Forcepoint NGFW Difference - Unrivaled Security


The Forcepoint NGFW Difference

Unrivaled Security

Extensive controls that stop more attacks, breaches and theft without sacrificing performance

Forcepoint NGFW provides a wide range of advanced access controls and deep inspection capabilities that protect your business, users and data against ever-evolving advanced threats that lead to breaches and theft. With Forcepoint Security Management Center (SMC), you can apply different types of security techniques to each connection such as: by application, by organization, by location, or a variety of other factors – all without sacrificing networking performance.


IDC Research found that customers who switched to Forcepoint experienced 86% fewer cyberattacks and 69% fewer breaches.

IDC Research, Forcepoint NGFW Business Value Snapshot, March 2017.

“Forcepoint ticks all the boxes for our legal clients including security, compliance and cost. It’s resilient, it’s secure, and it’s scalable through the range. No other firewall has the ability to do security this well.”

Senior Security Consultant, NETprotocol

Built-in security capabilities

Forcepoint NGFW comes with a wide range of built-in security capabilities (including VPN, IPS, NGFW, and mission-critical application proxies), freeing you from having to juggle different products, allocate licenses or perform administrative chores in multiple places. You can even repurpose security appliances into different roles, extending the lifetime of your infrastructure.

Encrypted traffic control – while maintaining user privacy

With Forcepoint NGFW, you can painlessly handle the rapid shift to encrypted transmissions – both for incoming and outgoing traffic. Accelerated decryption lets you inspect HTTPS and other SSL/TLS-based protocols efficiently (even in virtualized or cloud deployments), and our SSH security proxy gives you advanced control for mission-critical applications. In addition, Smart Policies make it easy to comply with emerging privacy laws and internal practices: preventing the exposure of personally identifiable information (PII) as users communicate with their banks, insurance companies, or other sensitive sites.

Better breach prevention with industry-leading IPS

All Forcepoint NGFWs enforce powerful anti-intrusion policies through built-in IPS capabilities that do not require additional licenses or separate tools to implement. Forcepoint NGFW’s IPS capabilities are NSS Labs RECOMMENDED (2016 Next Generation Intrusion Prevention System test).

Strong protection against Advanced Evasion Techniques (AETs)

Forcepoint is the pioneer in Advanced Evasion Techniques (we wrote the book, literally). Our full protocol normalization of traffic disrupts attackers’ attempts to sneak in malicious code, spots anomalies and prevents attempts to exploit vulnerabilities within your network.

Reduced risk of botnet infiltration

Forcepoint NGFW uses a variety of techniques for examining traffic patterns within connections to identify potential botnet command-and-control communications. Fingerprints of known botnets and message-length sequence analyses (even for encrypted traffic) uncover attempts to infiltrate your network so that you can block attackers before they get a foothold.

Protection of mission-critical apps

For years, Forcepoint has been protecting mission-critical applications in some of the most sensitive networks around the world. Forcepoint combines the strength of Sidewinder security proxy technology with the central manageability and high availability of our next generation firewalls. Mediate access and data flow between users and the servers that mission-critical applications are running on, isolating them from transport- and application-layer attacks over SSH/SFTP, HTTP, TCP and UDP.

Advanced malware detection and Zero-Day sandboxing

Forcepoint NGFW applies multiple scanning techniques to files found in network traffic, including: reputation vetting, built-in anti-malware scanning, and Zero-Day scanning via our Forcepoint Advanced Malware Detection service. This powerful, cloud-based system uses industry-leading sandboxing and other analysis techniques to examine the behavior of files and reliably uncover malicious code so that it can be rapidly blocked.

Consolidation of security systems – integrated URL filtering

Forcepoint NGFW provides a fast, flexible way to enforce web access policies for compliance and block access to phishing sites (as well as malicious or undesirable content). Forcepoint Threat Intelligence cloud service provides an extensive, continually updated categorization of URLs that can be used directly within access policies to provide dynamic control over which users are allowed to access which sites.

Unparalleled advanced security, powered by the Forcepoint Cloud (Web, Email, CASB, DLP)

Forcepoint NGFW provides unparalleled security without deployment headaches when used alongside Forcepoint Web Security, Email Security, CASB (Cloud Application Security Broker), and DLP (Data Loss Prevention) for cloud applications.

IDC: The Business Value of Forcepoint Next Generation Firewall (NGFW) Solutions

In a recent study, IDC analyzed the business value and benefits of supporting network operations with Forcepoint NGFW solutions. The research included interviews with eight organizations relying upon Forcepoint’s NGFW to connect and protect their networks and business operations. IDC created a model based upon their analysis to identify the costs and real benefits of deploying Forcepoint NGFW.

See the Results