Data Loss Prevention for ten years.

The solution's technical support was bad as they have no skills at all. We are not able to get replies from the tool's support team. I am not sure if the tool's team could offer advice or consultations because a local company used to do it for the product, as there are just a few skilled people available at Forcepoint, which is also an issue.

Instead of Forcepoint Data Loss Prevention, I recommend Purview to others, especially if you are located on Microsoft platform, since it helps with compliance and not only as a DLP tool. There is a gap we need to close in Forcepoint Data Loss Prevention as it is useful for security operations. For example, it can be used to ask an end user to unlock your blocked emails.

AI is mostly used when you have to check the DLP inside artificial intelligence, and it is not perfect. We were also looking for SSE solutions, and the point is that Forcepoint could have been a good candidate, but it is located in some bad countries, making it one of the main issues why the tool was no longer a satisfying solution for our company. The tool is also quite heavy. In some cases, it is slow, making it not so comfortable to operate.

The tool is fine for the DLP features, especially when you are on an on-premises model with a data center. If you are on the cloud, I would not recommend it.

Purview and Forcepoint are almost the same, as both can be used to block, upload data, or send emails. Once something is blocked, you ask the security operations, who will start, to provide us with the document we can look at to see if it is legitimate or not.

The incident management process is not based directly on Forcepoint. Forcepoint is used to detect and block, but the response is not done inside of Forcepoint. It is done at the data level.

I rate the tool a seven out of ten.

We use Forcepoint for compliance, PCI DSS, and data protection at the network, endpoint, and data discovery levels.

Forcepoint has out-of-the-box rules and policies for PCI DSS and GDPR compliance. The compliance features are easy to deploy and implement. If your data is not classified, you need to do that first, but the functionality is out-of-the-box otherwise. 

Forcepoint offers many policies that conform to global DLP best practices, including requirements specific to regions like the Middle East, Europe, etc. They have a policy database in their product. That feature is unique to Forcepoint. Their AI and fingerprinting are incredibly effective and robust. We have tested it multiple times. It always catches the correct data being leaked.

They can improve a bit in the OCR category. The OCR deployment could be simplified. Right now, you have to set up a separate server to manage all the data going through the network, especially the images. Forcepoint could better integrate the OCR component with central management. 

Many customers ask how we will detect data in the OCR images. We must tell them that we'll deploy another machine to manage OCR. However, smaller enterprises have limited hardware. An enterprise can provide the necessary hardware but not the SMEs. This is a critical category because data can be leaked through images. 

I would also like Forcepoint to add support for AIX machines and databases. The solution still doesn't support certain machines like IBM AIX machines. Forcepoint typically supports QRadar integration, so maybe they can increase the work support on the server side.

We have been using Forcepoint DLP for three years.

Forcepoint Data Loss Prevention is a stable product. We have had any serious issues on the client side. 

Forcepoint supports huge deployments of more than 20,000 endpoints. You can scale up from hundreds to thousands. It's easy to scale by adding devices and increasing the hardware to support more systems in the same architecture or the same infrastructure. It covers everything, from clouds to networks and endpoints, Linux servers, Mac laptops, etc.

I rate Forcepoint support eight out of 10. Their support is good, but not excellent. At the same time, their presales service is strong. Overall, their standard support is not bad. They try to resolve problems in time and usually ask relevant questions. They are knowledgeable, but you'll need to pay for a higher tier if you want faster response times and 24/7 support.  

Positive

I rate Forcepoint 10 out of 10 for ease of setup. It's one of the simplest DLP solutions I've used. Symantec is more difficult than Forcepoint. Setting up Forcepoint is straightforward. 

They have an extensive knowledge base online, and the steps are well-defined in those documents. We have a console server called Forcepoint Management Center. We also need to deploy DLP agents a Protective Appliance on the network server. Forcepoint has extensive support for integrating with other vendors, so the setup is quite fast. We can integrate the product with any of the proxies available in the customer environment.

I rate Forcepoint eight out of 10 for pricing. We have a different team that handles the pricing, quotes, and presales. I'm on the technical side, so I'm not sure about the cost.  Our customers tell us they prefer Forcepoint because of their market presence. It's also the leader on Gartner's Magic Quadrant and has high ratings on third-party platforms. They prefer Forcepoint. I don't believe the price is too high, but Forcepoint is a premium service and the cost is consistent with the product they are providing.

