Extensive controls that stop more attacks, breaches and theft without sacrificing performance
Forcepoint Next Generation Firewall (NGFW) provides a wide range of advanced access controls and deep inspection capabilities that protect your business, users and data against ever-evolving advanced threats that lead to breaches and theft. Centrally managed with the Forcepoint NGFW Security Management Center (SMC), you can apply different types of security techniques to each connection such as: by application, by organization, by location, or a variety of other factors – all without sacrificing networking performance. And, this protection works seamlessly throughout your network – in data center SDNs, on the edge, in branch SD-WANs and in the cloud.
#1 SCORES IN SECURITY, GREAT TCO TOO
NSS Labs gave Forcepoint the highest score for security out of all vendors tested in their 2017 NGFW test along with one of the best TCO rankings as well.
NSS Labs 2017 NGFW Test, May 2017.
“Forcepoint ticks all the boxes for our legal clients including security, compliance and cost. It’s resilient, it’s secure, and it’s scalable through the range. No other firewall has the ability to do security this well.”
Senior Security Consultant, NETprotocol
Broad range of built-in security capabilities
Forcepoint NGFW comes with a wide range of built-in security capabilities (including VPN, IPS, encrypted inspection, secure SD-WAN, and mission-critical application proxies), freeing you from having to juggle different products, allocate licenses or perform administrative chores in multiple places. You can even repurpose security appliances into different roles, extending the lifetime of your infrastructure.
Encrypted traffic control – while maintaining user privacy
With Forcepoint NGFW, you can painlessly handle the rapid shift to encrypted transmissions – both for incoming and outgoing traffic. Accelerated decryption lets you inspect HTTPS and other SSL/TLS-based protocols efficiently to deny or allow specific HTTP commands or URL segments inside HTTPS – ( even in virtualized or cloud deployments), and our SSH security proxy gives you advanced control for mission-critical applications. In addition, Smart Policies make it easy to comply with emerging privacy laws and internal practices: preventing the exposure of personally identifiable information (PII) as users communicate with their banks, insurance companies, or other sensitive sites.
Better breach prevention with industry-leading IPS
All Forcepoint NGFWs enforce powerful anti-intrusion policies through built-in IPS capabilities that do not require additional licenses or separate tools to implement. Forcepoint NGFW’s IPS capabilities are NSS Labs RECOMMENDED (2016 Next Generation Intrusion Prevention System test) and it recently achieved perfect scores in NSS Labs’ 2017 NGFW Test, blocking 100% of malware and evasions with no false positives.
Deep security integrated with SD-WAN
Forcepoint NGFW extends enterprise-grade security out to branch offices, eliminating the need for multiple devices in SD-WAN environments. It provides full protection across multi-ISP broadband Internet links as well as MPLS lines that connect to corporate networks. Different types of traffic can be restricted to specific links (for example, Office 365 to high-speed broadband, social media and video to inexpensive commercial lines, and voice or sensitive apps to leased lines), each with the appropriate encryption and inspection controls. With Forcepoint’s centrally managed Secure SD-WAN approach, you can save upfront capital costs and reduce ongoing operating expenses.
Strong protection against Advanced Evasion Techniques (AETs)
Forcepoint is the pioneer in Advanced Evasion Techniques (we wrote the book, literally). Our full protocol normalization of traffic disrupts attackers’ attempts to sneak in malicious code, spots anomalies and prevents attempts to exploit vulnerabilities within your network.
Protection of mission-critical apps
For years, Forcepoint has been protecting mission-critical applications in some of the most sensitive networks around the world. Forcepoint combines the strength of our Sidewinder security proxy technology with the central manageability and high availability of our next generation firewalls. Mediate access and data flow between users and the servers that mission-critical applications are running on, isolating them from transport- and application-layer attacks over SSH/SFTP, HTTP, TCP and UDP.
Reduced risk of botnet infiltration
Forcepoint NGFW uses a variety of techniques for examining traffic patterns within connections to identify potential botnet command-and-control communications. Fingerprints of known botnets and message-length sequence analyses (even for encrypted traffic) uncover attempts to infiltrate your network so that you can block attackers before they get a foothold.
Endpoint Whitelisting and Blacklisting Application Control
Endpoint Context Agent provides whitelisting and blacklisting of client applications running on hosts and end-user devices. For example, it would allow administrators to specify the browsers and their versions that may or may not access the Internet. This provides more granular controls that can be customized to the business needs and security posture of the organization.
Dynamic protection against phishing and malicious web downloads
Forcepoint NGFW provides dynamic URL filtering that makes it easy to enforce web access policies for compliance and block access to phishing sites (as well as malicious or undesirable content). Forcepoint Threat Intelligence cloud service provides an extensive, continually updated categorization of URLs that can be used directly within access policies to provide dynamic control over which users are allowed to access which sites.
Integrated data exfiltration controls
Forcepoint NGFW can help prevent loss of sensitive data and intellectual property. Outbound traffic can be inspected for patterns such as credit card numbers, personal identifiers, restricted code names and other terms to reduce the risk of theft.
Virtualized protection in software-defined networks (SDN)
Forcepoint NGFW runs in virtualized data centers and in the cloud, providing the same centrally managed security that is available on in physical appliances. This lets you microsegment your virtualized applications, databases and services infrastructure with the same types of policies and visibility you use in offices and branch locations.
Unparalleled advanced security, powered by the Forcepoint Cloud (CASB, web, email, dlp)
Forcepoint NGFW provides unparalleled security without deployment headaches when used alongside Forcepoint CASB (Cloud Application Security Broker), Web Security, Email Security, and DLP (Data Loss Prevention) for cloud applications.