Forcepoint Web Security offering reaches for the edge

Forcepoint has delivered a web-based security tool leveraging elastic cloud gateway technology that allows admins to access content from any remote location.

Hoping to extend the reach of its cloud infrastructure products, Forcepoint recently delivered a new offering that permits centrally based IT administrators to access web-based content from any edge location.

The Forcepoint Web Security product scales across 160 public points of presence in 128 countries. The product offers two certifications: the ISO 27018, which oversees personally identifiable information, and the Cloud Security Alliance Star Gold, a variant on the GDPR Code of Conduct, which governs software security and cloud-based cross-functional operations.

Forcepoint also introduced the Direct Connect Endpoint (DCEP), a proxy-less endpoint that serves to expand secure connectivity as well as reduce latency. The offering, which is patent pending, is intended to improve application compatibility and deliver accurate geolocation, according to the company.

Focusing on the edge

Defending the company's strategy, which is anchored in the belief that end users are the new perimeter, Forcepoint officials said infrastructure-centric approaches to security are becoming irrelevant. They believe the future belongs to products that deliver cloud-native capabilities to a wide range of devices residing on the edges of the network.

"Owning the edge is going to be critical, because that's where you deliver services and where the user experience is," said Nico Fischbach, CTO at Forcepoint in Austin, Texas. "But it's also about protecting the user because, in most cases, it is users being compromised or making mistakes where most security troubles begin."

The DCEP offering improves the user experience with added speed and performance, as well as enhanced security for users and data, Fischbach said.

Owning the edge is going to be critical because that's where you deliver services and where the user experience is.
Nico FischbachCTO, Forcepoint

"Rather than pulling traffic to a central location to be inspected, the [DCEP] allows you to go to a trusted endpoint site, avoiding latency and impacting the user experience," he added.

One analyst agreed that side-stepping the associated performance penalty is a major challenge facing security vendors rearchitecting their offerings to be cloud-native and more accessible to edge locations.

"With this new architecture, a major problem vendors are trying to solve is the performance issue, which involves eliminating having to haul traffic back to the corporate network so they can access controls and do content inspections," said Doug Cahill, senior analyst and group director at Enterprise Strategy Group in Milford, Mass. "You have got to manage the latency issue from wherever the particular end user is."

With the ever-increasing amount of corporate data traveling outside the perimeter of the network, Forcepoint's web security products, along with those from a handful of competitors, including McAfee, NetScope and Cisco, are trending. Such products have gained increased importance in the enterprise thanks to not only their speed in discovering suspicious data, but also the importance of following strict regulations in the U.S. and Europe.

"These products have to discover, identity and classify sensitive data at scale and, in this [Forcepoint's] case, identify the information that is subject to privacy regulations such as GDPR," Cahill said.

Forcepoint Web Security and some of its competitors employ elastic cloud gateways (ECGs) technology, which offers a distributed, cloud-native, microservices-based architecture. The technology is designed to protect the growing number of perimeters other than the network perimeter, as more users adopt multi-cloud strategies. Corporate users, however, have been slow to adopt ECGs.

"Critical data can sit anywhere now in users' hybrid cloud installations, which often means a mesh of legacy applications on local storage and across more than one cloud," Fischbach said. "But also, once you create and store that data someplace, it takes on a life of its own. Protecting that data and user IP is an important part of our business going forward."

Cahill said, "What I like about these implementations is users can bring to bear on-demand compute to address compute-intensive actions such as SSL encryption. It allows you to not just discover sensitive data but apply corporate policies to it."

Cybersecurity market leader Symantec, which was purchased by chip maker Broadcom earlier this year, is reportedly working on incorporating the technology into its flagship offering. Symantec has not announced when it would deliver the technology.

Forcepoint adds new partner programs

Separately, in an effort to accelerate the adoption of its behavioral approach to cybersecurity, Forcepoint also rolled out two new partner programs: The Global System Integrators (GSI) Platinum and Accredited Services Partners (ASP) programs. The purpose of the two programs is to serve as an ecosystem for consultative partners to help corporate users more easily migrate to a more modern cybersecurity framework.

The Forcepoint GSI Platinum program offers a higher level of accreditation for integrators, including prioritized opportunities, a bespoke training program and an integrated suite of products. The Forcepoint ASP program better enables services-oriented partners to become strategic consultants to corporate users through a range of training courses.

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing