WIXLIB

Forcepoint IsraelTech WeekNitzan CohenRegional Director, IsraelSep. 2020 2020 ForcepointForcepoint Proprietary

Something We Believe In“Built to Last” When partnership with someoneWhile interacting with a customerWhile managing a ChannelWhen closing a dealWhile Building a team 2020 ForcepointAdd Classification Label: Forcepoint Private Forcepoint Proprietary Public2

Customer SuccessLeveraging Forcepoint offerings to ensure accelerated Customer Value, System availability &Operation efficiencyForcepoint Private Forcepoint Proprietary InternalPerformanceCustomerValueSystem availability &Operation efficiencyValue Commitment

Tech week became a Tradition4Forcepoint Private Forcepoint Proprietary Internal

ForcePoint Israel Market ShareFY20 2020 Forcepoint

Announcement DLP Tech- 10.9 09:00-13:00 Forcepoint Virtual Summit September 15 Training: DLP 13-16.9, Web Security 29.9-1.10 Forcepoint System Engineer Certification 10Bis voucher 70 NIS, please send email to: orly@gilevents.co.il Kahoot: 1st place: 800 NIS Alcohol Package, 2nd, 3rd places- 200NIS Vouchers Q&A- Please send us through Chat

Todays Agenda Opening09:00-09:20 Web Security- Erez09:20-10:50 Break10:50-11:05 Email Security- Peter11:05-12:35 Q&A, Kahoot-12:35-13:00

What's new? F1E Isolation (Full/Targeted) Boldon James Cloud App DLP, Cloud Web DLP DUP (Dynamic User Protection) Edge/CSG MSP Forcepoint Advantage 2020 Forcepoint

2020 Tech Week - WebErez EpsteinSr. Sales Engineer 2020 ForcepointPublic

Agenda OnPrem & Hybrid vs Cloud RBI Policy Hardening Tips & Tricks System Health Check& Maintenance EOL & Roadmap Troubleshooting Zero Trust NetworkAccess (ZTNA) CACM (CASB)Public Cloud Security Gateway 2020 Forcepoint12

OnPrem & HybridVs CloudPublic 2020 Forcepoint13

TopologyHybridCloudPublic 2020 Forcepoint14

2020 Forcepoint15

Global Coverage Across 128 Countries 2019 Forcepoint 16

Feature ParityOn Prem & Hybrid Web Main Feature ComparisonOn PremHybridManagement InterfaceReportingLocalUser Authentication & SyncPolicy ManagementCloud PortalLocal via Apollo*No Real Time MonitorLocal via ApolloKerberosLocal via FSMLocal Appliance DeploymentCloud ApolloIdentification via EP*SSO via IDP also AvailableCloud Portal – One PolicyLogic instead of MultiplePoliciesSupportedReal Time AnalysisCloudNot ApplicableSupportedDLP ModuleIntegrated on ProxyETA 2021*DLP Endpoint as meanterm solutionSSL MiTmSupportedAMDSupportedShadow ITSupportedExplicit & Transparent RedirectionSupportedSIEMSupportedPublicETA Q4-2020*DLP Endpoint as meanterm solution 2020 Forcepoint17

Policy HardeningPublic 2020 Forcepoint18

Best Practices – Security categoriesExtended Protection Dynamic DNS Elevated Exposure Emerging Exploits Newly Registered Website ?! Suspicious ContentMiscellaneous Uncategorized (Will be discussed soon)PublicInformation Technology(Please don’t block me ) Hacking Proxy Avoidance Unauthorized MP Web and Email Spam Security (Fully Blocked!!) 2020 Forcepoint19

Uncategorized Why? What is the Risk? How? WebcatcherWebCatcher collects uncategorized and security-related URLs to send toSecurity Labs for analysis, This is done to improve URL categorization andsecurity effectivenessAnd .Stay tuned for next slides .Public 2020 Forcepoint20

Allowing URLs Re-categorize Exceptions (But not forSecurity)Public 2020 Forcepoint21

Aggressive Analysis Elevated Risk Profile: Recommended by Security Labs The Rest: Enable Aggressive ! (Scanning Scanning Options )Public 2020 Forcepoint22

