
Forcepoint Technology
Our integrated technology delivers comprehensive security for your organization
You need an intelligent, integrated approach to network security so that you can move ahead with your organization’s broader mission. That’s what we deliver. Our world-class technology is the foundation of our unified platform, and it’s the reason our products have won dozens of industry awards.
Forcepoint™ technology is built from the ground up to meet four essential needs:
- Advanced threat protection provides defenses to ensure that your critical data and business processes can be used safely wherever they’re needed — in the office, on the road or in the cloud.
- End-to-end visibility allows you to see what’s really happening continuously throughout your network so you can better measure, manage and secure it.
- Advanced analytics rapidly transform information from across your network into accurate insights so you can take the right actions.
- Adaptive security allows you to apply contextual intelligence to stay ahead of evolving threats and rapidly return to normal when you do encounter trouble.
This enables us to deliver integrated Web, email and data security solutions powered by real-time intelligence. Read on to learn more about the specific technologies behind this unified approach to information security.
- TRITON ACE provides the power for Forcepoint information security products with more accuracy and better coverage than legacy, point-based security technologies.
- ThreatSeeker Intelligence Cloud uses real-time reputation analysis and expanded behavioral analysis to provide the most up-to-date protection from unwanted content and malicious threats.
- TRITON ThreatScope employs multiple sandboxes and other methods to detect and analyze malware and protect your network from threats.
- Virtual Data Warehousing for Analytics enables you to search on live data, and to do it faster and at lower cost than with traditional data warehousing.
- User Behavior Risk Scoring automatically detects your riskiest users and lets you know what to do about them.
- Multilevel Security at Enterprise Scale enables secure information access for the most sensitive enterprises, fostering high usability without compromising protection.
- Multilevel Security — Deep Content Inspection applies the most rigorous inspection engine available to ensure threat-free data transfer in highly secure systems.
TRITON ACE
TRITON ACE is why no one stops more threats than Forcepoint
TRITON ACE improves your threat defenses by identifying and classifying information crossing your network to deliver real-time security ratings to all products built on the Forcepoint TRITON architecture. ACE’s eight threat assessment areas and unique composite scoring process enable TRITON APX solutions to protect against emerging threats — including the most advanced zero-day attacks and APTs — while improving productivity and compliance through strong outbound content visibility and containment controls.
TRITON ACE is maintained by Forcepoint Security Labs researchers. Its capabilities include:
- Predictive analytics identify zero-day and other advanced threats
- Contextual assessments help ensure accuracy
- Inline operation tackles social media and other SSL traffic
- More than 10,000 analytics enable deep inspections
- Composite scoring drives effective decision making
- Constant updates from the ThreatSeeker Intelligence Cloud
TRITON ACE applies thousands of analytics across eight threat assessment areas. These also provide checks and balances to ensure accurate classification. They are:
- Behavioral sandboxing. Allows suspicious code to be executed, scrutinized and evaluated for malicious activities in a secure, isolated environment.
- Real-Time Security Classification. Inspects all Web content for malicious or suspicious code such as obfuscated scripts and iframe tags, and empowers social media controls.
- Real-Time Content Classification. Employs advanced machine learning to quickly and accurately classify pages based on content including images, multimedia and links.
- Real-Time Data Classification. Classifies structured and unstructured data with parsing and decoding support to address outbound data theft.
- Anti-Malware Engines. Applies multiple anti-malware engines to identify both general and specialized malware.
- Reputation Analysis. Considers more than 20 characteristics for more accurate reputation scoring that encompasses contextual awareness.
- URL, Protocols and Application Classification. Applies current classification information for known pages or to help assess new pages and links.
- Anti-Spam/Spear-Phishing. Provides matchless, proactive protection against traditional and emerging threats in email.
Employed collectively for security assessments within Web, email, data and endpoint security solutions, the eight ACE defense assessment areas give ACE a uniquely broad security perspective.
TRITON ACE Insight Widget
Enable your website visitors to check the safety of a web link before they click on it. The ACE Insight widget performs real-time content analysis to assess the current state and risk level of a web link or IP address.
Add the copy below to your web page to post the widget to your website.
<iframe width="200" scrolling="no" height="350" frameborder="0" allowtransparency="true" src="http://www.websense.com/assets/html/ai-widget/base.html"></iframe>
ThreatSeeker Intelligence Cloud
Put the World's Largest Information Security Intelligence Network to Work for You
Every second of the day, the Forcepoint ThreatSeeker Intelligence Cloud scours the vast expanse of online content for potential threats. It’s up to the task. It receives global input from over 155 countries and, working in parallel with TRITON ACE, analyzes up to 5 billion requests per day. ThreatSeeker also serves to distribute threat intelligence to TRITON solutions around the world, which last year generated an average rate of 3.2 pieces of threat intelligence every second.
Content Collection
ThreatSeeker collects content in all its online forms: Web pages, documents, executables, scripts, streaming media, emails, mobile applications and other Internet traffic. It processes billions of pieces of email and Web traffic intelligence daily to uncover new trends in threats and identify further types of content to collect. As it operates, ThreatSeeker:
- Monitors popular websites to see if they’ve been compromised or hijacked
- Follows breaking news, trending topics and viral social media to identify additional content to assess
- Tracks geographical hot spots, new URL listings and other potentially revealing Internet activity
Content Identification
To identify threats, the ThreatSeeker Intelligence Cloud uses all eight ACE defense assessment areas plus a series of out-of-band analyses, all performed under the constant supervision of Forcepoint Security Labs researchers.
ThreatSeeker and ACE work in tandem to detect zero-day and other unknown threats and protect your organization from breaches. That protection is even stronger thanks to ThreatSeeker’s other capabilities, including:
- Big Data Analysis — Proprietary big data analysis tools enable automated assessment of key trends and indicators. Security Labs researchers then investigate anomalous activity to gain deeper understanding of emerging threats and improve defenses.
- Threat Sandboxing — New and suspicious executables uncovered by ThreatSeeker Intelligence Cloud are scrutinized in context for Indicators of Risk (IoR), but also detonated in a sandbox and interrogated for potentially malicious behavior.
- Mobile App Profiling — This special sandbox performs malware tests and monitors the permission-related activities of mobile apps to detect indications of malicious intent. Results are used to maintain the “Mobile Malware” and “Unauthorized Mobile Marketplaces” security categories within Forcepoint security products.
The ThreatSeeker Intelligence Cloud works non-stop to help you deal with the unknown — and only Forcepoint has it.
TRITON ThreatScope
Defend Your Organization From the Most Advanced Zero-Day Threats and APTs
Robust defense of your network requires early, accurate detection of threats — a task that has grown harder as generic attacks have given way to more tailored threats such as phishing and custom malware. That’s why we developed TRITON ThreatScope, which incorporates multiple detection algorithms and sandboxes to detect, isolate and analyze inbound threats in real time.
Advanced malware protection for your sensitive data
TRITON ThreatScope powers our Threat Protection products, strengthening your security against targeted zero-day threats and advanced persistent threats (APTs) that may attack through Web or email channels. Malware analysis results are considered along with other TRITON ACE analytics to counter innovative, emerging evasion techniques and ensure accurate identification of threats — before they can jeopardize your data or systems.
TRITON ThreatScope enhances your defenses with four distinct components:
- Behavioral Engine — Uses proprietary hypervisor technologies to create virtual machines for sandboxing Web and email threats; monitors Web traffic for real-time code analysis while protecting email by intercepting malicious attachments and embedded links at point of click.
- Heuristic Engine — Applies Context Triggered Piecewise Hashing, or “fuzzy hashing,” for rules-based pattern matching of malicious content.
- File Context Engine — Analyzes and scores files such as PDFs, Microsoft Office documents, and most others to determine if suspicious or malicious.
- Machine Learning Engine — Builds predictive models that detect even supposedly “undetectable” malware in real time.
User Behavior Risk Scoring
Find Risky or Malicious Users Based on Their Patterns
Insider threats are a big problem — often the biggest — in information security. But even though 80% of organizations know this, many of them lack the human resources or budget to deal with the risk effectively. You need better tools to automate detection and make your IT security staff more effective.
Forcepoint™’s user behavior analysis technology automatically
- Detects your riskiest users
- Escalates relevant cases
- Helps your security team pinpoint trouble
We’re able to achieve this thanks to our depth of experience: We have been fine-tuning our understanding of what makes insiders risky and what to do about it since 2001 — long before the industry as a whole understood the problem.
Predictive analysis fueled by decades of experience
Based on our work with countless businesses as well as government agencies, we have developed many policies that capture what a real insider threat looks like, down to every detail. By combining this with your own policies and business rules, we are able to establish baselines for what’s normal for your staff as a whole and for individual users.
Our software then continually analyzes data from multiple sources, keeping an accurate history of each user’s activities to uncover anomalous patterns and make review easy for your analysts. We connect the dots for you so you know exactly what to do with the insights we produce, whether that means extended monitoring, workforce education, or enforcement actions.
