Forcepoint Secure Web Gateway Reviews

I'm using Forcepoint Secure Web Gateway for web security, particularly DLP. It's mainly to control internet usage for users in terms of what's allowed and what's not. It's also a DLP solution that I use to monitor the data, including information about any data transfers within the organization.

Forcepoint Secure Web Gateway does most of its job well, but I especially like its data security feature. It also is beneficial that it lets you restrict attachments and allow or disallow users to access templates within the organization.

What's missing in Forcepoint Secure Web Gateway is a specific level of micro-control on protocols or devices, for example, where you can control a particular user or user device. This is what should be improved in the solution.

I want a micro-level management feature added in the next release of Forcepoint Secure Web Gateway.

I've used Forcepoint Secure Web Gateway for more than five years.

My organization had some issues with Forcepoint Secure Web Gateway, where sometimes it behaves differently, though it could be version related. The solution has some stability issues, though not very severe so I would rate its stability as seven out of ten. It had minor issues that didn't cause a massive breakdown.

Forcepoint Secure Web Gateway is scalable because it works well even with ten thousand to fifty thousand employees. You can scale it up or down, so the solution is a ten out of ten in terms of scalability.

I'm not fully satisfied with Forcepoint Secure Web Gateway support. Though the response time is good, the resolution takes too much time sometimes.

My rating for technical support is six out of ten.

Neutral

Forcepoint Secure Web Gateway, setup-wise, is complex unless you get some support. It's challenging to set up using an internal ID.

I'd rate its setup as three out of ten.

We implemented Forcepoint Secure Web Gateway with the help of Forcepoint support and a third party.

The pricing for Forcepoint Secure Web Gateway is expensive. You pay per user and functionality. I'd rate it a four on a scale of one to ten. Compared to the competition, Forcepoint Secure Web Gateway is one of the most expensive products.

My company uses firewalls, such as Fortigate, and web security products, such as Forcepoint Secure Web Gateway.

My rating for Forcepoint Secure Web Gateway is seven out of ten.

My company is a Forcepoint Secure Web Gateway customer.

My position means that I'm focused on functionalities and the happiness of the users of this solution. I am the CTO of sales and we are a customer of Forcepoint. 

I think the antiviral sandboxing is a valuable feature. 

The issues we have are more around organizational issues between us and Forcepoint. We don't have problems with the solution although sometimes attacks or new ransomware gets through. Sometimes we need to work together with Forcepoint in order to change the setup and to block it. It would be great if Forcepoint was able to do this without our knowledge and, even better before those mails ever reach us.

The improvement needs to come on both sides – not only from ForcePoint, but the idea is to work on few points:

• The idea is to set up on the ForcePoint side TAM that could help us in the tuning the configuration.
• At the same time we need to work on improving the expertise and increase the number of FTE that will work on the platform (internal or external) in order to be able to really have the benefit of TAM.
• 3^rd point is that some of the attacks come through and after we report it to ForcePoint they manage to improve the environment, while my experience with some other solutons is that the provider is more proactive and does the change/improvement even before we notice it.

I've been using this solution for three years.

The stability of the solution is fine. 

The scalability of the solution is fine. 

We are not so satisfied with the technical support but not because of Forcepoint, rather because of the organization on both sides. We need to work on that.

The initial setup is relatively straightforward. You need to spend some time defining the template of the environment that you would like. After that, the deployment in different domains is pretty easy.

The pricing of the solution is okay. We pay licensing fees but the cost depends on the package that we take. There are no other hidden costs. 

We are happy with the solution for now. One of the reasons we took it is that it gives us the flexibility to change if we do not like it or we are not happy. To be honest, once we made the decision, I didn't look at the marketplace anymore. It's possible that there are better products out there today.

I would rate this solution an eight out of 10. 

I'm currently using the solution for the internet traffic controller for the application end.

The solution makes it really easy to control traffic, whitelisting, and the GUI environment. Forcepoint Secure Web Gateway is a user-friendly solution. Functionality-wise, we never experience any threats, and we also face no issues with the bandwidth. We are currently using load balancing, which is running smoothly.

The solution has complexity with the databases, and we have to manually clear old data logs.

I have been using Forcepoint Secure Web Gateway for two years.

I rate the solution’s stability an eight out of ten.

The solution is suitable for all company sizes, including small, medium, and enterprise businesses.

I rate the solution an eight out of ten for scalability.

