Forcepoint Threat Protection Cloud Module
Defend Your Data from Advanced Threats with Cloud-Based Sandboxing Technology

Click here to jump to more pricing!


Take a modern, cloud-first approach to content security for your organization with a scalable, easy-to-deploy sandbox solution that integrates seamlessly with TRITON AP-WEB and TRITON AP-EMAIL.

To protect your sensitive data — from intellectual property to patient records to classified files — your organization needs robust defenses from the most sophisticated, targeted zero-day threats and advanced persistent threats (APTs) that may attack through Web or email channels. But these defenses also need to be easy to deploy, and they must work flawlessly in the cloud.

Mass market threats have given way to more tailored, targeted attacks. The Forcepoint Threat Protection Cloud provides additional defenses for the most advanced, targeted Zero-day threats and APTs that attack through Web or Email channels. Forensic reporting and phishing education feedback strengthen proactive defensive measures.

Threat Protection Cloud is your easiest on-ramp for adding advanced threat detection to your TRITON AP-WEB and AP-EMAIL deployments. Whether your organization is large or small, it will benefit from a scalable sandbox technology for cloud-based Web and email content security. Threat Protection Cloud enhances your defenses with:

  • File sandboxing for AP-WEB — Monitor Web traffic for real-time code analysis in a behavioral sandbox for advanced threat identification.
  • File sandboxing for AP-EMAIL — Intercept attachments in real time for additional threat analysis in a behavioral sandbox to identify targeted attacks.
  • Email URL sandboxing — Reassess suspicious links in email when they are accessed, not only when the email arrives.
  • Detailed forensic reporting — Use sandbox results to guide any necessary response or proactive measures against future attacks.
  • Phishing education and reporting — Increase phishing awareness at both the user and network levels to improve user behavior, even for remote users.

Why Forcepoint Threat Protection Cloud Modules?

The Forcepoint Threat Protection Cloud offers unrivaled protection enhancements to Forcepoint Web and Email security defenses. Integrated behavioral sandboxing results are considered along with other Forcepoint ACE analytics to counter innovative, emerging evasion techniques and ensure accurate identification of threats. Networked and mobile users enjoy real-time feedback regarding suspicious email communications, even when working remotely. And detailed sandbox forensics and phishing reports provide insights to help organizations assume a more proactive security posture against future attacks.

Forcepoint Threat Protection Cloud enhances defense in five areas:

  1. File Sandboxing for Web
    Monitor Web traffic for real-time code analysis in a behavioral sandbox for Advanced Threat identification.
  2. File Sandboxing for Email
    Intercept attachments in real-time for additional threat analysis in a behavioral sandbox.
  3. Email URL Sandboxing
    Have suspicious links in email reassessed when they are accessed, not just when the email arrives.
  4. Detailed Forensic Reporting
    Use sandbox results to guide any necessary response or proactive measures against future attacks.
  5. Phishing Education and Reporting
    Increase phishing awareness at both the user and network levels to drive effective change.

Behavioral Sandboxing Forensics

Forcepoint Threat Protection Cloud provides an online sandbox environment for safely testing potential malware. Using ACE analytics, all activity is monitored and documented in a detailed report including:

  • The infection process and post-infection activity.
  • System-level events and changes to files, processes, registry, etc.
  • Network communications, including connections/methods used and destination.

Observed behavior is correlated with known threats to provide valuable, actionable insights.

Powerful Forensics

  • Allows safe execution of suspicious code away from network resources.
  • Research-grade sandbox used and managed by Forcepoint researchers.
  • Detailed forensic reporting provides actionable insights.
  • Graphical breakdown of the attack flow linked to every process and event.


  • Highly accurate, real-time identification and classification of threats using TRITON ACE
  • Security intelligence from the Forcepoint ThreatSeeker Intelligence Cloud
  • Detailed reporting that includes graphical breakdown of the attack flow and insights into infection processes; system-level events; changes to files, processes and registries; and network communications, including connections and methods used and destination
  • Seamless integration with TRITON AP-WEB and TRITON AP-EMAIL
  • While Threat Protection Cloud is the easiest way to add sandbox technology to your TRITON deployments, Threat Protection Appliance is a next-generation malware analysis platform for use in the most demanding and highly-regulated environments


You Need Forcepoint Solutions
Integrate with leading Forcepoint TRITON solutions Forcepoint Image Analysis is available as an optional add-on module for TRITON AP-EMAIL and AP-DATA solutions.
Secure web and email against advanced malware Working with TRITON AP-WEB and AP-EMAIL, suspicious code is triggered in an isolated behavioral sandbox, allowing it to execute safely, yet reveal any malicious intentions. Intercepted in-line, IT is alerted of newly revealed threats in real time, along with a detailed forensic report.
Actionable information from forensic reporting The sandbox forensic report provides details of both infection and post-infection activity that can be used to fine tune defenses against attacks, as well as identify and possibly recover infected systems.
Integrated defenses for maximum effectiveness Sufficient clues to a truly advanced, targeted attack may not exist solely in well-crafted malicious code. Therefore, Forcepoint Threat Protection results are also considered in context with an ACE analysis of the delivery vehicle (Web or Email).
Advanced email link defenses Suspicious URLs are modified such that when a user clicks the link in a message from any device (e.g., laptop, smart phone, tablet), the URL is analyzed in real time before allowing access. Despite other benefits, this is invaluable when a website is compromised well after the link is originally delivered via email.
Personalize phishing facts Both users and IT staff are provided with customized information. User education and feedback alert users to risks, while IT reports can identify trends that may indicate a need for policy, process or other changes.


Download the Forcepoint Threat Protection Cloud Modules Datasheet (.PDF)