I'm referring to the price from a vendor perspective. When a customer asks us to provide this product to meet their budget, Forcepoint will cooperate with us and provide discounts. 

I rate Forcepoint Data Loss Prevention 10 out of 10. It's the best product on the market. When our customers compare it with Symantec, McAfee, or Trend Micro, the response is extremely positive. The product is stable and scalable, and the licensing tiers are fairly simple. It's easy for us to explain to customers which features are available for each pricing tier. 

The main purpose of DLP is to protect data from being sent outside of the organization without authorization. So, my client uses it to protect emails and web traffic and to integrate with content classification and USB blocking systems.

Some good features are basically its UAV Analytics engine. And even fingerprinting is really good in Forcepoint.

Forcepoint recently released an in-line proxy feature, which is a great addition. Previously, users had to add an extension to their browsers, but now that's not necessary. Now, that extension is not needed. 

One area that could be improved is the support. The current support is not very good. Because they don't come on time when a customer really needs it, they take a lot of time to troubleshoot anything.

For Mac, they should introduce the feature of airdrop. Currently, no DLP detects the airdrop feature. Like, if we have an airdrop. So, no DLP detects that any file is going from Airdrop. Our customers have these use cases. 

I have been working with this solution for five years. For Forcepoint, we are a titanium partner. 

It's scalable. We sell to medium and enterprise-level businesses. 

It is an easy installation for Forcepoint.

To deploy Forcepoint, we would take almost a week because it's an on-prem solution. But now they have even a cloud platform. So it can be done in one or two days. It depends on the customer and how they provide the insight and everything.

One person is enough for the deployment and installation process. 

For Endpoint DLP, obviously, we are the people who do maintenance. But for SaaS-based, it is GTP service only.

The pricing is fine. It's a yearly based license. For endpoint Forcepoint DLP, they have another license, and for network DLP, they have another license.

Overall, I would rate the solution a ten out of ten. It is a really good product. 

It is very user-friendly, even for admins. However, the support is very low otherwise the product is very good. 

The primary use for the product is to protect our intellectual property. Additionally, I use the product for compliance and regulatory purposes, which means ensuring that certain data is protected in accordance with regulations and standard policies. 

I have seen benefits, particularly in terms of increased confidence in compliance with data protection regulations. When it comes to external auditors, I am confident that they won't find any issues related to data protection. Additionally, it has increased my confidence that our organization's intellectual property is not misused or extracted without permission.

I like the product's integration at the network layer, which allows for integration with other vendors' security solutions as long as they are compatible with ICAP integration. For example, integrating DLP with web security or email security solutions. This flexibility is a valuable feature for me as it allows for more efficient use of the product, without necessarily requiring the use of all of Forcepoint's products.

I would like to see the product extended into the cloud as a single solution. It currently requires another product, the Cloud Access Security Brokers, to protect both on-premise and cloud data. I hope it can be consolidated into a single suite, offering protection for both On-Premise and cloud data, users on and off the corporate network, and users using corporate devices and BYOD. It would make the whole DLP process much more linear and efficient. I agree that moving to the cloud is the future and the present, and many people who use DLP have already made a move to the cloud.

I have been using Forcepoint Data Loss Prevention for six years, and I am currently using the latest version, which is 10.0. 

I have used over eight versions in the past and kept up with the updates as they were released.

I would rate it a nine out of ten.

I rate the scalability of Forcepoint DLP as a nine out of ten. It has a supplemental server feature that allows for easy scaling. As the number of users and data traffic increases, all that is needed is to add an additional supplemental server, which is not complex and only requires a Windows machine with minimal specifications.

Let's say you have 10,000 users and one management console or server with two supplemental servers. Your management server stays the same as your user base grows to 20,000. You don't need to increase your management server. All you need to do is add supplemental servers, and you're ready to handle the increased user base and traffic.

Implementing Forcepoint DLP can be a bit complex, as it requires a DLP expert to help with the setup. However, day-to-day administration is quite user-friendly. We are currently using the on-Prem version of Forcepoint DLP as no cloud version is available yet.

