Forcepoint Data Loss Prevention Review

Easy to configure and offers good support


What is our primary use case?

We use Forcepoint primarily for data loss prevention and detection.

What is most valuable?

The ease of configuration was probably one of its biggest selling points. I know that we took a long time to get it configured properly but it just takes a while. It's a big tool and it does a lot of work.

What needs improvement?

I don't know where they are going as an organization vendor, because my job ends the moment its implemented, so I would go onto other things.

If I were a betting man, though, I would say that they're going to have to find a way of creating what we call multitenancy, because if for example we have a constituency group set of users who don't work for the department and they contract out, then our work with them is highly sensitive. Being able to separate in segment amounts separately from our core would help. We could use better ways of customer or users segmentation capabilities.

For example, if I wanted to push a report by a certain organizational entity or unit, I wouldn't be able to do that without a lot of work. The reporting could be better.

For how long have I used the solution?

We've been using Forcepoint for about 18 months.

What do I think about the stability of the solution?

I think it's going to be hard to beat if they ever decide to replace it. Forcepoint is a pretty good product, we're all pleased with it.

What do I think about the scalability of the solution?

I think it is pretty scalable, at least to the point that we've deployed it to.

We have a workforce of 1,300, of which we have deployed to approximately 800. We also have another set of users who don't work for the department but are contracted out through our agents and sub-agents and they handle the vehicles. We have not deployed to their devices yet, so we have both endpoint and central server data loss prevention technology in place.

We can tell you where anybody went, when they went, how they went, and what they used to get there.

Everybody uses it whether they know it or not, we put out reports monthly on what we call PII information (Personally Identifiable Information). If you know anything about data loss prevention and detection, anytime someone hits a website or even tries to go on, it's logged and captured and we know who went where and what they did, we know what files they looked at and what files they sent, so more power to you. If you want to try something go for it.

We have a CISO, six ISOs (information security officers) or analysts, and over fifteen field service personnel who can work with it. We are pretty broad that way and deep. We have got quite a number of people. Our ISO team itself is comprised of six individuals, a CISO and five analysts.

Security doesn't stop, nor does the pervasiveness of data and its ubiquitous nature. Here at this organization, we don't stop security. We expand it to cover other avenues or channels that come into play. We cover other data structures that are created when another solution takes off. We don't stop simply because it is implemented. It's an ongoing tailored activity we do all the time.

We have six people whose job is just this. Just like technology, we have to stay with it. You can't just throw it up and forget about it. It grows and the rules and policies need to be modified. What people need to remember is that public service is at the whim and fancy of our constituency groups. We report to the legislator, the governor's office, and the citizens of the state. As such, when we put in a system, it has to comply not only with federal regulations but also with state legislators' intent, as well as the governor's office. That is the difference and that is why we take security really personally here.

How are customer service and technical support?

I have heard good things of the support that Forcepoint gives us, so I would have to say that its good.

I don't work with the product directly but I am very well attuned to what they are doing.

If you previously used a different solution, which one did you use and why did you switch?

I don't believe that we had a DLP in place prior to now.

We had security, but two and a half years ago our agency set out to really step up its information security program.

During that time we have made major investments, in process, like data classification, security concerns, risk assessments, risk management, etc. We do this for a living, so it is important to us.

There were products out there for data loss prevention technology, but we didn't believe that they had yet achieved the maturity that they have today, so it would have been premature to pull something in sooner.

The marketing in and of itself is growing, expanding, and changing. Wait until you get ready to do business intelligence and artificial intelligence and try to secure that when it can bypass you on its own. Give learning machines enough instructions and they will figure a way out.

How was the initial setup?

To the best of my knowledge, the initial setup was pretty straightforward. We also had quite a bit of coaching that was done for us by the vendor.

What about the implementation team?

We are still working on deployment. It's going to take two to two and a half years. 

It all depends on the political climate that we're in. We are not a normal state agency. We do not have one constituency group, we have multiple constituency groups. We license vehicles, drivers, and professionals, such as lawyers, attorneys, landscapers, architects, etc.

In addition to all of that, we also have a lot of partnerships with law enforcement agencies, courts, lawyers, and insurance companies, so we do a lot of highly technical security programming here. 

We don't just throw it out. We are methodical in how we do this.

We didn't use an integrator reseller or consultant for the deployment. We are doing it our selves.

What other advice do I have?

If I were to give some advice, I would say don't try to do it all at once, it won't work. Know that you're going to go. It's different from building line-of-business solutions. Whereas from a line-of-business solution you work from the outside in, with security programs you work from the inside out. You have to get your data governance in place, as well as information security governance. You need to assign who will be responsible. Decide who to send information to if something does happen. All that has to happen before you begin trying to bring in a system.

You have to know your organization well enough to be able to configure a product to make effective use of it. Don't do it unless you have the guts to do it.

I would rate this solution as eight out of ten. There are better solutions, but this was better when it came out. When it did come out, this was the best solution we could find. At the same time, I don't know if I would rate anything else higher than that now, either. Every security tool that we have seen has pluses and minuses, advantages and disadvantages.

Another reason we didn't go with the IQ or any management type of component is the deconstruction and the reconstruction of existing security roles. The biggest problem information security has today is the decoupling and deconstruction of active directory designated accounts which for all practical purposes were based on functionality. One role can have multiple pieces of functionality associated with it, so going to a role-based type of solution muddies the waters.

The vernacular needs to change to be more adaptable if they're gonna put out the configuration types of solutions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email