The technical support team needs to improve its engineer count because fewer engineers are working in the support team.

Positive

I would recommend Forcepoint Secure Web Gateway to other users.

Overall, I rate the solution an eight out of ten.

I use this product for email filtering.

The spam filter is very effective.

It does a good job of detecting ransomware links in email and then blocking them.

We have a lot of false positives, which is one area that can be improved. At the same time, there is a lot of spam that still gets by the filter.

The engine should be enhanced because some malware still gets by the filter.

The login for emails should be more advanced.

I have been using Forcepoint Web Security for four years.

This service is very stable.

It is easy to scale. I can set up more than one Exchange server and more than one domain. We have about 600 users in the company and we do not plan on increasing at this time.

We obtain support from the local partner, rather than from Forcepoint directly.

Prior to this, I was working with Websense. 

It is a cloud-based deployment so the initial setup is not complex. There are a couple of things to configure, pointing them to your mail servers, but it is easy and straightforward. 

We only require a single person for maintenance.

The price of this product should be reduced to make it more competitive.

In summary, this is a good product and I highly recommend it. However, it is important to remember that suitability will vary depending on the environment.

I would rate this solution a nine out of ten.

The use case is that they don't want a proxy on-premises. They want everything to be on the cloud, with all processing happening before it reaches the firewall. Typically, in a traditional scenario, when I try to access a website like gmail.com, the request goes through the firewall. The router, and is cached, with multiple security measures applied on-premises. Forcepoint handles all these processes on the backend, so the customer doesn't need to worry about on-premises infrastructure. 

Everything is handled on the backend side. Users don't need to have any proxy on-premises. The solution handles all the dirty or initial traffic from their network, managing it on the backend itself.

The technical support needs to be improved.

It simplifies security by enabling partners to implement it straightforwardly. DLP is essential and requires capable engineers for effective deployment. Currently, opportunities may involve high implementation costs, handled either by distributors or directly by Forcepoint.

I have been using Forcepoint Secure Web Gateway as a reseller. We are selling Forcepoint V5000 appliances.

Stability depends upon connectivity. If your connectivity is good, you get the best stability.

I rate the solution’s stability a nine out of ten.

You need to add the number of users and configure them. 5000 users are using this solution. It is suitable for enterprise customers.

I rate the solution’s scalability an eight out of ten.

Forcepoint offers two levels of support: standard support and premium support. With standard support, you can open a ticket, but you may need to wait up to 24 hours for a response, and sometimes the engineers might not be available promptly. Premium support, which comes at a higher price, promises quicker response times. There is a lack of qualified engineers and partners to implement the Secure Web Gateway.

Neutral

The initial setup is difficult. Integrating it involves connecting with multiple parameters such as data servers, file servers, and email management systems. This integration process can be pretty complex and challenging.

Forcepoint Secure Web Gateway can typically be installed within one day for a hundred users. However, for larger deployments, such as 1,000 or 5,000 users, the installation process may require at least a month.

The product has average pricing.

I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

If you want to deploy Forcepoint Secure Web Gateway on-premises, you'll need a server, a switch, and a firewall, among other components. This setup involves significant initial investment, which affects ROI and total cost of ownership. While a proxy can handle some aspects, it doesn't provide the comprehensive security features that Forcepoint offers.

Overall, I rate the solution an eight out of ten.

We use the product for DLP and POS protection. 

The tool categorizes the user profiles which is very comfortable. 

The product needs to have more mobility. 

I have been working with the product for four years. 

I would rate the tool's stability a nine out of ten. 

The solution's scalability is good and my company has 1000 users for it. I would rate the tool's scalability an eight out of ten. 

The product's setup is straightforward. 

The solution's price is good. 

I would rate the product a nine out of ten. 

The biggest issues within the product were that it had become stagnant. For about four or five years, there was very little real innovation going on.

It felt as if they were just sitting back. They were lacking in regards to keeping up with the developments within the cloud. 

Overall, I think they had a good, solid product. I think they failed to add features. It was not as feature-rich as other products. I would say the biggest problem was the lack of features, they just hadn't kept up. Under Raytheon, they were starting to correct this, but it was a work in progress. Overall, the biggest problem with the product itself was the lack of features.

I knew that they needed to handle web sockets in some way, all we could do was effectively bypass it. There were too many times when the connections just didn't work right through the proxy. Our customers would have to bypass and basically go around the product. There were various levels to this and it was a real pain for our customers to diagnose those problems. There needed to be an end-product protocol analyzer output (for lack of a better way to put it), that would help administrators understand why the connection wasn't working.

