Forcepoint NGFW provides consistent security, performance and operations across physical, virtual and cloud systems. Forcepoint Next Generation Firewall (NGFW) combines fast, flexible networking (SD-WAN and LAN) with industry-leading security to connect and protect people and the data they use throughout diverse, evolving enterprise networks. SD-WAN replace costly MPLS at retail stores and branch offices with broadband links to the cloud. Accelerate Office 365 performance and boost resilience without sacrificing security. A unified software core enables Forcepoint NGFW to handle multiple security roles, from firewall/VPN to IPS to layer 2 firewall, in dynamic business environments.

Forcepoint NGFWs can be deployed in a variety of ways (e.g., physical, virtual, cloud appliances), all managed from a single console. Forcepoint uniquely tailors access control and deep inspection to each connection to provide high performance and security. It combines granular application control, intrusion prevention system (IPS) defenses, built-in virtual private network (VPN) control and mission-critical application proxies into an efficient, extensible and highly scalable design. Forcepoint NGFWs selectively and automatically whitelist or blacklist network traffic originating from specific applications on PCs, laptops, servers, file shares and other endpoint devices based on highly granular endpoint contextual data. It goes beyond typical firewalls to prevent attempted exfiltration of sensitive data from endpoints via unauthorized programs, web applications, users and communications channels. Forcepoint NGFW industryleading security engine is designed for all three stages of network defense: to defeat evasions, detect exploits of vulnerabilities and stop malware. It can be deployed transparently behind existing firewalls to add protection without disruption, or as full-featured NGFW for all-inone security.

Dynamic Data Protection delivers a system for identifying and investigating entities that post potential risk to critical data and assets. It dynamically applies monitoring and enforcement controls to protect assets based on risk level of actors and the value of data.

Forcepoint Dynamic Data Protection significantly reduces time to discovery, holistic forensic investigations, and alert burdens caused by false positives, allowing you to quickly respond to risk while maintaining optimum business efficiencies. Forcepoint uses a smarter way to safeguard your sensitive networks and data, no matter where they reside or are accessed. Integrating behavior-centric analytics with data protection tools. Forcepoint Dynamic Data Protection allows you to identify high-risk activity and automate policies to protect data in near realtime, providing the highest security with the greatest end-user productivity. With Forcepoint Dynamic Data Protection, organizations can overcome the fundamental challenges of traditional DLP and more effectively protect sensitive information, including regulated data sources, intellectual property, and personally identifiable information. Forcepoint DDP is the first and only solution of its kind on the market; the only one that can automate policy enforcement to dynamically respond to changes in risk within an organization. With intelligent analytics, unified policy management, and automation at its core, only Forcepoint can provide the end-to-end, behavior-centric security architecture organizations need to meet the security challenges of today—and tomorrow.

Forcepoint CSG is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are. Integrated functionality reduces time to value and ensures maximum capabilities are available. Eliminating multiple point products enables enterprises to cut costs, reduce complexity, and decrease operational overhead while eliminating overlap between product and security teams. The Forcepoint Cloud Security Gateway:

• Extend protection to users both on and off the corporate network—in the office, at home, and on the go.
• Apply consistent policies across your organization— for safe access to web content and cloud applications while protecting your critical data.
• Prevent and stop threats across the entire kill chain— even the ones you can’t see like zero-day threat.
• Discover risky cloud application usage.
• Enable policies to protect data without impacting productivity.
• Decrease costs and hardware footprint.
• Eliminate gaps in security operations and streamline IT and workflow management.
• Reduce vendors and point product overload.
• Simplify regulatory compliance. Utilize pre-defined regulatory policy templates to remove guesswork and reduce effort.
• Ensure employee productivity.
• Secure your global and remote workforce

Dynamic User Protection (DUP) is a User Activity Monitoring (UAM) solution designed to alert organizations of risky behavior, so they can protect critical data and reduce the risk associated with insiders. The solution collects user behavior and Forcepoint DLP incidents (through DLP 8.8 integration) then computes the user’s risk using Forcepoint’s Indicator of Behavior (IOB) analytic models. This risk score is actively communicated to DLP to automate policy enforcement based on the risk level. The Dynamic User Protection solution operates within both the endpoint and cloud, which balances immediate detection and enforcement capabilities with scalability. Forcepoint’s commitment to privacy is recognized through various technical and operational controls across our organization, and this continued commitment will shape our future as a privacy leader.

