Forcepoint Data Loss Prevention Reviews

We use Forcepoint primarily for data loss prevention and detection.

The ease of configuration was probably one of its biggest selling points. I know that we took a long time to get it configured properly but it just takes a while. It's a big tool and it does a lot of work.

I don't know where they are going as an organization vendor, because my job ends the moment its implemented, so I would go onto other things.

If I were a betting man, though, I would say that they're going to have to find a way of creating what we call multitenancy, because if for example we have a constituency group set of users who don't work for the department and they contract out, then our work with them is highly sensitive. Being able to separate in segment amounts separately from our core would help. We could use better ways of customer or users segmentation capabilities.

For example, if I wanted to push a report by a certain organizational entity or unit, I wouldn't be able to do that without a lot of work. The reporting could be better.

I think it's going to be hard to beat if they ever decide to replace it. Forcepoint is a pretty good product, we're all pleased with it.

I think it is pretty scalable, at least to the point that we've deployed it to.

We have a workforce of 1,300, of which we have deployed to approximately 800. We also have another set of users who don't work for the department but are contracted out through our agents and sub-agents and they handle the vehicles. We have not deployed to their devices yet, so we have both endpoint and central server data loss prevention technology in place.

We can tell you where anybody went, when they went, how they went, and what they used to get there.

Everybody uses it whether they know it or not, we put out reports monthly on what we call PII information (Personally Identifiable Information). If you know anything about data loss prevention and detection, anytime someone hits a website or even tries to go on, it's logged and captured and we know who went where and what they did, we know what files they looked at and what files they sent, so more power to you. If you want to try something go for it.

We have a CISO, six ISOs (information security officers) or analysts, and over fifteen field service personnel who can work with it. We are pretty broad that way and deep. We have got quite a number of people. Our ISO team itself is comprised of six individuals, a CISO and five analysts.

Security doesn't stop, nor does the pervasiveness of data and its ubiquitous nature. Here at this organization, we don't stop security. We expand it to cover other avenues or channels that come into play. We cover other data structures that are created when another solution takes off. We don't stop simply because it is implemented. It's an ongoing tailored activity we do all the time.

We have six people whose job is just this. Just like technology, we have to stay with it. You can't just throw it up and forget about it. It grows and the rules and policies need to be modified. What people need to remember is that public service is at the whim and fancy of our constituency groups. We report to the legislator, the governor's office, and the citizens of the state. As such, when we put in a system, it has to comply not only with federal regulations but also with state legislators' intent, as well as the governor's office. That is the difference and that is why we take security really personally here.

I have heard good things of the support that Forcepoint gives us, so I would have to say that its good.

I don't work with the product directly but I am very well attuned to what they are doing.

I don't believe that we had a DLP in place prior to now.

We had security, but two and a half years ago our agency set out to really step up its information security program.

During that time we have made major investments, in process, like data classification, security concerns, risk assessments, risk management, etc. We do this for a living, so it is important to us.

There were products out there for data loss prevention technology, but we didn't believe that they had yet achieved the maturity that they have today, so it would have been premature to pull something in sooner.

The marketing in and of itself is growing, expanding, and changing. Wait until you get ready to do business intelligence and artificial intelligence and try to secure that when it can bypass you on its own. Give learning machines enough instructions and they will figure a way out.

To the best of my knowledge, the initial setup was pretty straightforward. We also had quite a bit of coaching that was done for us by the vendor.

We are still working on deployment. It's going to take two to two and a half years. 

It all depends on the political climate that we're in. We are not a normal state agency. We do not have one constituency group, we have multiple constituency groups. We license vehicles, drivers, and professionals, such as lawyers, attorneys, landscapers, architects, etc.

In addition to all of that, we also have a lot of partnerships with law enforcement agencies, courts, lawyers, and insurance companies, so we do a lot of highly technical security programming here. 

We don't just throw it out. We are methodical in how we do this.

We didn't use an integrator reseller or consultant for the deployment. We are doing it our selves.

If I were to give some advice, I would say don't try to do it all at once, it won't work. Know that you're going to go. It's different from building line-of-business solutions. Whereas from a line-of-business solution you work from the outside in, with security programs you work from the inside out. You have to get your data governance in place, as well as information security governance. You need to assign who will be responsible. Decide who to send information to if something does happen. All that has to happen before you begin trying to bring in a system.

You have to know your organization well enough to be able to configure a product to make effective use of it. Don't do it unless you have the guts to do it.