We are Forcepoint partners. So as much as we sell the products, we have the technical skill sets to implement the solution.

The term "expensive" is relative. If the ROI is good, no matter the amount of money invested, it is a win-win. If the cost meets the demands or it meets what you set out to do, what you set out to achieve. Holistically, it's not the most expensive compared to its competitors.

Forcepoint is being fully transparent with its costs. There are no hidden costs or extra costs.

Overall, I would rate it a ten out of ten.

If you are considering using Forcepoint DLP, it is miles ahead of its competitors in the realm of DLP. Forcepoint stands out as the clear leader when we compare pure DLP solutions. The closest competitor would be Symantec, but even they are miles behind in terms of capabilities. So, if you're looking for a top-performing DLP solution, Forcepoint is the way to go.

It's for DLP and to monitor and make sure that no key files are being sent out of the organization. It also helps in terms of tracking any abnormal behavior.

We have about 700 users and it's endpoint-based. We add an agent to the endpoints and it coordinates with the server.

With Forcepoint we found that one employee who left had taken some files, and we were able to stop it. And if somebody is under a notice period, we now monitor whether any files are about to go out. When they take something with them, we can see that. We can also identify any abnormal behaviors that are happening. A lot of times it happens that if somebody is about to leave, they try to take some information away with them. We catch that fast.

It also helps in terms of HR stuff because file movement can indicate people who are looking for jobs. We can see CV movements and it helps as an indicator of a dissatisfied employee. We can at least see the behavior and see if we can do something about it.

Before Forcepoint, we had data in terms of how many terabytes go in and out, but now we can specifically see what goes where.

One of the most valuable features is being able to see file movement, where files are going. Every week we review the files. It can identify software codes, so we code files and we know where they're going and who's doing what. It gives us visibility. It shows any key files, any strange behaviors, such as if somebody is taking too many screenshots, and alerts us about that.

I would like to see improvement in the reporting. We can only get one week's worth of data; we can't get more than that. Also, the reporting console is very slow, making it very frustrating to use. There are times when I open it up on a Monday and take a download, but it takes so much time. You can get busy with other things and come back and it's still hanging and you can almost forget about it. 

Also, the server goes down and we have raised tickets to resolve that. In the past two weeks, we've had to deal with that two or three times. It's been a little annoying lately.

I have been using Forcepoint Data Loss Prevention for one year.

The system is stable, but as I mentioned, the reporting portion is very unstable. If I want to get reports out, it takes a long time. Sometimes the server is down, and I have to raise tickets. I have had problems there.

The scalability is okay, there are no problems with that. We can add on more agents as we expand with more people. We haven't had any issues there.

I would rate customer service at 8.5 out of 10. When we have problems with the system, they respond and they generally resolve things within half a day.

This is our first solution of this kind.

The initial setup was straightforward but setting up the rules was very complex. It is something where things don't actually work as we think they will work. It generated a lot of false positives in the beginning.

Our deployment took about a month.

Our strategy was to start with auditing first. We haven't actually moved to blocking yet. When we tried to move to blocking critical files, it ended up blocking some other people at work. There are some issues around that and we have had to be careful.

We let it run on its own. I look at the data in Forcepoint on a weekly basis, but we don't have any administration of it, per se. My IT team handles the deployment of new employees coming in, meaning the deployment of the Forcepoint agent on their laptop. That's about it in terms of admin.

An integrator helped us, somebody who deals with Forcepoint products. There were no problems with that, although they were billing by time and the system is a little complex.

We have seen return on our investment because we're able to track our data. It's not so much an active return on investment, but more like an insurance policy. It prevents bad things from happening.

The pricing is reasonable. That's why we went with Forcepoint. They were pretty competitive.

There are no additional costs, other than the cost for additional licenses that we have to pay for ad hoc.

It's not as easy as Zscaler to connect. To be very honest, I think Zscaler has a better product with a better interface, but the cost of Forcepoint is more attractive. That's why we went for it. We looked at McAfee as well. McAfee is a bit resource-heavy. 

Zscaler was very good. The interface was really good and it's easy to set up. Forcepoint is okay. I spoke to some other customers who used Forcepoint and they said, "Look, the interface is a bit complex, but it has everything in place."

