Cisco Secure Web Appliance (formerly Cisco Web Security Appliance [WSA]), powered by Cisco Talos, protects by automatically blocking risky sites and testing unknown sites before allowing users to link to them, helping with compliance. It is available models S690, S390, and S190.
N/A
Forcepoint SWG
Score 9.7 out of 10
N/A
The Forcepoint ONE Secure Web Gateway (SWG) is one of the three foundational gateways of the Forcepoint ONE all-in-one cloud platform. Forcepoint ONE SWG monitors and controlsany interaction with any website, including blocking access to websites based on category and risk score, blocking download of malware, blocking upload of sensitive data to personal filesharing accounts, detecting shadow IT, and optionally providingRemote Browser Isolation (RBI) with Content Disarm andReconstruction (CDR).
Based on the platforms I have evaluated, I think the WSA is a great fit for any organization that needs a proxy server that provides control over what web sites are accessed or when they can be accessed. I think it is probably overkill if you simply need a proxy server for bandwidth savings or because you need to proxy general Internet access without extensive filtering needs.
Over the years, [in our experience], the maintenance of the Forcepoint Web Security solution proved to be more cumbersome and troublesome with each version upgrade. In addition, it did not transition well to support the large increase of remote workers. We also experienced weird incompatibilities with the client. We have since replaced this solution with Zscaler Internet Access, a cloud-based secure web gateway solution with a client that behaves as expected, is more flexible, and requires significantly less administration.
It does a great job of filtering emails based on IP reputation. This feature works particularly very well. Cisco has a vast database of IP reputation scores and therefore offers very few false positives and negatives.
It checks each email thoroughly without any compromise of privacy. Any malicious link present in the body of the email makes its way to the quarantine. The IP reputation scores also help in this case.
This package is one of the few that offers a category, quota time, that allows us to limit certain categories and or websites for staff that would normally be blocked for customers and may not be something that is needed in their day to day job duties. We allow staff one hour a day, broken down into six 10 min increments, to visit sites for shopping, travel arrangement and other areas that are more of a personal need than a business need.
Forcepoint has a wide selection of categories that can be enabled, quota timed or restricted at a top-level or you can go more granular and drill down to subcategories to allow for only partial access.
The user access logs contain a lot of useless information. I understand this is very hard to tackle as I've seen this across any product that logs web activity.
I would like to see more customization options of website block pages.
It is very stable, the organisation has "locked in" the product and has no plans to change or try another product. We have already renewed our 2019-2020 licenses. It is user friendly and people catch on easily when they first use it. The only downtime is when we install Microsoft updates! It has excellent reporting which help in determining how the organisation's Internet is used and also during both internal and external IT audits.
Because it's one of those products you almost don't realize it exists from the end user. From the administrator perspective, you can do everything on its web interface and it's very intuitive to manage, once you know the concepts behind identities, acls, etc. Also, once you build the control structure, I mean, you link 'local' groups with your own Active Directory groups, as we did here, you don't need to be managing those things on the appliance itself.
Despite the intimidating Linux CLI when you use the appliance for troubleshooting, the web security usability compensates as most of the Administration of the system is done there. It is GUI based and has an easy to use UI where one can navigate around rather easily like getting reports, checking alerts, looking the whole setup under deployment to check if all services are running in one place though there are other parts to the system.
Our experience with Cisco's support was terrible. Other than the fact that they don't respond to service-related emails with urgency, they also keep on changing the policies that affected us. Recently, they came up with a new look for the same software, which was insanely slow. Renewal of keys for the old interface took months. Overall, the support was not very friendly from the users' point of view.
The is a quick first response to acknowledge your issue and the Engineers never take more than two hours to fix an issue and we hardly get issues looking at the fact that the system is pretty stable. There is also a robust Knowledge Base in the site for known problems.
Research known issues with upgrading from the Support Knowledge base, this will enable you avoid road blocks along the way and reduce your dependence on Forcepoint Support
Considering we're with Cisco IronPort Web Security Appliances for the last 9 years, as I stated, we don't have too much experience with other producs. What I can say is that in the past, we evaluated Websense before it became Forcepoint and we also used MS ISA Server for webfilter. As you may imagine, IronPort is a very very superior product.
To be honest, once using Forcepoint for our Web Security, I have not wanted to look anywhere else. The dashboard gives me quick insight of threats, productivity, and bandwidth usage. Again, this is a layer in my security and it fills many holes. I feel safe and I do like I can just let it do its thing
Having a much safer work system has given us the guarantee and security of always staying out of danger.
The prevention system is important for us and always keeping our devices, web and emails free of any malicious agent has allowed us an excellent workflow, without distractions or inconvenience in the development of projects.
Thanks to the fact that we have kept our work system safe, we have saved ourselves a lot of inconvenience, time spent, avoiding equipment damage, payments to solve problems, among many other problems that thanks to Cisco Secure Web Appliance we have been able to solve.