I would rate this solution as eight out of ten. There are better solutions, but this was better when it came out. When it did come out, this was the best solution we could find. At the same time, I don't know if I would rate anything else higher than that now, either. Every security tool that we have seen has pluses and minuses, advantages and disadvantages.

Another reason we didn't go with the IQ or any management type of component is the deconstruction and the reconstruction of existing security roles. The biggest problem information security has today is the decoupling and deconstruction of active directory designated accounts which for all practical purposes were based on functionality. One role can have multiple pieces of functionality associated with it, so going to a role-based type of solution muddies the waters.

The vernacular needs to change to be more adaptable if they're gonna put out the configuration types of solutions.

I am using Forcepoint Data Loss Prevention for security.

We have not implemented the solution fully and it is still being configured.

The solution is stable overall.

The implementation could be improved.

I have been using Forcepoint Data Loss Prevention for approximately three months.

I did not experience any crashes. The solution has been stable in my usage.

I rate the scalability of Forcepoint Data Loss Prevention a four out of ten.

I have used the support from Forcepoint Data Loss Prevention.

I rate the support from Forcepoint Data Loss Prevention a seven out of ten.

Neutral

I have used a similar Microsoft solution to Forcepoint Data Loss Prevention, and the Microsoft solution was better. However, we were using Forcepoint Data Loss Prevention because we had a contract.

The initial setup of Forcepoint Data Loss Prevention is of medium difficulty level.

I have not seen an ROI at this time. I have only used the solution for a short time. I would need approximately one year to determine the ROI.

The price of the solution is expensive.

I rate Forcepoint Data Loss Prevention a five out of ten.

The primary use case is to protect sensitive data going out of the organization and helping the team to manage the incidents to create few to no false-positive incidents. 

Mac users can use Forcepoint DLP without any problem. They can create user-defined policies rather than using pre-defined ones. Using the fingerprinting policy can safeguard any data kept on a particular drive. We're using OCR to protect data being sent out through images implementing discovery policies to check if any particular file is been shared.  

The Forcepoint DLP is such a useful tool for organizations as it protects sensitive data with multiple kinds of functionality such as OCR and an analytics engine (which helps determine if any sensitive data is in danger of policy violations). It's easy to determine the incidents that have been triggered. This has helped to identify what sensitive data has been shared. The only part where it didn't work so well is during agent upgrading. If we automatically try to upgrade the agent it causes a lot of problems.

With OCR and Risk Analysis, we are able to determine if anything sensitive is been shared. OCR helps us to safeguard those things and with risk ranking, we can determine which user is trying to violate policies multiple times even though they have been blocked to him or her. It does require additional servers, as the processing and result of the incident is high, however, it's worth using to see all the use cases being met with these two features as well. They are the best features provided by Forcepoint.

The feature which needs improvement is the Forcepoint agent upgrading. When you automatically try to upgrade the agent it causes problems. For example, the system starts to behave abnormally or the agent is unable to communicate with the policy engine. If we try to upgrade to new version with the old version running, sometimes it works without any issue, but sometimes it causes a lot of issues and it gets disconnected from the DLP servers. 

You can see incidents via delays on the console even if the agent is properly installed and connected with the proper policy updates.

I've used the solution for two years.

The most valuable feature of this solution is that it captures where the data is being moved.

Forcepoint is the one I see most frequently mentioned in a lot of webinars or insider threat discussions. 

It is a product that is commonly referenced.

Everything takes a long time, as it does in every software company, especially since COVID. That is something I notice with every product I use.

I have been working with Forcepoint Data Loss Prevention for three years.

We are working with the most up-to-date version.

Forcepoint Data Loss Prevention is a stable solution.

Forcepoint Data Loss Prevention is scalable.

It is widely used throughout the business.

Response time is slow.

The initial setup is typically straightforward. 

It is unique to every environment. Some things break when you set up a new network or system. It's trial and error.  

Compared to other products, it wasn't overly complicated, It is the same or standard.

I would rate Forcepoint Data Loss Prevention a seven out of ten.

It is a good product. 

I am not overly excited about it, but I believe that all of the software has the same issues that I do.

It is the same problems I have had with other software, such as the customer service being slow, something breaking, or there's a patching issue. 

We do managed services. We analyze customers' requirements, and then we suggest a proper DLP or endpoint data protection solution. We have implemented Forcepoint DLP and Forcepoint Web Gateway for multiple customers.