Forcepoint Insider Threat has been identifying and stopping threats from within for government and Fortune 100 customers for more than 15 years. With more than 1 million endpoints deployed, Forcepoint Insider Threat’s proven solution protects some of the most sensitive organizations on the planet. One Fortune 100 retail client realized 60% ROI in the first year of deployment. Forcepoint’s innovative “Inside-Out” approach to cybersecurity will revolutionize how you protect your critical data. Our Insider Threat Data Protection delivers deep visibility into threats from within by linking data movement to your users’ behavior, wherever they may be. Early visibility into risky user behavior gives you advanced warning into threats to your data from within. Stop critical data from leaving your organization and identify both malicious and negligent users to minimize threat risks.
Forcepoint Insider Threat gives you unrivaled visibility into computer users’ early activity, helping you to stop data theft and loss by:
• Detecting suspicious activity, whether accidental or intentional.
• Preventing a hijacked system, a rogue insider, or just a user making a mistake, ensuring that your intellectual property is not compromised.
• Establishing a normal behavior’ baseline, giving you early indications of a potential risk when a user begins to stray from their normal activity.
• Providing context into a user’s behavior, aiding your investigation.
• Automatically identifying your riskiest users. An over-theshoulder view enables you to put context around risky behavior. This lets you determine if the system was hijacked, the employee action was malicious, or if it was an accidental act.
Only Forcepoint Insider Threat offers DVR capture and playback on both Windows and Mac OS endpoints. Command Center provides a highly intuitive way to identify the riskiest users and quickly see patterns that can uncover broader risk. Forcepoint Insider Threat provides granular control over when to collect data and what to specifically gather to protect users’ privacy. Only Forcepoint Insider Threat integrates with Forcepoint DLP to help you quickly drive to smarter remediation decisions after risky behavior is detected.

Forcepoint UEBA’s market-leading platform integrates structured and unstructured data to provide holistic visibility into nuanced human activity, patterns, and long-term trends that comprise human risk. The product offers a variety of customer use cases through a diverse set of analytics built upon four tenets: Diverse Data Sources, Hybrid Analytics, Configurability, and Transparency.
Forcepoint UEBA is a powerful platform with a defined generic data model, flexible enough to handle incredibly diverse data yet structured enough to apply powerful big data analytics. The product’s information model provides specific guidelines for how to map data from different sources in order to maximize the effectiveness of the analytic engines. The Forcepoint UEBA Analytic Hierarchy is made up of features, models, and scenarios.
Organizations that choose Forcepoint UEBA to improve their security posture gain many benefits, including:
• Comprehensive Visibility. Forcepoint is the only vendor that covers structured and unstructured business data in addition to communications to leave no detection gaps.
• Deep Context. Focus on behaviors, not just anomalies, with precise narratives that indicate unwanted behavior.
• Flexibility. Easily build or customize risk models to fit any unique organization and support any risk use case.
• Efficiency. Pivot from alert to investigation with in-depth analytics within a single platform.

Forcepoint URL Filtering is the industry’s most effective, continually up-to-date web filtering solution. Powered by our ThreatSeeker Intelligence, Forcepoint URL Filtering collects and analyzes up to 5 billion incidents every day (from over 155 countries), producing updated threat analytics for Forcepoint solutions at up to 3.2 updates per second.

Forcepoint URL Filtering blocks web threats to reduce malware infections, decrease help desk incidents and provide relief to valuable IT resources. Forcepoint URL Filtering is an easy-to-deploy, transparent filter and security solution that avoids the complexity of a proxy gateway. It’s equipped with more than 120 security and web filtering categories, hundreds of web application and protocol controls, and 60-plus reports with customization and role-based access.
Forcepoint URL Filtering’s intuitive management and reporting is accessed via the unified TRITON Architecture user interface, simplifying provisioning and enabling role-based reporting. It includes more than 60 pre-defined reports, many easily customizable reports and administrative alerts. The TRITON architecture supports expansion to Email, Data, Mobile security products and more.