You need to put a lot of time and effort into Forcepoint, you need a dedicated team for it. You also need to have a data classification strategy firmly in place. You should classify your data before you get it. You also need to test your rules thoroughly before you implement them.

The solution is easy to manage. 

I am not able to get support directly from Forcepoint. 

I have been working with the product for three years. 

I rate the solution's stability a seven out of ten. 

I rate Forcepoint DLP's scalability an eight out of ten. My company has 11,000 users. 

The tool's support does not provide urgent solutions when we face issues. 

Neutral

We have five resources to handle Forcepoint DLP's maintenance. 

I rate the tool's pricing a six out of ten. 

I rate Forcepoint DLP a seven out of ten. 

We are a solution provider and Forcepoint DLP is one of the products that we implement for our clients. We have Forcepoint DLP at one of the telcos and one of the things that we are trying to discover is information, across the organization, that is of a personal nature. We are using it to comply with POPI, which is the equivalent of GDPR in South Africa. We are also using it for PCI-DSS requirements. This discovery component works quite well with respect to the search.

When we deployed it for a bank, it proved highly efficient in terms of PCI compliance. It was very quick to pick up where people were divulging personal information regarding credit card holders. We then deployed very simple rules that we had customized, without the need for data classification.

Initially, if you were just doing PCI-DSS, because it's very limited information that you needed to protect, you could do it without data classification. This was good for an organization that had data to protect and wanted to comply with PCI-DSS, but had not done the data classification at that point.

The rules that we put into place were simple. For example, if more than two credit card numbers are being pushed out then block it, or first put it into monitoring mode and then block it.

One thing that I really like is that you can customize the rules. 

The challenges that we've had are related to deployment, especially around the discovery component, and with the local support that we receive in South Africa.

With respect to the discovery component, the reports are very hard to interpret because they come out in an illogical format. We forwarded the reports to our local support team, who were also unable to help me. Eventually, the problem went to the UK for that team to interpret the report.

Ultimately, my biggest challenge is the discovery component with respect to the reports, as good as it is in terms of the integrity, or the search. It is a question of how you translate technical reports into business language. We tried the cloud version, which is Forcepoint CASB, and we found the same thing.

The local support team is made up more of salespeople than engineers and as such, the support in South Africa can be improved.

My experience with Forcepoint Data Loss Prevention goes back to 2005 when it was still called PortAuthority. The product has evolved massively since that time. I have deployed it and worked with it for different organizations at different locations.

Initially, it takes a little bit of processing but nothing to be too concerned about. Stability-wise, nothing has really annoyed us. 

The scalability is fantastic. One of the things that I like about Forcepoint is that I can customize the solution to suit my objectives. For example, if I only wanted to prevent PCI then I could just go in and do that.

One of my clients has quite a large deployment, with approximately 30,000 users. They have plans to roll it out to the rest of Africa.

Technical support from the UK is good. However, the experience of local support in South Africa is not at the level it should be. Most of the local staff are salespeople, as opposed to engineers. Support for the deployment of the product is seriously lacking.

In the UK, they were much more knowledgeable about the product, as well as the outputs and how to actually read them to make business sense out of them. It was much better than what we had in South Africa. Locally, they simply said that they didn't understand it. Most customers will shy away from products when the support is like this.

Because they answer the phone, I would rate the local support a two out of ten. The European support was better, so I would rate them a five out of ten. There were delays in their response but I'm not sure if it was related to the difference in time, or it was part of the ticket escalation process.

One of our clients was using the Symantec solution prior to Forcepoint. We convinced them to switch because Symantec does not have a great presence in South Africa and support was an issue.

They had been using it for quite a long time and had not seen the necessary return on investment. With the new legislation, it was time for them to change to something that was more practical, and more user-friendly. The product works great now.

The implementation is not as easy as people make it out to be. Once you get it right, the product is fine, but this requires understanding it and getting the proper training. A novice that has begun to work with the tool can find it quite difficult to implement if they don't have a good understanding of the product, and do not have the right support.

For example, in one organization it took us about three months to implement it, whereas it should have taken about a month.

