Forcepoint Secure Web Gateway Room for Improvement
Right now, Forcepoint is in very, very good shape. They are developing and evolving very fast. There is not any particular enhancement necessary.
We have had latency issues.
The cloud portal that they have should be more flexible, and we should have a practice portal. For example, if we want to implement something specific, we can’t practice making sure it will be right before going ahead and doing it live.
View full review »If there is a category of generative AI or GenAI, it is not a very detailed category, as there are many AI-based sites where data exfiltration can happen. In the category of generative AI or GenAI, the tool is not updated, and the solution has targeted only four or five sites to be included in the aforementioned category. Categories like generative AI or GenAI are not updated regularly in the solution, making it a problematic area where improvements are required.
The performance issues in the product are an area of concern where improvements are required. The proxy categories in the product have certain shortcomings where improvements are needed. The solution's proxy categories are not updated regularly. The tool's categories, like the one involving generative AI, have certain shortcomings since it does not get updated, and it is not able to target many sites that the developers use for code review, which may lead to some security breaches in the future.
Sometimes, we face reporting issues. The reporting must be improved. We do not have complete visibility. Every organization needs a report on what the users access and how much time they spend on the websites. The reporting features show whether the websites are valid or have malware.
View full review »Buyer's Guide
Forcepoint Secure Web Gateway
April 2024
Learn what your peers think about Forcepoint Secure Web Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,415 professionals have used our research since 2012.
RG
Ramkumar Gurumoorthy
Lead Integration Architect at DXC Technology
The Sandbox solution should be integrated with the NIST to handle whatever new vulnerabilities or new sites are identified as potential threats. That could be dynamically integrated and implemented in a production enrollment, just like intelligence threat production. That would help in an intruder use case.
View full review »The technical support team's response time could be improved.
View full review »I want improvements in the application control. Also, the solution should have a secure channel because of malware.
I want technical support to be improved so that they can be faster and more knowledgeable.
BS
Baljeet Singh
Subject Matter Expert at Hitachi Systems, Ltd.
Forcepoint giving only on-premises solutions and hybrid solutions.
They're also providing the Cloud Web Security, but there is limited functionality, limited categorization, and limited protection.
Stability needs some improvement, we have on occasion experienced some delay when it is synchronized.
The automation lifecycle, integration, and export functionality could all be improved.
View full review »MS
Mohammed Salhi
Security Engineer at Futuretec
A room for improvement in Forcepoint Secure Web Gateway is the support it offers. It's very bad.
What I'd like to see in the next release of the product is for it to be less complicated because at the moment Forcepoint Secure Web Gateway is more complicated than other products. Sometimes issues come up that you can't solve without the support team. For example, you should write the root password to fix the issue.
In the next release of the product, it would be good if it had an easy-to-use interface. Troubleshooting issues in Forcepoint Secure Web Gateway should be less complicated as well.
View full review »In terms of improvement, some of my clients find that certain security details could be enhanced in Forcepoint SWG. Additionally, I would suggest focusing on improving the GUI's stability, especially when implementing new filters or patches. Occasionally, there are issues with crashes during these updates, and smoother transitions would greatly enhance the user experience.
View full review »They will require a combination of other brands and other products that actually caters to the data leak portion. Forcepoint ONE, for example, covers for the data leak itself, however, it's just data leaks. In order to have comprehensive security protection for your data, you will need other products, like data encryption. You will need privileged access management and endpoint security to make the Forcepoint product more robust.
The initial setup can be complex.
View full review »CM
reviewer2203710
IT Manager at a financial services firm with 1,001-5,000 employees
The product needs to have more mobility.
View full review »MS
reviewer1833561
Technical Lead at a tech vendor with 10,001+ employees
Our experience thus far with Forcepoint Secure Web Gateway has not been good. The availability of clusters is limited, and the product is very unstable. The development team is slow as well.
