There are various modules to secure a public cloud, such as Cloud Security Posture Management. You might have seen these features available if you've reviewed solutions like Zscaler or Netskope. A full-fledged CASB should be manageable. However, the tool does not seem to offer complete public cloud visibility. While it provides some cloud visibility and can manage API traffic for Web 2.0, it lacks a specific module for securing public cloud environments. Forcepoint CASB had a good reputation before being acquired by a reseller. However, there were significant issues in their data center last year, primarily network issues and failover problems. These issues were resolved when a new key person joined the organization. While support is generally good, there are instances where they don't accept responsibility for issues, instead attributing them to the user's environment. I had such issues twice in my lifetime, where it took almost one and a half years to resolve. Support is a concern as they sometimes take too long. They are now moving to Forcepoint ONE. The previous solutions, like Forcepoint Endpoint Client, Proxy Connect, and Direct Connect Client, had issues. The new solution, which auto-switches between Proxy Connect and Direct Connect, also didn't work well and wasn't compatible with the environment. Forcepoint CASB often pushed the responsibility to the customer. I haven't tested Forcepoint ONE yet, so I can't comment. Additionally, they aren't innovating much in Proxy Connect.
Regional Solutions Manager at a tech services company with 11-50 employees
Real User
Top 20
2023-02-16T13:58:00Z
Feb 16, 2023
Some IDPs, such as Azure AD, are not compatible at the moment. It becomes a problem just to authenticate with Azure AD. I hope they will look into it. For Fort Knoxville, the agent is different from the DLP. If I'm a Forcepoint user, then I would need to have Forcepoint DLP. At the moment, I cannot greet the same agent. There is a kind of system for agents, but there are already things on my system that keep being loaded. There are the EDRO agents and some more agents. They should work on the possibility of consolidating all of the products with the group of agents. That should solve the problem of having multiple agents.
We are not happy with the solution. If you look at this kind of CASB solution or Palo Alto in-line solution, these solutions are integrated into the Secure Web Gateway or firewalls. Basically, the firewall with Palo Alto, or the secure gateway with Zscaler, the code-based secure gateway, it's also the CASB solution. With Forcepoint, the secure gateways are separate from the CASB. So basically, this is one thing that is really impactful, that the Secure Web Gateways and the CASB solution are not one and the same basically. And in many cases, the secure gateways can take the user traffic and send it to the CASB, however, this ups the latency, basically. The Forcepoint CASB and the Forcepoint Secure Web Gateway should be under the same roof. We've had latency and performance issues. When using the Forcepoint CASB, and you are a remote worker, basically not in the office, you have to have an agent on your computer, a Forcepoint agent. However, with many other CASB solutions, they can integrate with MDM. If the device is in there in the MDM, there's no need for another agent to be installed on the computer.
Regional Solutions Manager (Sub-Sahara Africa) at Infodata
Real User
2022-05-29T12:53:00Z
May 29, 2022
It could be more robust, especially around custom applications. We've not really seen value around our custom applications, most especially when these applications are hosted on-premise. If there's a way Forcepoint can do something to ensure that the CASB also protects applications that are hosted on-premise, that would be ideal. Currently, basically, cloud-hosted applications, that are internet-facing are protected. If we can also have a CASB sit in front of our on-prem hosted applications, it would be massive. Forcepoint removed the ability to scan for unsanctioned applications on the CASB. Initially, CASB used to have that feature where you can scan for the applications and be able to support unsanctioned applications being used by the user. They moved it to another product. If there is an opportunity to speak to the product managers and get some features back, that would be ideal.
Professional Services Coordinator at a tech vendor with 11-50 employees
Reseller
2021-07-13T15:14:43Z
Jul 13, 2021
There's lots of room for improvement with the product as a lot of the backend code hasn't been kept up with very well. They break it, and they don't fix it right. It's starting to shape up a little bit, as they went with new gateways that we're using. However, if I was to sell a CASB product brand new to somebody, I would sell them Netskope. I wouldn't sell them Forcepoint. That's just dealing with the backend; it still needs some time to mature. Forcepoint got acquired this year by another company, so they're going through a lot. They've lost a bunch of people, and therefore, they're kind of going through some growing pains again. The solution needs to be easier to install, and they need to clean up the backend, so stuff doesn't break. That's been the biggest problem.