Forcepoint’s approach to user behavior risk scoring protects your good employees and helps them be more productive while empowering you to stop threats before there’s an incident.
Virtual Data Warehousing for Analytics
A better path to accessing disparate data for actionable intelligence
To keep your organization focused on its mission, you need the best possible insight into the security issues affecting your IT environment. Forcepoint delivers that insight using the fast, efficient, cost-effective virtual data warehousing technology embedded in SureView Analytics.
Other analytics engines are often cumbersome and expensive to operate because they rely on large traditional data warehouses that require data ingestion for analysis. Your IT department has to invest time and money to purchase and maintain the data warehouse, plus hire expensive external consultants to set up the ingestion process. Worse, companies offering proprietary data stores take ownership of the data once it’s in their ingestion engine, meaning that you lose control of your own data.
Virtual data warehousing also frees you from reliance on using stale data and allows you to search in near real time, therefore ensuring that your cybersecurity analysts can develop actionable intelligence from the most current information.
Virtual data warehousing delivers near real-time insight using fewer resources
Our virtual data warehouse points to your structured and unstructured data without copying or moving it, but instead stores only the index to the data. Our approach means that you don’t need to ingest masses of data. It’s also friendlier for compliance purposes because it doesn’t trigger Freedom of Information Act (FOIA) requirements since ownership of the data remains at the source.
The virtual data warehouse in SureView Analytics gives you a better way to make good decisions for your organization because it allows you to:
- Search on live data so you can make decisions in near real time.
- Deploy quickly and efficiently without the expense or effort of setting up a traditional data warehouse.
- Lower your total cost of ownership to as little as one-third of alternate methods, freeing your IT team to focus on high-impact projects.
Multilevel Security at Enterprise Scale
Uncompromising security and usability for your enterprise
Forcepoint cross domain solutions enable secure information access and transfer within and between some of the most sensitive enterprises. Our cross domain suite provides the most secure means for enterprises with segmented networks, whether they’re segmented for national security or corporate reasons, to foster a high degree of usability without compromising security.
Your end users are able to effectively and efficiently support your organization’s missions, while your system administrators employ enterprise-scale administration tools to support the global footprint from a single location, all with the highest degrees of security.
Forcepoint cross domain solutions support hundreds of thousands of enterprise users — more than any other cross domain solutions available today. These solutions include:
- Trusted Thin Client for simultaneous access to multiple segmented networks from a single endpoint and the ability to provide wide-ranging access to distributed networks and centralized system administration
- High Speed Guard for rapid automated machine-to-machine data transfer
- WebShield for secure browse-down and data retrieval from a more secure network to a lower-level network and, in conjunction with our Trusted Gateway System, the ability for users to securely post to enterprise Intranets to foster greater collaboration across communities of interest.
Multilevel Security — Deep Content Inspection
Delivering sensitive data accurately and securely
Moving data between segmented networks is both highly critical and highly challenging for any enterprise. “Stovepipes” are no longer effective, either within your enterprise or when exchanging data with your trusted partners. Cross domain multilevel solutions address this problem by providing secure mechanisms to transmit data across and between segmented networks. Networks may be segmented to provide a physical or virtual gap or security boundary between networks of different classifications, compartments within one network or networks maintained by different authorities.
While the need to share is critical to global and enterprise security, it must be balanced against the need to protect — both the data itself and the enterprise as a whole. Data must arrive at its appointed destination quickly, and it must also reliably be in the right format and free of malware.
Forcepoint’s multilevel security products addressing these challenges include:
- High Speed Guard, which provides the most robust solution to facilitate machine-to-machine data transfer while ensuring the data meets all established security policies before it is moved to the destination. One means of ensuring the validity and cleanliness of the data is deep packet inspection. High Speed Guard has the most rigorous inspection engine available in a multilevel transfer solution, allowing it to ensure protocol compliance and that the data is free of malware, viruses, and so on. These capabilities provide our customers with the assurance that the data will be where it needs to be so that their networks are protected to the highest degree and they can achieve their missions.
- Trusted Gateway System, which provides a workflow mechanism to guide efficient person-to-person file transfer. The interface also facilitates a two-person review (where required) and ensures that all security checks are performed. In addition to file typing and malware/virus checks, Trusted Gateway System also conducts content inspections through Dirty Word Search (clean and dirty word lists) and deep content inspection via seamless integration with third-party tools such as Purifile.