Forcepoint developed WebShield as a mechanism by which users can securely access multiple networks at varying security levels from a single desktop device. Forcepoint WebShield promotes more complete information browsing and discovery, which in turn increases users’ ability to carry out their missions or job requirements.
Forcepoint WebShield is a Commercial-Off-The-Shelf (COTS) data guard that provides secure web search and browse-down capabilities from high-side networks to lower level networks. WebShield allows for the transparent protection of the entire network (i.e., not just a single local server). Security officers can use WebShield to control what data users retrieve. Users surfing lower-level networks can be restricted to specific servers and file types as defined by security policies. All processing is performed at the incoming information level; therefore, the request is processed at the high-side level and the server response is processed at the server level. All requests, responses, and transfers go through various security controls such as dirty word search, virus scan, and malicious content checks. Organizations can also place restrictions on the low-side network to limit data accessed by high-side users. The standard WebShield configuration allows secure “on-demand” web browsing from one security domain to another. This on-demand approach eliminates data duplication and streamlines network traffic, without the inherent risks and slowdowns that can come with traditional methods of transferring information between levels. WebShield acts as a web proxy, forwarding requests and corresponding responses from one security domain to the other (Figure 1). Web clients, or browsers, on the high side can access lower-level web servers. WebShield can also support global deployments of more than 100,000 users, which are load balanced at a local and regional level, and provide failover in the event of an outage.
• Supports service-based server-toserver access through HTTP
• Supports standard web browsers and requires no software installation on the user’s desktop
• Provides seamless access to webbased resources at lower levels
• Includes customizable virus scanning, dirty word search, file typing, and active content blocking
• Increases productivity while maintaining a high level of security
• Provides accountability for user actions with a Strong Authentication option
• Supports local, site, and regional site-to-site load distribution and failover
WebShield is used in operational systems worldwide. As part of those systems, WebShield provides intelligence and operations analysts the capability to securely access information at different classification levels and the ability to securely share information with coalition and multinational networks.