There was so much legwork involved: someone would have to take a laptop and set up in front of the proxy; then they would have to load Wireshark (as I used to call it) and pull their captures; then they would have to give that to Forcepoint, or they would have to try to reason it out themselves. That caused a lot of problems because most administrations weren't confident or competent enough to do it.

They didn't have the skill-set needed to make proper use of those tools in the first place for analysis. There were a lot of customers who could've gotten value from the product but who were put in a position where they had to basically bypass the product because of certain connections. Some form of connection-troubleshooting should be included within the product, more than just looking at a log that nobody knows how to read except for support. 
There was no way to troubleshoot connections in an effective manner that didn't require a lot of legwork by the user. Whenever you ask a user to do that, nine out of 10 times, they're not going to do it. They're just going to take the easy way out, bypass it, and then they'll bitch about the product, but they won't actually fix it. They won't want to make the extra effort. The problem just remains unsolved. They needed something like a connection analyzer tool to explain why, or at least give a better indication of why this was failing.

Again, it was the lack of development. The GUI is quite nice. I think it's very natural for people once they get used to it. Ironically, the company I'm working for now is actually POCing the DOV product and one of the things they like is the interface. They had a lot of good synergy with their other products. They failed to capitalize on it, ultimately. They're getting there. They got better, but it might be too little too late. That's the problem.

I have been using this solution for nine and a half years.

Forcepoint Secure Web Gateway was pretty stable.

Scalability-wise, It was pretty good. We had deployments that were easily over 10,000 — it could handle it if you scaled it properly with the right hardware. There were deployments that were 34,000 at that point. Now, with very large enterprises (with over 60,000 employees), that's where it starts to get a little tricky. They managed to get the product to that point but it was not cheap either, but it was achieved on the scale pretty well.

The biggest issue that hampered Forcepoint was the lack of development and good consistent support. Because of this, they went from 50,000 to 60,000 customers, down to 16,000 in the space of about three years.

That's a huge drop. A lot of that came down to Palo Alto and a couple of others jumping in the game with filtering but at the same time, Forcepoint had people who were loyal, but they were giving up because of the support situation. 

I constantly dealt with customer support. There wasn't a week that went by where I didn't have to talk to somebody.

They knew me by name and I knew them by name and we were all one big happy family, but when they moved from San Diego to Austin, they lost people.

They gave good, consistent support for about a year, but then they began losing staff because they weren't paying enough. They hired a bunch of people and claimed that they adjusted their wages, but then the same cycle occurred another year later.

That's been the biggest problem. It wasn't the product that caused them to lose people (even though they had some innovation issues), it was the support. At the end of the day, the innovation was causing them to look weak in customers' eyes; when you couple that with the support problems, that's when they started really losing customers.

The initial setup was pretty straightforward.

In fact, you could literally load it, install it, and have it up and working in no time. All you had to do was point a browser to it and you could prove it worked. Now, if we wanted to take it and fully integrate it onto the network, then nine times out of ten, we used one particular method called WCCP.

Overall, on a scale from one to ten, I would give this solution a rating of seven. 

The product was sitting at about a seven. Support was dragging it down to a six. So, if I had to be honest, they had some very good analytics — just counting the product itself, I would say it's a seven.

It wasn't perfectly stable, but it was pretty good. I would say it would need to be more feature-rich. It would need to be more helpful for troubleshooting problems with connections and it would need more stability — then I would give it a higher rating. Under all of those things, it's the support that's the problem because that's a different question from the product itself — it's the Achilles heel.

• Reporting
• Custom Block Pages
• AD integration

It allowed our company to not worry about the security of a page, but talk more about the content and the productivity of specific types of web categories.

Allow for faster exemption of websites or the ability to reclassify websites.

Five years.

None.

None.

None.

Great. They made sure that we were choosing the right version and helped us understand the tradeoffs between their different deployment strategies.

Great. I had only a few issues after rollout and their tech support was quick to help.

Cisco Web Security. The AD integration was lacking. The speed was also lacking.

It was straightforward, since I had deployed it at my previous company. The engineer assigned to our deployment was also on hand to make sure that I followed the updated best practices.

In-house with vendor support.

It is a well-priced option.

Zscaler, Barracuda, Sophos, and Cisco Web Security.