There have been a lot of changes in the network at Forcepoint, and we've had downtimes of almost three hours. This happened six times from August to December.
When Forcepoint moves user traffic to another cluster during maintenance, the transaction is not smooth for end users. They lose access to the internet.
In the Middle East, the ISPs block the IPs of Forcepoint, and the Forcepoint compliance team has been unable to resolve these issues.
Forcepoint should focus on understanding how Zscaler works.
In the next release, they should provide an inbuilt, full-fledged DLP CASB feature.
Forcepoint should also work on improving their communication regarding maintenance.
View full review »I'd like to see the solution improve the banded optimization to offer more bandwidth control, similar to what is on offer with Blue Coat. For example, it would be useful if we could arrange the restriction of certain uploads for particular applications.
It would be great if they had classic customization features. I have quite good experience in Check Point solutions, so I experienced how application protocol features help when we want to deploy bandwidth content filtering. I expect to have the same or close to the same level of customization in Forcepoint.
View full review »I am looking forward to the full integration of the endpoints that they offer for web security and DLP.
View full review »MM
reviewer1946076
Senior Manager IT at a computer software company with 201-500 employees
What's missing in Forcepoint Secure Web Gateway is a specific level of micro-control on protocols or devices, for example, where you can control a particular user or user device. This is what should be improved in the solution.
I want a micro-level management feature added in the next release of Forcepoint Secure Web Gateway.
View full review »AK
Arvind KR
Director at Foresight Software Solutions Pvt Ltd
One improvement I'd like to see would be to simplify managing the endpoint for both DLP and web security, so that endpoint management becomes easier. The dashboard is a little old so a new GUI would be helpful as well as updated reporting tools. It currently lacks some features that other solutions have.
View full review »DR
DAMIR REZNICEK
CTO at Lactalis
The issues we have are more around organizational issues between us and Forcepoint. We don't have problems with the solution although sometimes attacks or new ransomware gets through. Sometimes we need to work together with Forcepoint in order to change the setup and to block it. It would be great if Forcepoint was able to do this without our knowledge and, even better before those mails ever reach us.
The improvement needs to come on both sides – not only from ForcePoint, but the idea is to work on few points:
- The idea is to set up on the ForcePoint side TAM that could help us in the tuning the configuration.
- At the same time we need to work on improving the expertise and increase the number of FTE that will work on the platform (internal or external) in order to be able to really have the benefit of TAM.
- 3rd point is that some of the attacks come through and after we report it to ForcePoint they manage to improve the environment, while my experience with some other solutons is that the provider is more proactive and does the change/improvement even before we notice it.
MZ
reviewer1047669
PS & Technical Manager at a integrator with 11-50 employees
Forcepoint Secure Web Gateway has a lot of issues like troubleshooting and massive troubleshooting which require technical support. A lot of the product is not accessible. You must ask the tech support to communicate to open the root of the product - so that's an issue. But with Cisco you can access the product and troubleshoot.
To access the root of the product for troubleshooting you must have a data engineer. This is the big issue with Forcepoint. The support community is not good.
The management should be directed to the object itself. They have to make a more flexible management so you can access a device using a normal web browser or you can access a device using a management tool.
View full review »NH
Nayef Hamzeh
IT Manager at cmc
We have a lot of false positives, which is one area that can be improved. At the same time, there is a lot of spam that still gets by the filter.
The engine should be enhanced because some malware still gets by the filter.
The login for emails should be more advanced.
View full review »JT
reviewer1447047
Managing Consultant - Sr. DLP Security Engineer at a comms service provider with 1,001-5,000 employees
The biggest issues within the product were that it had become stagnant. For about four or five years, there was very little real innovation going on.
It felt as if they were just sitting back. They were lacking in regards to keeping up with the developments within the cloud.
Overall, I think they had a good, solid product. I think they failed to add features. It was not as feature-rich as other products. I would say the biggest problem was the lack of features, they just hadn't kept up. Under Raytheon, they were starting to correct this, but it was a work in progress. Overall, the biggest problem with the product itself was the lack of features.