Forcepoint DLP helped a lot when an incident was created and we tried to have an auto-remediation of the incident. For DLP, an incident is a key factor. DLP is meant to generate an incident, and that incident should be managed. If no one is managing the incident, DLP is of no use. Forcepoint has an email workflow. It provides email incident remediation wherein an automatic email is generated for the manager. If a person violates a policy, we can configure it in a way that one email is sent to the manager. One email will also go to the end-user. The end-user can again analyze the activity and give us feedback about whether it was a genuine business need and we should release that email, or whether it was a mistake and we should quarantine that email. The decision is made by the manager or by the end-user who sent the email. This helped a lot and reduced the incident count. It was very helpful to have such a report and to be able to say that the end-user was aware of the fact that this email has been quarantined. After providing the legal justification, the email was released by him. It reduced 40% of incidents for emails. This kind of feature is not available in other DLP solutions, and I really appreciate having that feature.

The workflow remediation is quite good. That is a key feature because of which it has the upper hand over other DLP solutions.

Endpoint protection, web protection, network protection, and storage use are valuable features. Among these, endpoint protection is most valuable.

It has good policies and good mechanisms to detect incidents.

They can have less memory consumption for their endpoint channels. They are not that adaptive with other endpoints solutions like EPP and EDR. They can improve in this aspect. 

Their discovery or the way they discover the data at risk can also be improved. There are many database servers that are not supported by Forcepoint.

Their login mechanism to find out the issue is another thing they need to improve. We would like to have the finest login to figure out what exactly is happening and why we are not able to communicate with the detection server. One of the products I have used is better in this aspect. We can have the finest level login, and we can figure it out, but I haven't found such an option in Forcepoint. 

I have been into DLP technology for the last eight years. I have been using Forcepoint for three years.

I have worked with another DLP solution in and out, and I find that solution to be more stable than Forcepoint. Once you implement a policy in that solution, the policy will always function. You can be assured that the policy will be functional. With Forcepoint, I always need to check whether the policy is functional or not and whether my policy is getting synchronized on the detection server or not. There won't be any sort of end trigger if the policy synchronization was stopped. 

It is quite scalable. It is comparable to other DLP solutions in terms of scalability.

I haven't interacted that much with their support, but whenever I created a case, there was proper support. As compared to other solutions, Forcepoint's support is more technical and professional.

I have used other solutions. Many of the customers are switching to Forcepoint. They are not getting proper support from one of the vendors. So, they are switching to Forcepoint. They are getting equal or more benefits with Forcepoint, and its cost is also low.

Incident remediation is awesome in Forcepoint. One of the solutions that I used did not have incident remediation. Forcepoint again has the upper hand in terms of policies. It has nearly 1,700 policy templates that we can use. Many compliance-related and PII-related rules are readily available in those templates. Forcepoint also has a time-based policy, wherein they can detect that a policy is active within a certain period of time. This visibility is not there in other solutions. Forcepoint also supports flow data transfer analysis.

Overall, Forcepoint DLP has the upper hand. Stability and scalability are secondary. The primary thing is that an application should be usable. Forcepoint is really user-friendly, and it has multiple options. They say that they can detect the malware if data leakage is happening to malware. They do have some sort of analysis in their detection engine to detect malware.

As compared to other DLP solutions, it is quite complex because they do have their policy server and analytics server in place, and their Forcepoint manager is also there. With other solutions, we need to have an Oracle Database in place, which is not required with Forcepoint. For Forcepoint, SQL Server can be quickly installed and is ready for use.

The installation duration depends on the organization and the size of the organization. For the same set of organizations, Forcepoint will take 30% less time as compared to others. In many organizations, I have implemented it within a month, and in many organizations, the project took one year.

The implementation strategy depends on the customer, but we do follow the implementation steps, such as gathering information and then deciding which detection server to go for, where to place it, and how many counts are required. If I have more than 30,000 agents, then I definitely need to think about one more endpoint prevent server. So, it depends on the organization size and the response of the organization in terms of how quickly they adapt DLP and how friendly they are with the DLP solution. The biggest implementation that we had done had 30,000 users.

Our customers have seen an ROI. 

Its pricing is quite low considering the features they are offering. As compared to other solutions, it is reasonable. 

They do have professional support. If we need professional support, then there will be additional costs.

