Unlike other cloud-based security solutions that bundle portfolios of fragmented products, we built Forcepoint ONE to integrate Zero Trust and Security Service Edge (SSE) technologies into one cloud platform. This integration enables you to manage one set of policies, in one console, connected to one endpoint agent.
Forcepoint ONE unifies three foundational gateways: Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA). Together, these three services make up what Gartner terms the Security Service Edge. We’re proud that Forcepoint (Bitglass) has been recognized as a Visionary in Gartner’s first-ever SSE Magic Quadrant.
Here's a bit more about Forcepoint ONE’s three foundational gateways:
- Secure Web Gateway – This is the service that monitors and controls any interaction with any website. This includes blocking access to websites based on category and risk score, blocking download of malware, blocking upload of confidential or sensitive data to personal file sharing accounts and detecting shadow IT.
The Forcepoint ONE SWG features a unified agent that runs locally on Windows and macOS devices to enable smart routing of web traffic, offering up to 2x the throughput of our SWG competitors. Rees Johnson will share more about how this works in his upcoming blog post.
- Cloud Access Security Broker – Back in 2013, Bitglass started as a CASB company that differentiated itself from the competition through its true reverse proxy mode. And that advantage continues. Forcepoint ONE uses this leading agentless CASB solution to control access to managed cloud applications and to shadow IT applications. It also provides data loss protection (DLP) and malware protection as well.
The Forcepoint ONE CASB can be configured to integrate with any SIEM tool that supports syslog, or to integrate with any on-premises DLP systems that supports ICAP. It also supports two-way integration between Forcepoint ONE and selected Security Orchestration Automation and Response (SOAR) platforms. Finally, Forcepoint ONE CASB can use classification metadata from any data classifier in a DLP match pattern.
- Zero Trust Network Access – This gateway controls access to private applications hosted behind a firewall—something it does without the need for virtual private networks (VPNs). Like CASB does for traditional cloud apps, ZTNA provides DLP and malware protection for private web-based applications.
We built the Forcepoint ONE platform on an Amazon Web Services hyperscaler network. This means all three of the gateway services (the top layer in the above image) achieve enterprise-level reliability, scalability and performance. Case in point—this platform has achieved a 99.99% verified uptime since 2015. In other words, the Forcepoint ONE platform, the gateways and the security services it delivers will be available when you need them.
The middle security services layer is where we integrate comprehensive DLP and malware scanning into all three gateways to prevent theft, leakage, or corruption of business data, all managed together from a unified set of policies. We also integrate our industry-leading threat protection capabilities at this layer. This includes our smart Remote Browser Isolation (RBI) built on technology from our Cyberinc acquisition and also Content Disarm and Reconstruction (CDR) file sanitizing, and zero-day sandboxing powered by technology that the Deep Secure acquisition brings us. All these services work together to provide seamless protection against today’s most advanced threats.
As many security professionals know, the network perimeter starting changing years ago as employees began working from anywhere. Current events have created a hybrid workforce model that’s here to stay. Securing that hybrid workforce has placed new challenges on security teams. We built the Forcepoint ONE platform to solve those challenges. And we’ll continue to add functionality to the platform throughout 2022 and beyond.
You’ll be hearing more about Forcepoint ONE in the coming days and weeks here on our Insights blog. Next up, a Zero Trust layer blog post from Chief Product Officer Rees Johnson coming tomorrow. For now, check out the Forcepoint ONE product page.