I knew that they needed to handle web sockets in some way, all we could do was effectively bypass it. There were too many times when the connections just didn't work right through the proxy. Our customers would have to bypass and basically go around the product. There were various levels to this and it was a real pain for our customers to diagnose those problems. There needed to be an end-product protocol analyzer output (for lack of a better way to put it), that would help administrators understand why the connection wasn't working.
There was so much legwork involved: someone would have to take a laptop and set up in front of the proxy; then they would have to load Wireshark (as I used to call it) and pull their captures; then they would have to give that to Forcepoint, or they would have to try to reason it out themselves. That caused a lot of problems because most administrations weren't confident or competent enough to do it.
They didn't have the skill-set needed to make proper use of those tools in the first place for analysis. There were a lot of customers who could've gotten value from the product but who were put in a position where they had to basically bypass the product because of certain connections. Some form of connection-troubleshooting should be included within the product, more than just looking at a log that nobody knows how to read except for support.
There was no way to troubleshoot connections in an effective manner that didn't require a lot of legwork by the user. Whenever you ask a user to do that, nine out of 10 times, they're not going to do it. They're just going to take the easy way out, bypass it, and then they'll bitch about the product, but they won't actually fix it. They won't want to make the extra effort. The problem just remains unsolved. They needed something like a connection analyzer tool to explain why, or at least give a better indication of why this was failing.
Again, it was the lack of development. The GUI is quite nice. I think it's very natural for people once they get used to it. Ironically, the company I'm working for now is actually POCing the DOV product and one of the things they like is the interface. They had a lot of good synergy with their other products. They failed to capitalize on it, ultimately. They're getting there. They got better, but it might be too little too late. That's the problem.
View full review »JS
Jay Stelmach
Adjunct Professor at Southern New Hampshire University
Allow for faster exemption of websites or the ability to reclassify websites.
View full review »GG
reviewer1303923
AGM - IT Infrastructure at a manufacturing company with 10,001+ employees
Sometimes we find the solution behaves erratically. It may be related to our configuration, which may be incorrect. We are using desktops, laptops, and workstations and the laptops are set to mobile status. We do make connections outside the office premises as well, and desktops or workstations are predominantly located in the same place.
Overall the software is occupying too much memory space. If they could remedy that, it would be a better experience, because today Windows is occupying too much memory space as well (in terms of the RAM), and this software has also started occupying all the memory. Due to this, I have less space for my other office products and data. I can't, for example, operate a huge Excel sheet or other datasets.
Product grouping should be made more flexible. We should be in a position to define the product groupings. Also, sometimes the standard product grouping that they are using is not applicable in this part of the world. If they could move it, if they could make it more flexible, it would make our life easier. Otherwise, we are forced to use our own definitions a lot. This sometimes causes problems with performance. The product grouping really should concentrate more on this particular geographic region.
View full review »EO
reviewer988044
Regional Solutions Manager at a tech services company with 11-50 employees
The product could be improved by including a consolidated product that can carry on Forcepoint Secure Web Gateway product email, web, and DLP. It's a single licensing suite that carries all the features instead of having a product. Additionally, a consolidated approach to their products would be excellent, and Forcepoint Secure Web Gateway should be on the same path to work with peers looking at cloud adoption entirely.
View full review »AK
Arvind KR
Director at Foresight Software Solutions Pvt Ltd
The Bitglass part, right now, we are trying to learn it, and then trying to acquire skillsets around it.
For cloud web security, there are definitely areas where it requires improvement, Policy changes take 20 to 30 minutes for enforcement.
Granular control based on applications can be further enhanced.