You definitely need to do a proper calibration of the organization and data flow analysis. Even though there are 1,700 policy templates, each and every organization will have a different set of rules and data to be analyzed. So, data flow analysis is a must with Forcepoint DLP to create a proper policy.

Cost-wise, it is a very good product. An organization should really consider this product if they are in process of DLP implementation, or if they are thinking of switching from any other DLP solution. If there is a budget constraint or you need a good DLP solution, I would definitely recommend Forcepoint DLP.

I would rate Forcepoint Data Loss Prevention an eight out of 10. There is no DLP that will score a 10.

Forcepoint DLP is a part of a data protection program. A customer will rely on a main DLP and use a complementary tool, in addition to the DLP, such as a data classification solution like Boldon James or Microsoft Information Protection. They will also complement the solution with a rights management solution like Microsoft Rights Management. Forcepoint is part of a big portfolio for data protection.

We deploy the solution at customer sites. Most of our customers are in two sectors, financial and telecom. All of our deployments are on-prem.

Among the most valuable features are the

• network DLP, which has two components 
• DLP agent installed on endpoints
• discovery, as it covers the endpoints and shared folders on servers. 

These features are important for control. A main part of DLP is its use as a tool that provides different layers of controls.

The Forcepoint tool is well developed. It is ranked in many evaluations at the top when it comes to enterprise DLP solutions. It has good artificial intelligence that enables our customers to focus on specific incidents, instead of having a complicated list of uncategorized incidents.

There is room for improvement regarding OCR. I would like to see it enhanced to handle multiple languages and it should be easier to manage.

There are also options that could be handled smartly in the tool, like the way a web data source is handled. It would be good if any downloaded document could have the same policy.

I've been using Forcepoint Data Loss Prevention for three years. We are not regular users, we are admin. We provide the solution for our customers.

The stability is good. Issues are generally related to the agent. Whenever the agent is stable, the solution is stable. Whenever there are issues, it is common for them to be connected to the agent, making the solution unstable. Based on our experience, the stability has not been very good, but it has also not been bad.

We have implemented the solution on anywhere between 1,000 and 10,000 endpoints.

We get good feedback regarding the support. They respond well and provide support whenever required. They are aware of their product in a professional way. And whenever we escalate to the highest level, we get to a suitable person who can provide us with what we require.

One thing that could be improved is that escalation could be done faster.

Neutral

I have seen Forcepoint replace Symantec or McAfee in some cases. I haven't seen any cases where a client wants to replace Forcepoint.

A mandatory process that should be done before implementing the tool is a data classification analysis and the setting of a policy for data classification. These processes are done through an analysis session with different departments. The session includes teaching them about data classification policies and getting information from them regarding the data that needs to be protected and the recommended classification level that data should have.

We then deploy the server-side in the data center and start installing a sample agent. We test this agent and we test sample policies to ensure everything is okay on the sample agent. Finally, we do a full deployment.

Maintenance, post-deployment, involves making sure the solution is updated to the latest version. It has different components, and each component should be updated to the appropriate version. The same goes for the agents on the computers. The configuration should be reviewed and maintained over time, as well. One person is enough to maintain a Forcepoint instance.

As a partner, we have seen ROI with Forcepoint. We cover our costs through licenses, implementation services, and SLAs in which we support our customers and help resolve their issues whenever they want to open cases or adjust configuration.

They are flexible regarding the pricing and they have a good model for an OEM data classification tool. This makes for good pricing. Forcepoint has been one of the most competitively priced products over the last few years.

Overall, Forcepoint has good strategy and development. It is stable and has not changed as a company for a long time. It is focused on a specific solution and that makes for a good portfolio.

We use it mostly for endpoint protection of PCI information, as well as PII, such as social security numbers.

We have a hybrid system, in that we utilize the cloud as well as our on-premises appliances. Depending on where the customer is, if they're on-premises or if they're working from home or elsewhere, we have that covered with the hybrid solution. Forcepoint has its product available in the cloud and we use the on-premises side when the data is going through the appliances.

The greatest benefit is the detection, detecting either accidental or unauthorized transmission of certain kinds of PCI or PII data that we prohibit. It's very useful to get that from alerts. We can also block them outright, depending on what threshold we have set. That's the most useful thing about DLP, that it prevents unauthorized usage of that kind of data.