File Download Blocking Executables bat exe pif Threats vbs wmf Custom scf cmd and more And .Stay tuned for next slides .Public 2020 Forcepoint23

Cloud App Enforcement and ReportingApplicationPublicRisk Level 2020 Forcepoint24

Cloud App Enforcement and Reporting Block by Risk Level Permitted and Blocked List Part of existing Policy StructurePublic 2020 Forcepoint25

AMDWebFirewallCASBEmailAdvanced Malware DetectionTypicalSandboxingSTOPShere[APPLICATION LAYER[OS LAYERCreates an isolated environmentrestricted by the underlying hardware Blind to deep malware activity Easily evaded]Full System Emulation (FUSE)Virtualization – Typical Sandbox ]VS Exact replication of multiple hardwareenvironments from mobile devices to PCs Complete visibility of malicious behaviors Full Exposure to counter advancedevasion techniquesForcepoint Private 2019 Forcepoint 26

AMD The Deep Content Inspection DifferenceWebSignature-less inspectionand analysisDormant code analysisidentifies code blocks even ifthey do not executeFirewallCASBEmailAdvanced Malware Detection[APPLICATION LAYERDynamic code analysiselicits malicious behaviors[[OS LAYER][CPU LAYER]Identification of maliciousscripts and macrosTrue Kernel visibility withminimal OS versiondependencies]MEMORY LAYER]Inspection of malwarememory includingencrypted stringsForcepoint Private 2019 Forcepoint 27

System Health Check& MaintenancePublic 2020 Forcepoint28

Proactive ActionsUpgrade, Upgrade and UpgradeMonitoring Services SNMP Health Check URL System Alerts FSM (A.K.A Triton)H/A and Fault Tolerance Clustering VIPDashboards Alert Malicious Events ProxyPublic 2020 Forcepoint29

Proactive ActionsHybrid Sync StatusDB DownloadLog HealthWCG AlertPublic 2020 Forcepoint30

Proactive ActionsWCG Diagnostics ToolPublic 2020 Forcepoint31

Proactive ActionsAV ExceptionsBackups DB File System Snapshots Application BackupPublic 2020 Forcepoint32

TroubleshootingPublic 2020 Forcepoint33

Realtime Monitor Real Time Use for Debugging Only Filter by ActionPublic 2020 Forcepoint34

Block Page DebugPublic 2020 Forcepoint35

More Troubleshooting Browser Debug (F12) Toolbox Authentication Bypass Testdatabaseforcepoint.comPublic 2020 Forcepoint36

More Troubleshooting Scanning Exceptions SSL Bypass (Source, Destination) From FSM Last resort from ProxyPublic 2020 Forcepoint37

Endpoint Disable via CLI Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\) Submit the command:wdeutil.exe -stop [ wspxy wsts wsrf wsdlp all ] Enter the Antitampering password and you should be good to go! Enable Via Cli Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\) Submit the command:wdeutil.exe -start [ wspxy wsts wsrf wsdlp all ] Gather debugs for Support via UIPublic 2020 Forcepoint38

CACM(Cloud Application Control Module)Public 2020 Forcepoint39

Web Security & Cloud App Control ModuleI need to protect my organization from web borne threatsNativefunctionalityI need to know whatcloud apps arebeing self-adoptedin my organization.I need to know whois using potentiallyrisky cloud app.I need to understandwhich cloud appsare risky, and why.I need to blockusers from usingrisky cloud apps.*on-premises only.Cloud AppControl I need to controlhow sanctionedcloud apps arebeing usedI need to controlsanctioned cloudapps acrossmanaged devices.I need full AD andSIEM integration.I want anomalydetection and userbehavioral analytics. Forcepoint Web Security & Cloud App Control Module 2019 Forcepoint 40

Cloud App Control ModuleWeb Security proxy is connected to the CASB service withproxy chaining.Sanctioned applications traffic is forwarded automatically fromthe Web Security proxy to the CASB service Proxy-based activity visibility, with Real-time mitigation options. CASB Anomaly detection UBA & RisksCNN.comOffice365 2019 Forcepoint 41