SC
reviewer1433466
Infrastructure Support Officer at a government with 1,001-5,000 employees
We are using a V10000 G3 appliance. It is just a proxy. It is just HTTP, FTP, and HTTPS. Now, as our website has developed and we are using rich time-connectivity protocols, the proxy doesn't have the ability to work with these protocols. It would be nice if the UDP feature was there for it to filter UDP traffic. It needs firewall capabilities for UDP filtering.
Its upgrades can be quite complex, and they don't always go as per the plan. Its reporting could be a bit more granular.
View full review »- The documentation is almost too much, it could be laid out in an easier to understand.
- Upgrades can be challenging. For us, it has required a third party to assist.
SA
reviewer1541994
Ict Help Desk Administrator Individual Contributor at a transportation company with 201-500 employees
A feature of Forcepoint Secure Web Gateway that can be improved is the speed of data analysis.
Also, there should be enhanced detection when it comes to the loading of encrypted data.
A feature we wish to see addressed in the next release of the product involves its administration.
I do not consider the product to be excellent and would rate it an eight out of ten.
View full review »Reports in the sand-boxing, ease of deployment of sensors to ready to go server with one click of a button.
I think there is room to improve the reporting area of the solution and also the investigation part, a basic section where you see the body and headers of each email and the reason it got blocked.
If the solution had a lower cost, it would be easier to implement.
In the 8.5 version of the solution, I took some issue with the interface.
I'd recommend that the company supports more process to matrix files. We've had issues with that.
The solution should be better able to support itself and operate faster. Sometimes the technical support team takes too long to respond.
For improvement, we cannot deploy the Forcepoint Web Security firewall directly without ISP. The firewall doesn't have any features because some customers are requesting they will install the firewall without licensing.
At this time we cannot go further without licensing. Licensing is a must with Forcepoint Web Security firewalls.
I'm not sure that those features are included with Forcepoint Web Security. We checked the other features but we have not checked out their performance.
View full review »IR
reviewer1197741
Group IT Infrastructure Manager at a manufacturing company with 1,001-5,000 employees
One of the most important areas of improvement would be the support because we faced a lot of problems when we were on-prem.
View full review »LP
reviewer1210437
Product Manager at a computer software company with 1-10 employees
There should be more hardware models available and the application control could improve.
View full review »SD
reviewer1471029
Chief Information Officer at a computer software company with 5,001-10,000 employees
The functionality of this product in the current version is not up to our expectations.
This product does not have an integrated strategy for securing your web gateway with DLP.
View full review »An area for improvement would be the classification of websites - it can take a long time for new websites to be classified.
View full review »
AD authentication is buggy and not very effective. Sometimes the policies are applied immediately, sometimes after 5 minutes. The only sure way to filter is to set static IPs, which is not effective network management. Many websites are not filtered. Many categories don't include commonly used sites. Malware can slip through easily.
View full review »
TA
reviewer1319712
Systems Engineer at a tech services company with 11-50 employees
In the on-premises version, I don't like the deployment and structuring of the device. It is time-consuming and not as easy to implement as Blue Coat Web Security.
View full review »- Database synchronization failures
- Encrypted packet inspection
EO
reviewer988044
Regional Solutions Manager at a tech services company with 11-50 employees
The deployment is a bit complex and it requires expertise to deploy, which is something that should be improved and made easier to do.
Security of browsing.
View full review »There were several issues with the product.
- Version 8.4 can only be managed with a CLI, they removed the nice GUI interface from version 8.1.
- The load-balancing needs massive improvements.
- The incident lists don’t sync between appliances, they need to be manually edited for each one.
- FTP access via transparent proxy
- SSL Certificate updates
- Detailed guidelines to deploy the transparent proxy to Firefox users.
Support
View full review »The reporting could be improved.
View full review »BM
OwnChair354
Owner at a tech services company with 11-50 employees
Ease of use could be improved.
View full review »Buyer's Guide
Forcepoint Secure Web Gateway
April 2024
Learn what your peers think about Forcepoint Secure Web Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,415 professionals have used our research since 2012.