Our clients have hybrid deployments, where they are part on-premises and part cloud. The choice of cloud provider is made by the client but they either choose Microsoft Azure or AWS.

The implementation strategy that we use varies depending on the client. For example, at the bank, we wanted to prevent data breaches, especially with credit card information, and ensure compliance. Therefore, our strategy was focused on just the PCI requirements so that we could take reasonable measures to protect the organization. Essentially, we wanted to go from zero to hero quite quickly. That was possible because of the flexibility and agility of the product.

When it came to the telco, it was a completely different strategy. It was a long-term strategy in terms of protection of personal information and preventing it from being divulged without authority to would-be criminals.

When we deployed it, we literally had to look at the requirements and configure it from a POPI perspective. In this regard, the deployment was skewed toward personal information breaches.

We worked with a local reseller, Performanta.

Their skills were meant to be the best in the country but it left a lot to be desired. We had to use the UK offices and that's a challenge with most of the organizations in South Africa. With big vendors, South Africa is a small market, so the investment in South Africa is not what it should be. Understanding, managing, and integrating products needs to be improved, in general.

For deployment, there were eight of us in total. Two were engineers, there were four analysts because we had to write the business rules and document them, there was a project manager and a few others.

Maintenance is being done by the client, in-house. They have two engineers that are responsible for it, and they have purchased support from the local providers.

My clients are seeing ROI because the privacy office is quite comfortable now that they've done everything reasonable to meet the compliance requirements. There is a level of assurance provided by the DLP solution.

In terms of pricing, it is good for a corporation but they do not cater to small to medium businesses. They have to look at a different pricing structure for small to medium-sized enterprises because the cost is too high.

This is compounded for the African market because of the exchange rate. One dollar is equal to approximately 15 rands and if you were to multiply that by the price of the product, it becomes quite costly.

There are no costs in addition to the standard licensing feed, although you still need to understand the operational impact that it has on an organization from a resource perspective. That needs to be factored into the total cost of ownership.

We compared Forcepoint with NetSkope to assess its reporting capabilities and we found that the NetSkope report was very easy to translate, understand, and explain to a business. Forcepoint was instead very cumbersome, unstructured, and illogical. It required an expert to actually interpret the report, which is something that you don't want.

We have also looked at the McAfee product, as well as the one from Microsoft. At that stage, the solution from Microsoft was a little immature and I have not looked at it since. Forcepoint was the leader when we implemented it for our clients.

Comparing Forcepoint to the other products in general, the data discovery capability was great, except for the interpretation of the report. The OCR capabilities were also good for us because it's a telco and they have a lot of paper going through. 

The tool works great but they don't talk about the operationalization of the tool from a process perspective. When people sell DLP solutions, they talk about the efficiency of the tool, but they don't talk about the impact that it has on an organization from a resource perspective.

You would need a team to analyze all of the exceptions that you have, like the way they do in a SOC, where you have analysts looking at the incident. They analyze and investigate it, and then determine whether it is positive or negative and something that we have to be worried about. For example, our organization had approximately 70,000 end-users, who were employees. There is quite a large amount of data that is transferred across our network.

In our case, if a person is sending more than one credit card credential out of the bank, it was flagged. If it was more than one, you had to have a whole backend process where the analyst had to look at it, then perhaps ask the person why they were sending out this information.

When we were first looking at this product, there was nobody who informed the customer as to the complete ecosystem that would be required to have an effective DLP solution in play.

My advice for anybody who is looking at Forcepoint is that they need to understand what it is that they are trying to prevent. You cannot be totally dependent on the tool to do everything. This is not a criticism of Forcepoint but rather, a criticism of the way it's sold. The product will do what it's built to do. But, if you're expecting it to automatically manage the incident, then it cannot do everything. It can block, it can monitor, and it can create alerts, but you still need your analysts. For most CSOs or IT managers that are looking to deploy, they must factor in the practical implications of operationalizing it. They need to have a process in place. They need to have an escalation process in place, and they need to have resources like analysts to actually look at the exception reports.

This is an effective data leakage solution, it does what it's meant to be doing, and the interfaces are great. The biggest lesson that I have learned from using it is to understand the total cost of ownership.

I would rate this solution an eight out of ten.