Forcepoint Dynamic Edge Protection (DEP) implements Gartner’s SASE model for unifying web, network, and application security in the cloud. Secure Access Service Edge (SASE) brings security that used to be delivered via a patchwork of point products into the cloud. It dramatically improves and simplifies how you can keep your people and data safe. Forcepoint Dynamic Edge Protection (DEP) provides true SASE security-as-a-service that is ideal for safeguarding branch offices, SD-WAN connections, and Wi-Fi networks without deploying security hardware.

With your applications, data, and people constantly moving outside the traditional bounds of your enterprise, old approaches to security can’t keep up. Putting stacks of hardware at every location or using different products for remote workers leaves holes for attackers, drives up costs, and drains scarce IT resources. That’s why we created our Forcepoint Dynamic Edge Protection (DEP) suite of SASE and Zero Trust solutions. DEP lets you safely provide controlled access to web, cloud, and internal applications—protected against advanced threats and data loss—to all of your people wherever they’re working: at home, in the office or on the road.

Analysts call this new cloud-native approach Secure Access Service Edge (SASE) and Zero Trust. DEP is a suite of purpose-built cloud solutions such as Forcepoint Cloud Security Gateway (CSG) and Forcepoint Private Access (PA) that weave together advanced security microservices to provide web content inspection, URL Filtering, Shadow IT controls, Zero Trust Network Access (ZTNA), firewalling with intrusion prevention, malware scanning, data loss prevention, and more. These unified capabilities eliminate the gaps and redundancies you used to wrestle with in point products. DEP frees your people to work safely anywhere while helping you keep your business efficient and secure.

Forcepoint Dynamic Edge Protection offers:

• Greater Productivity – give remote users faster access to cloud apps without putting your business at risk.
• Lower Costs – cut CAPEX and OPEX by not having to buy, deploy, and manage patchworks of security hardware and software.
• Reduced Risk – deliver strong, extensible security against advanced threats and data loss without gaps or redundancies.
• Streamlined Compliance – increase your visibility and control for faster incident response.

Forcepoint CASB Cloud Access Security Broker discovers cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications. Forcepoint CASB offers enhanced security for data in cloud apps, so your end-users can access their favorite apps without restriction.

The Forcepoint CASB:

• Discover and risk-prioritize all unsanctioned cloud use (Shadow IT) to quickly and easily determine if applications meet governance rules and avoid compliance issues
• Unleash the power of BYOD with improved employee productivity and cost savings while ensuring security of employees and corporate resources in the cloud
• Identify anomalous and risky user behavior in the cloud to stop malicious users, as well as clamp down on user activities that don’t meet best practices
• Reduce the risk of exposing sensitive cloud data to unauthorized users in violation of governance and regulatory rules
• Identify potentially inappropriate privilege escalation to prevent the impact associated with root account takeover
• Implement geo-location-based access and activity monitoring for legitimate users and malicious actors
• Track application usage for compliance, licensing, and cost savings of unused accounts

Forcepoint CASB integrates with DLP solutions to provide unified data protection extending from on-premises to the cloud environment. It also integrates with solutions such as web security, email security, next-generation firewall and more. CASB creates a risk profile based on threat likelihood and business impact. It utilizes analytics based on thousands of apps and activities to provide risk prioritized alerts for SOC and incident response teams. Forcepoint CASB has the most comprehensive use case coverage, with API and forward/reverse proxy support. This provides granular device and activity control for unmanaged devices. Forcepoint CASB has flexible product architecture to support any application, including custom applications, without product changes. Users can fully audit and protect application usage in a matter of hours or days.

Most large scale cyberattacks originate from email, using advanced, coordinated tactics, such as socially engineered lures and targeted phishing. As these multi-stage threats blend web and email elements throughout attacks, they present a “Kill Chain” of opportunities to stop them before the breach occurs. Forcepoint Email Security identifies targeted attacks, high-risk users and insider threats, while empowering mobile workers and the safe adoption of new technologies like Office 365 and Box Enterprise. From inbound attack activity to outbound data theft or botnet communication attempts, Forcepoint Email Security secures mixed environments with content aware defenses, protecting email communications as part of a complete and connected defense system against Advanced Persistent Threats (APTs) and other types of advanced threats.