Some of the built-in rules, templates, and content classifiers are among the most valuable features. Some of the built-in patterns are good places to get started with. Along with the phrases, they are helpful in putting together policies and fine-tuning our policies. A good example of that would be certain kinds of credit card data. They have a lot of algorithms available to fine-tune what exactly you're looking for, whether it be credit cards from Mexico, or US credit cards, et cetera. They have a good database of those types of predefined algorithms, ways to detect things, and the specific information you're looking for.

These features are valuable because they work and seem to be picking up the right data. They seem accurate. It's also convenient to be able to choose them and not have to figure it out myself or create my own. That goes a long way toward fine-tuning our policies.

The user-friendliness of the interface in formulating DLP policies could be improved. An example would be managing policies. It's a little daunting at first, and can be confusing, at times, when it comes to how to set things up and how to add policies. They could improve on that.

Overall, I would like to see them modernize. I'm on version 8.5, so there are newer versions out. They may have done that already. I'd have to demo the newer versions.

We're planning on upgrading this year to 8.6. I believe that in going to 8.6, we will be gaining some additional features. The newer versions will have better detection capabilities with improvement to their algorithms.

I have been using Forcepoint Data Loss Prevention for about five years or six years.

The on-premises solution has high availability. The appliances that we've used are very stable. They just keep running. We have had very few issues with the appliances in terms of failure. In those situations, they were more on the hardware side. They just needed a reboot and that fixed things. Overall, the stability is good for on-premises. 

In terms of the cloud side, availability doesn't come into play as much because we don't change policies that often. We don't modify the policies on a day-to-day basis. We might modify a policy once a week or once every month, at the most. The client or endpoint really just needs to receive that update once, and it's pretty much good to go. So we're not relying too much on the cloud availability, except for that initial update for each endpoint. The cloud availability is going to be more relevant on the web side of the product, where you're going to want continual web access, filtering, et cetera.

One feature that I'm getting ready to take advantage of more is the ability to add more data crawlers to the DLP on-prem environment, without any extra Forcepoint costs or licensing needed for that additional data server. That will help in reducing the stress on the data server that we're using now. It will help manage all the policies, the clients that connect to it, and all of the network discovery tasks, especially. They will all be handled much more efficiently when we spread the load. We're looking to add an extra one or two Windows Servers for that, so the additional cost would just be related to the Windows setup.

Forcepoint's technical support for the solution is excellent. The technicians that I have dealt with have been with their company for a long time and they know their product inside and out.

There has been no other similar solution here, as long as I have been with the company. I started off with a sister company, and they actually used a very early version of Websense, which is what Forcepoint used to be called before it became Forcepoint. That means we have never used a competing vendor.

I was not involved in the initial deployment, but we've had it ever since I've been on the team here. I've been managing it ever since. I was there for the initial deployment in one of our sister companies. It wasn't anything unusually difficult. It just required installing some hardware and getting all the firewall rules worked out. Once you get all that in place, everything usually works pretty well. That's been my experience, even with upgrades. Most of the time our issues have been firewall blocks within our own company. That's usually the biggest hurdle, overcoming our firewall-related issues.

We use it on about 5,000 endpoints and we have two people who administer  it. They're both information security analysts.

I don't have ROI numbers. I base everything on: "Am I getting the support that I need?" And the answer is "yes."

We have never looked at other solutions at a PoC level.

What I can recommend is getting the highest tier of support that you can afford, because it's absolutely critical. I don't know how I would do everything if I had to submit a request and wait several days for it. I don't know how I would keep things going in that situation. With a higher level of support you can call someone and you also have someone who is managing your account. That's also really nice, because you get some extra benefits out of that.

I'm very satisfied and would rate it at nine out of 10.

In Sri Lanka, we had more banks for DLP. However, Forcepoint offers NetApp, CASB, and endpoint DLP from a single vendor.

In Sri Lanka, we have strong governance for data. Every organization prioritizes securing personal information and customer details. Forcepoint DLP protects data within and outside the organization.

The solution could improve user ability in their firewall. It still requires regulatory compliance, which should be addressed immediately.

The product is stable.

The solution is scalable. We can add more licenses and cater to more users from the application.

Forcepoint should improve its technical support. Sometimes they take a lot of time to resolve the issues.

Neutral

The initial setup is very easy. It has only one console for multiple channels like email, network, and DLP capability.

The deployment depends on the customer’s environment. We have to configure the DLP framework for the categories. Overall, the deployment takes around one or two years for a complete DLP solution.

The product has mid-range pricing, which is worth the money.

Overall, I rate the solution a nine out of ten.