Forcepoint CASB (Cloud Access Security Broker) is a security solution which is designed to secure and monitor the use of cloud services within an organization. It helps organizations gain visibility and control over the cloud applications and services being used by their employees. Forcepoint CASB integrates with cloud service providers' APIs and employs various techniques such as traffic analysis, proxying, and API-based controls to provide security and visibility into cloud application...
There are various modules to secure a public cloud, such as Cloud Security Posture Management. You might have seen these features available if you've reviewed solutions like Zscaler or Netskope. A full-fledged CASB should be manageable. However, the tool does not seem to offer complete public cloud visibility. While it provides some cloud visibility and can manage API traffic for Web 2.0, it lacks a specific module for securing public cloud environments. Forcepoint CASB had a good reputation before being acquired by a reseller. However, there were significant issues in their data center last year, primarily network issues and failover problems. These issues were resolved when a new key person joined the organization. While support is generally good, there are instances where they don't accept responsibility for issues, instead attributing them to the user's environment. I had such issues twice in my lifetime, where it took almost one and a half years to resolve. Support is a concern as they sometimes take too long. They are now moving to Forcepoint ONE. The previous solutions, like Forcepoint Endpoint Client, Proxy Connect, and Direct Connect Client, had issues. The new solution, which auto-switches between Proxy Connect and Direct Connect, also didn't work well and wasn't compatible with the environment. Forcepoint CASB often pushed the responsibility to the customer. I haven't tested Forcepoint ONE yet, so I can't comment. Additionally, they aren't innovating much in Proxy Connect.
Some IDPs, such as Azure AD, are not compatible at the moment. It becomes a problem just to authenticate with Azure AD. I hope they will look into it. For Fort Knoxville, the agent is different from the DLP. If I'm a Forcepoint user, then I would need to have Forcepoint DLP. At the moment, I cannot greet the same agent. There is a kind of system for agents, but there are already things on my system that keep being loaded. There are the EDRO agents and some more agents. They should work on the possibility of consolidating all of the products with the group of agents. That should solve the problem of having multiple agents.
I'd like to see different ways to authenticate users, perhaps different types of authentication.
We are not happy with the solution. If you look at this kind of CASB solution or Palo Alto in-line solution, these solutions are integrated into the Secure Web Gateway or firewalls. Basically, the firewall with Palo Alto, or the secure gateway with Zscaler, the code-based secure gateway, it's also the CASB solution. With Forcepoint, the secure gateways are separate from the CASB. So basically, this is one thing that is really impactful, that the Secure Web Gateways and the CASB solution are not one and the same basically. And in many cases, the secure gateways can take the user traffic and send it to the CASB, however, this ups the latency, basically. The Forcepoint CASB and the Forcepoint Secure Web Gateway should be under the same roof. We've had latency and performance issues. When using the Forcepoint CASB, and you are a remote worker, basically not in the office, you have to have an agent on your computer, a Forcepoint agent. However, with many other CASB solutions, they can integrate with MDM. If the device is in there in the MDM, there's no need for another agent to be installed on the computer.
It could be more robust, especially around custom applications. We've not really seen value around our custom applications, most especially when these applications are hosted on-premise. If there's a way Forcepoint can do something to ensure that the CASB also protects applications that are hosted on-premise, that would be ideal. Currently, basically, cloud-hosted applications, that are internet-facing are protected. If we can also have a CASB sit in front of our on-prem hosted applications, it would be massive. Forcepoint removed the ability to scan for unsanctioned applications on the CASB. Initially, CASB used to have that feature where you can scan for the applications and be able to support unsanctioned applications being used by the user. They moved it to another product. If there is an opportunity to speak to the product managers and get some features back, that would be ideal.
There's lots of room for improvement with the product as a lot of the backend code hasn't been kept up with very well. They break it, and they don't fix it right. It's starting to shape up a little bit, as they went with new gateways that we're using. However, if I was to sell a CASB product brand new to somebody, I would sell them Netskope. I wouldn't sell them Forcepoint. That's just dealing with the backend; it still needs some time to mature. Forcepoint got acquired this year by another company, so they're going through a lot. They've lost a bunch of people, and therefore, they're kind of going through some growing pains again. The solution needs to be easier to install, and they need to clean up the backend, so stuff doesn't break. That's been the biggest problem.
Integration is an area of the solution that needs to be improved.