Inline Control of Sanctioned Cloud AppsPublic 2020 Forcepoint42

Inline Control of Any ActivityPublic 2020 Forcepoint43

RBIPublic 2020 Forcepoint44

Gartner SWG MQ 2019ForcepointPartnered WithEricom for RemoteBrowser IsolationPublic 2020 Forcepoint45

Forcepoint & EricomA Winning Combination 2020 Forcepoint

How Browser Isolation WorksMalware embedded inactive web-content1Ericom RBI executescontent in anisolated container2Safe renderinginformation sent toendpointStandard browsingexperience34 2020 Forcepoint

Isolation: Forcepoint Web Security Ericom Shield End-user connects toForcepoint WebSecurity to accessthe web Black-listed URLsare blocked, whitelisted are allowedthrough Uncategorized andpolicy-defined URL’sare sent to EricomShield for addedmalware protectionSafe Sites: AllowForcepointWeb SecurityRiskySites:IsolateUnsafe Sites: BlockEnable safe access to uncategorized or risky websites 2020 Forcepoint

Isolation: Forcepoint Web Security Ericom Shield1Forcepoint Web Security allowsaccess to known good sites; blocksknown bad sites.2Policies in Forcepoint Web Securityforward risky traffic to Ericom ShieldRBI.3Risky sites rendered in a remotevirtual container, ensuring anymalware on the site cannot infectendpoints.4Site sent to user as a safe, fullyinteractive visual stream. Users getfull web access, and IT mitigates websecurity risk.1324Enable safe access to uncategorized or risky websites 2020 Forcepoint

Forcepoint Integrations – Confirm ActionWSG (On Prem) – Web Redirection basedConfigure the policy to Isolate a certain category withAction set to Confirm.PublicOnce the user browses to one of the categoriesthat are set to confirm action,it will be given the option to isolate all this traffic onthe RBI solution by clicking on the link. 2020 Forcepoint50

Forcepoint and Ericom Feature MatrixFunctionalityForcepointWeb FilteringYesDeep Content InspectionYesData Loss Prevention DLPYesFile Sandboxing and AnalysisYesFile Preview with textYesAdditional SecurityForcepoint EricomFull Content Isolation (RBI)YesAnti-phishing with Read-only ModeYesFile Content Disarm and Reconstruction(CDR)YesFile Preview with reader (safely in isolationcontainer)YesPublic 2020 Forcepoint51

Tips & TricksPublic 2020 Forcepoint52

WebsenseAdmin Used to restart services in the right order, gracefully Go to the installation directory(typically C:\Program Files (x86)\Websense\Web Security) Submit the command:websenseadmin.exe stop (or Start / Restart)Public 2020 Forcepoint53

Consolidate Realtime Monitor Logs Can be sent to Main Policy Server Ask your integrator to edit config.xml (carefully) Stop Websense Services (/opt/Websense/WebsenseAdmin stop) Go to /opt/Websense/bin vi config.xml Look for UsageMonitorIP (In order to search in the VI type ‘/’ – without the ‘ and tryp UsageMonitorIP)and change it to your TRITON IP (for example data name "UsageMonitorIp" 1.1.1.1 /data ) Start Websense Services (/opt/Websense/WebsenseAdmin stop) You need to do it on Every Proxy.Public 2020 Forcepoint54

Block Whats app Upload & DownloadWhatsApp is using specific domain for any Upload/DownloadWe can just block it with Forcepoint WebThis will block any kind of file upload / downloadThe URL list might need to be updated , if Whats App Design changesUrl List: http://mmg.whatsapp.net https://mmg.whatsapp.net 2019 Forcepoint 56

DTP – Read only access to site Read Only Gmail Access Made possible easily by carefully inspecting all outboundtrafficPublic 2020 Forcepoint57

Roaming User PolicyPublic 2020 Forcepoint58

Cloud Status PortalNow live on status.forcepoint.comReleased in June 2020 Current status of our cloudproducts Consolidate CSG, DEP, CASBand future cloud products Show the history of status Modern, organizedpresentation competitivewith best-in-class cloudprovidersPublic 2020 Forcepoint59