Forcepoint Data Loss Prevention Review

Alerts us about transmission of prohibited PCI or PII data, and we can outright block it, depending on our thresholds


What is our primary use case?

We use it mostly for endpoint protection of PCI information, as well as PII, such as social security numbers.

We have a hybrid system, in that we utilize the cloud as well as our on-premises appliances. Depending on where the customer is, if they're on-premises or if they're working from home or elsewhere, we have that covered with the hybrid solution. Forcepoint has its product available in the cloud and we use the on-premises side when the data is going through the appliances.

How has it helped my organization?

The greatest benefit is the detection, detecting either accidental or unauthorized transmission of certain kinds of PCI or PII data that we prohibit. It's very useful to get that from alerts. We can also block them outright, depending on what threshold we have set. That's the most useful thing about DLP, that it prevents unauthorized usage of that kind of data.

What is most valuable?

Some of the built-in rules, templates, and content classifiers are among the most valuable features. Some of the built-in patterns are good places to get started with. Along with the phrases, they are helpful in putting together policies and fine-tuning our policies. A good example of that would be certain kinds of credit card data. They have a lot of algorithms available to fine-tune what exactly you're looking for, whether it be credit cards from Mexico, or US credit cards, et cetera. They have a good database of those types of predefined algorithms, ways to detect things, and the specific information you're looking for.

These features are valuable because they work and seem to be picking up the right data. They seem accurate. It's also convenient to be able to choose them and not have to figure it out myself or create my own. That goes a long way toward fine-tuning our policies.

What needs improvement?

The user-friendliness of the interface in formulating DLP policies could be improved. An example would be managing policies. It's a little daunting at first, and can be confusing, at times, when it comes to how to set things up and how to add policies. They could improve on that.

Overall, I would like to see them modernize. I'm on version 8.5, so there are newer versions out. They may have done that already. I'd have to demo the newer versions.

We're planning on upgrading this year to 8.6. I believe that in going to 8.6, we will be gaining some additional features. The newer versions will have better detection capabilities with improvement to their algorithms.

For how long have I used the solution?

I have been using Forcepoint Data Loss Prevention for about five years or six years.

What do I think about the stability of the solution?

The on-premises solution is high-availability. The appliances that we've used are very stable. They just keep running. We have had very few issues with the appliances in terms of failure. In those situations, they were more on the hardware side. They just needed a reboot and that fixed things. Overall, the stability is good for on-premises. 

In terms of the cloud side, availability doesn't come into play as much because we don't change policies that often. We don't modify the policies on a day-to-day basis. We might modify a policy once a week or once every month, at the most. The client or endpoint really just needs to receive that update once, and it's pretty much good to go. So we're not relying too much on the cloud availability, except for that initial update for each endpoint. The cloud availability is going to be more relevant on the web side of the product, where you're going to want continual web access, filtering, et cetera.

What do I think about the scalability of the solution?

One feature that I'm getting ready to take advantage of more is the ability to add more data crawlers to the DLP on-prem environment, without any extra Forcepoint costs or licensing needed for that additional data server. That will help in reducing the stress on the data server that we're using now. It will help manage all the policies, the clients that connect to it, and all of the network discovery tasks, especially. They will all be handled much more efficiently when we spread the load. We're looking to add an extra one or two Windows Servers for that, so the additional cost would just be related to the Windows setup.

How are customer service and technical support?

Forcepoint's technical support for the solution is excellent. The technicians that I have dealt with have been with their company for a long time and they know their product inside and out.

Which solution did I use previously and why did I switch?

There has been no other similar solution here, as long as I have been with the company. I started off with a sister company, and they actually used a very early version of Websense, which is what Forcepoint used to be called before it became Forcepoint. That means we have never used a competing vendor.

How was the initial setup?

I was not involved in the initial deployment, but we've had it ever since I've been on the team here. I've been managing it ever since. I was there for the initial deployment in one of our sister companies. It wasn't anything unusually difficult. It just required installing some hardware and getting all the firewall rules worked out. Once you get all that in place, everything usually works pretty well. That's been my experience, even with upgrades. Most of the time our issues have been firewall blocks within our own company. That's usually the biggest hurdle, overcoming our firewall-related issues.

We use it on about 5,000 endpoints and we have two people who administer  it. They're both information security analysts.

What was our ROI?

I don't have ROI numbers. I base everything on: "Am I getting the support that I need?" And the answer is "yes."

Which other solutions did I evaluate?

We have never looked at other solutions at a PoC level.

What other advice do I have?

What I can recommend is getting the highest tier of support that you can afford, because it's absolutely critical. I don't know how I would do everything if I had to submit a request and wait several days for it. I don't know how I would keep things going in that situation. With a higher level of support you can call someone and you also have someone who is managing your account. That's also really nice, because you get some extra benefits out of that.

I'm very satisfied and would rate it at nine out of 10.

Which version of this solution are you currently using?

8.5.1.6
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Forcepoint Data Loss Prevention reviews from users
...who compared it with Symantec Data Loss Prevention
Learn what your peers think about Forcepoint Data Loss Prevention. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,946 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest