© 2020 Forcepoint Forcepoint Proprietary

Forcepoint IsraelTech Week

Nitzan CohenRegional Director, Israel

Sep. 2020

© 2020 Forcepoint Add Classification Label: Forcepoint Private | Forcepoint Proprietary | Public

Something We Believe In-

2

“Built to Last”

• When partnership with someone

• While interacting with a customer

• While managing a Channel

• When closing a deal

• While Building a team

Forcepoint Private | Forcepoint Proprietary | Internal

Customer

ValuePerformance

Value CommitmentSystem availability &

Operation efficiency

Leveraging Forcepoint offerings to ensure accelerated Customer Value, System availability & Operation efficiency

Customer Success

Forcepoint Private | Forcepoint Proprietary | Internal

4Tech week became a Tradition

© 2020 Forcepoint

ForcePoint Israel Market Share

FY20

▪ DLP Tech- 10.9 09:00-13:00

▪ Forcepoint Virtual Summit September 15

▪ Training: DLP 13-16.9, Web Security 29.9-1.10

▪ Forcepoint System Engineer Certification

▪ 10Bis voucher 70 NIS, please send email to: orly@gilevents.co.il

▪ Kahoot: 1st place: 800 NIS Alcohol Package, 2nd, 3rd places- 200 NIS Vouchers

▪ Q&A- Please send us through Chat

Announcement

▪ Opening 09:00-09:20

▪ Web Security- Erez 09:20-10:50

▪ Break 10:50-11:05

▪ Email Security- Peter 11:05-12:35

▪ Q&A, Kahoot- 12:35-13:00

Todays Agenda

© 2020 Forcepoint

▪ F1E

▪ Isolation (Full/Targeted)

▪ Boldon James

▪ Cloud App DLP, Cloud Web DLP

▪ DUP (Dynamic User Protection)

▪ Edge/CSG

▪ MSP

▪ Forcepoint Advantage

What's new?

2020 Tech Week - Web

Erez EpsteinSr. Sales Engineer

© 2020 Forcepoint Public

© 2020 Forcepoint

Agenda

OnPrem & Hybrid vs Cloud

Policy Hardening

System Health Check& Maintenance

Troubleshooting

CACM (CASB)

RBI

Tips & Tricks

EOL & Roadmap

Cloud Security Gateway

Zero Trust Network Access (ZTNA)

12Public

© 2020 Forcepoint© 2020 Forcepoint

OnPrem & Hybrid Vs Cloud

13Public

© 2020 Forcepoint

Hybrid Cloud

Topology

14Public

© 2020 Forcepoint 15

© 2019 Forcepoint | 16

Global Coverage Across 128 Countries

© 2020 Forcepoint

Feature Parity

17

On Prem & Hybrid Web Main Feature Comparison On Prem Hybrid Cloud

Management Interface Local Cloud Portal

Reporting Local via ApolloLocal via Apollo

*No Real Time MonitorCloud Apollo

User Authentication & Sync KerberosIdentification via EP

*SSO via IDP also Available

Policy Management Local via FSM

Cloud Portal – One Policy

Logic instead of Multiple

Policies

Local Appliance Deployment Supported Not Applicable

Real Time Analysis Supported

DLP Module Integrated on Proxy

ETA 2021

*DLP Endpoint as mean

term solution

ETA Q4-2020

*DLP Endpoint as mean

term solution

SSL MiTm Supported

AMD Supported

Shadow IT Supported

Explicit & Transparent Redirection Supported

SIEM Supported

Public

© 2020 Forcepoint© 2020 Forcepoint

Policy Hardening

18Public

© 2020 Forcepoint

Best Practices – Security categories

19

Extended Protection

Dynamic DNS

Elevated Exposure

Emerging Exploits

Newly Registered Website ?!

Suspicious Content

Public

Miscellaneous

Uncategorized (Will be discussed soon)

Information Technology (Please don’t block me ☺ )

Hacking

Proxy Avoidance

Unauthorized MP

Web and Email Spam

Security (Fully Blocked!!)

© 2020 Forcepoint

Uncategorized

20

Why?

What is the Risk?

How?

WebcatcherWebCatcher collects uncategorized and security-related URLs to send to Security Labs for analysis, This is done to improve URL categorization and security effectiveness

And….Stay tuned for next slides….

Public

© 2020 Forcepoint

Allowing URLs

21

Re-categorize

Exceptions (But not for Security)

Public

© 2020 Forcepoint

Aggressive Analysis

22

Elevated Risk Profile: Recommended by Security Labs

The Rest: Enable Aggressive ! (Scanning → Scanning Options )

Public

© 2020 Forcepoint

File Download Blocking

23

Executablesbat

exe

pif

Threatsvbs

wmf

Customscf

cmd

and more…

And….Stay tuned for next slides….Public

© 2020 Forcepoint

Cloud App Enforcement and Reporting

24Public

Application Risk Level

© 2020 Forcepoint

Cloud App Enforcement and Reporting

25

Block by Risk Level

Permitted and Blocked List

Part of existing Policy Structure

Public

© 2019 Forcepoint | 26

AMD

[ OS LAYER ]

[ APPLICATION LAYER ]

Web Firewall CASB Email

Advanced Malware Detection

VS

Virtualization – Typical Sandbox

• Creates an isolated environmentrestricted by the underlying hardware

• Blind to deep malware activity

• Easily evaded

Full System Emulation (FUSE)

• Exact replication of multiple hardware environments from mobile devices to PCs

• Complete visibility of malicious behaviors

• Full Exposure to counter advanced evasion techniques

Typical Sandboxing

STOPS here

Forcepoint Private

© 2019 Forcepoint | 27

[ MEMORY LAYER ]

[ CPU LAYER ]

AMD The Deep Content Inspection Difference

[ OS LAYER ]

[ APPLICATION LAYER ]

Web Firewall CASB Email

Advanced Malware Detection

Inspection of malware

memory including

encrypted strings

Dynamic code analysis

elicits malicious behaviors

True Kernel visibility with

minimal OS version

dependencies

Dormant code analysis

identifies code blocks even if

they do not execute

Identification of malicious

scripts and macros

Signature-less inspection

and analysis

Forcepoint Private

© 2020 Forcepoint© 2020 Forcepoint

System Health Check & Maintenance

28Public

© 2020 Forcepoint

Proactive Actions

29

Upgrade, Upgrade and Upgrade

Public

Monitoring

Services

SNMP

Health Check URL

System Alerts FSM (A.K.A Triton)

Proxy

H/A and Fault Tolerance

Clustering

VIP

Dashboards

Alert

Malicious Events

© 2020 Forcepoint

Proactive Actions

30

Hybrid Sync Status

Public

DB Download

Log Health

WCG Alert

© 2020 Forcepoint

Proactive Actions

31

WCG Diagnostics Tool

Public

© 2020 Forcepoint

Proactive Actions

32

AV Exceptions

Public

Backups

DB

File System

Snapshots

Application Backup

© 2020 Forcepoint© 2020 Forcepoint

Troubleshooting

33Public

© 2020 Forcepoint

Realtime Monitor

34Public

Real Time ☺

Use for Debugging Only

Filter by Action

© 2020 Forcepoint

Block Page Debug

35Public

© 2020 Forcepoint

More Troubleshooting

36Public

Browser Debug (F12)

Toolbox

Authentication Bypass

Testdatabaseforcepoint.com

© 2020 Forcepoint

More Troubleshooting

37Public

Scanning Exceptions

SSL Bypass (Source, Destination)

From FSM

Last resort from Proxy

© 2020 Forcepoint

Endpoint

38Public

Disable via CLI

Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\)

Submit the command:

wdeutil.exe -stop [ wspxy | wsts | wsrf | wsdlp | all ]

Enter the Antitampering password and you should be good to go!

Enable Via Cli

Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\)

Submit the command:

wdeutil.exe -start [ wspxy | wsts | wsrf | wsdlp | all ]

Gather debugs for Support via UI

© 2020 Forcepoint© 2020 Forcepoint

CACM (Cloud Application Control Module)

39Public

© 2019 Forcepoint | 40

Web Security & Cloud App Control Module

I need to control

how sanctioned

cloud apps are

being used

I need to control

sanctioned cloud

apps across

managed devices.

I need full AD and

SIEM integration.

I need to protect my organization from web borne threats

+

=Forcepoint Web Security & Cloud App Control Module

I want anomaly

detection and user

behavioral analytics.

I need to know what

cloud apps are

being self-adopted

in my organization.

I need to know who

is using potentially

risky cloud app.

I need to understand

which cloud apps

are risky, and why.

I need to block

users from using

risky cloud apps.

*on-premises only.Na

tive

functio

na

lity

Clo

ud

Ap

p

Co

ntr

ol

© 2019 Forcepoint | 41

Cloud App Control ModuleWeb Security proxy is connected to the CASB service with proxy chaining.Sanctioned applications traffic is forwarded automatically from the Web Security proxy to the CASB service

• Proxy-based activity visibility, with Real-time mitigation options.• CASB Anomaly detection + UBA & Risks

Office365

CNN.com

© 2020 Forcepoint

Inline Control of Sanctioned Cloud Apps

42Public

© 2020 Forcepoint

Inline Control of Any Activity

43Public

© 2020 Forcepoint© 2020 Forcepoint 44

RBI

Public

© 2020 Forcepoint

ForcepointPartnered With

Ericom for Remote Browser Isolation

Gartner SWG MQ 2019

45Public

© 2020 Forcepoint

Forcepoint & EricomA Winning Combination

© 2020 Forcepoint

How Browser Isolation Works

Malware embedded in

active web-content

Ericom RBI executes

content in an

isolated container

Safe rendering

information sent to

endpoint

Standard browsing

experience

1 2 3 4

© 2020 Forcepoint

Enable safe access to uncategorized or risky websites

Isolation: Forcepoint Web Security + Ericom Shield

► End-user connects to Forcepoint Web Security to access the web

► Black-listed URLs are blocked, white-listed are allowed through

► Uncategorized and policy-defined URL’s are sent to Ericom Shield for added malware protection

Forcepoint

Web Security

Safe Sites: Allow

Risky Sites: Isolate

Unsafe Sites: Block

© 2020 Forcepoint

Isolation: Forcepoint Web Security + Ericom Shield

2 Policies in Forcepoint Web Security

forward risky traffic to Ericom Shield

RBI.

3 Risky sites rendered in a remote

virtual container, ensuring any

malware on the site cannot infect

endpoints.

4

1 Forcepoint Web Security allows

access to known good sites; blocks

known bad sites.

Site sent to user as a safe, fully

interactive visual stream. Users get

full web access, and IT mitigates web

security risk.

1

2

3

4

Enable safe access to uncategorized or risky websites

© 2020 Forcepoint 50Public

Forcepoint Integrations – Confirm ActionWSG (On Prem) – Web Redirection based

Once the user browses to one of the categories that are set to confirm action,it will be given the option to isolate all this traffic on the RBI solution by clicking on the link.

Configure the policy to Isolate a certain category with

Action set to Confirm.

© 2020 Forcepoint 51Public

Forcepoint and Ericom Feature Matrix

Functionality Forcepoint

Web Filtering Yes

Deep Content Inspection Yes

Data Loss Prevention DLP Yes

File Sandboxing and Analysis Yes

File Preview with text Yes

Additional Security Forcepoint + Ericom

Full Content Isolation (RBI) Yes

Anti-phishing with Read-only Mode Yes

File Content Disarm and Reconstruction (CDR)

Yes

File Preview with reader (safely in isolation container)

Yes

© 2020 Forcepoint© 2020 Forcepoint

Tips & Tricks

52Public

© 2020 Forcepoint

WebsenseAdmin

53

Used to restart services in the right order, gracefully

Go to the installation directory(typically C:\Program Files (x86)\Websense\Web Security)

Submit the command:websenseadmin.exe stop (or Start / Restart)

Public

© 2020 Forcepoint

Consolidate Realtime Monitor Logs

54

Can be sent to Main Policy Server

Ask your integrator to edit config.xml (carefully)Stop Websense Services (/opt/Websense/WebsenseAdmin stop)

Go to /opt/Websense/bin

vi config.xml

Look for UsageMonitorIP (In order to search in the VI type ‘/’ – without the ‘ and tryp UsageMonitorIP) and change it to your TRITON IP (for example <data name="UsageMonitorIp">1.1.1.1</data> )

Start Websense Services (/opt/Websense/WebsenseAdmin stop)

You need to do it on Every Proxy.

Public

© 2019 Forcepoint | 56

Block Whats app Upload & Download

WhatsApp is using specific domain for any Upload/Download

We can just block it with Forcepoint Web

This will block any kind of file upload / download

The URL list might need to be updated , if Whats App Design changes

Url List:• http://mmg.whatsapp.net• https://mmg.whatsapp.net

© 2020 Forcepoint

DTP – Read only access to site

57

Read Only Gmail Access

Made possible easily by carefully inspecting all outbound traffic

Public

© 2020 Forcepoint

Roaming User Policy

58Public

© 2020 Forcepoint

• Current status of our cloud products

• Consolidate CSG, DEP, CASB and future cloud products

• Show the history of status

• Modern, organized presentation competitive with best-in-class cloud providers

Cloud Status Portal

59Public

Now live on status.forcepoint.comReleased in June 2020

© 2020 Forcepoint

Forcepoint Web 8.5.4 – New Features

60Add Classification Label: Forcepoint Private | Forcepoint Proprietary | Public

SIEM Integration improvements

Customers with larger traffic will notice

an improvement in SIEM with reduced

lag time with data been made available

to SIEM.

Audit Logs available to SIEM by

Default

FSM portal related audit logs are now

made available by default to SIEM.

Previously this was manually

configured by customers.

Integrate with Multiple SIEM tools

Multiple SIEM integrations are now

supported to a maximum of 10.

Quality and Stability

Notable improvements with Reporting.

Customers with large data sets will

notice a significant reduction in report

loading times.

TLS 1.0 off by default

While still supported TLS v1.0 is now

disabled by default for new customers.

ESXI 6.7 now Supported

VMware ESXI 6.7 is now supported.

“Unknown” file types can be blocked

Unknown file types can now be blocked

where previously they could not.

© 2020 Forcepoint

Roadmap & Product Life Cycle (EOL)

61Public

© 2020 Forcepoint

Web Life Cycle

62Private

https://support.forcepoint.com/ProductSupportLifeCycle

© 2020 Forcepoint

Roadmap

63Private

© 2020 Forcepoint 64

CSG

Public

© 2020 Forcepoint

Cloud Security Gateway – security made simple

1SKU for product 1SKU for

support 1SKU for services+ +

© 2020 Forcepoint

Cloud Security Gateway – Web + CASB + DLP

66

Forcepoint Security Manager

at Customer Site or IaaS

• Deploy and Manage DLP Policies

• Incident management & Reporting

• Forensic Investigation

• XML import CSG web categories

DPS

DLP Instance

API

Calls/ Responses

User

Endpoint | PAC | Tunnels

CSG Admin Portal

• Configure integration DPS

• Manage web policies

• DPS/ DLP Lite

enforcement at policy level

• Manage block pages

• Transaction log/ reporting

Web Proxy

Web Logs

Events

DLP Policy

Post | http

File

DLP classifiers

• File size, name, type

• Keywords, phrases

• REGEXP

• File Meta-Data

• Fingerprinting

Block/ Allow

* No OCR support in DPS today

CASB

CSG

RBI

InternetCloud apps

AMD

© 2020 Forcepoint© 2020 Forcepoint

Zero Trust Network Access (Edge)

67Public

© 2020 Forcepoint

Connectivity for internal apps

• Inside private data centers (physical or cloud)

Same user experience everywhere

• No special UI, open apps in browser as usual

• No VPN client needed

No special firewall ports to administer

Part of DEP’s unified security policies

• Risk-adaptive access controls coming in 2021

Centralized visibility into app usage

Zero Trust Private Access – Internal Apps without VPNs

68Forcepoint Proprietary

DEPZT Private Access

Remote Workers

Branch Offices

Internal Appsin Data Center

Internal Apps in Private Enclave

© 2020 Forcepoint

DYNAMIC EDGE PROTECTION

Cloud Security Gateway (CSG)

CASBWeb Security

as a service

Threat

Protection

Data

Protectionas a service

Private Access (PA)

ZTNAFirewall

as a service

Threat

Protection

Data

Protectionas a service*

Private

Apps

Public Web &

SaaS Apps

Unified Agent

* coming H1’21

Converged security for applications and data everywhere

Risk-Adaptive Protection*

© 2020 Forcepoint© 2020 Forcepoint

Thank You!first.last@forcepoint.com

Epstein Erez

Sr. Sales Engineer

eepstein@forcepoint.com