Forcepoint Email Security capabilities:

• Stop apt and other advanced targeted threats
• Secure sensitive data against external attacks and insider threats
• Safely adopt cloud technologies like office 365 and box enterprise while supporting a mobile workforce
• Identify ”high-risk” user behavior and educate users to improve awareness

Forcepoint ACE provides real-time, inline, contextual defenses for Web, Email, Data and Mobile security by using composite risk scoring and predictive analytics to deliver the most effective security available. It also provides containment by analyzing inbound and outbound traffic with data-aware defenses for industry-leading data theft protection. Classifiers for real-time security, data and content analysis — the result of years of research and development — enable ACE to detect more threats than traditional anti-virus engines (the proof is updated daily at http://securitylabs.forcepoint.com). ACE is the primary defense behind all Forcepoint solutions and is supported by the Forcepoint ThreatSeeker Intelligence.

The Forcepoint ThreatSeeker Intelligence, managed by Forcepoint Security Labs, provides the core collective security intelligence for all Forcepoint security products. Together with Forcepoint ACE security defenses, Forcepoint ThreatSeeker Intelligence analyzes up to 5 billion requests per day, and unites more than 900 million endpoints, including those from Facebook. Forcepoint ThreatSeeker Intelligence helps reduce your exposure to web threats and data theft.

With best-in-class security and a unified architecture, TRITON Architecture offers point-of-click protection with real-time, inline defenses from Forcepoint ACE. The unmatched real-time defenses of ACE are backed by Forcepoint ThreatSeeker Intelligence and the expertise of Forcepoint Security Labs researchers. The powerful result is a single, unified architecture with one unified user interface and unified security intelligence.

Unlike other private access products, Forcepoint Private Access protects private applications and networks against potentially compromised remote devices and networks while also giving you control to prevent the loss of sensitive information or intellectual property. With PA, your people can work safely wherever they need to while your operations stay efficient and secure. Forcepoint Private Access lets remote workers automatically use private applications the same way at home or on the road as they do in the office. It frees them from having to know where applications are deployed or when (and how) to start a VPN. They simply connect to applications in whatever way they’re used to, whether through single sign-on portals like Okta and Ping Networks or browser shortcuts. In addition, unlike VPNs that send all internet traffic into the internal network and back out again, Forcepoint Private Access enables users to connect to websites and cloud apps directly over the internet for the best overall performance.

Forcepoint Private Access provides true zero-trust protection for enterprise networks that isolates them from potentially compromised remote devices and networks. All traffic to and from private applications, whether in data centers or private clouds, is inspected by a built-in anti-intrusion technology to keep advanced threats out. In addition, Forcepoint Private Access is designed to give security teams control over how private applications are used. Subsequent releases will provide advanced data loss prevention scanning to limit remote users from downloading sensitive data or intellectual property.

Forcepoint Private Access greatly reduces the need to scale up VPN infrastructure and support teams to handle large numbers of users working from home or on the road. With Forcepoint Private Access, network operations teams have centralized, fine-grained control over the access and usage of each application. It automatically segments remote access, limiting each user to just the particular application servers they need without exposing the rest of the enterprise network or having to set up complicated firewall rules. Having Zero Trust Network Access and advanced anti-intrusion protection in one service provides visibility and control without having to switch between different consoles.

Forcepoint Private Access limits each user’s access to just the specific resources they need to get their job done—preventing them from unintentionally or maliciously compromising sensitive data they have no reason to be touching.

Forcepoint Private Access offer:

• Greater Productivity – give remote users easier access to private apps.
• Lower Costs – cut CapEx and OpEx by not having to scale up VPN infrastructure and support.
• Reduced Risk – protect internal networks and private clouds against potentially compromised remote devices and networks.
• Streamlined Compliance – increase your visibility and control for faster incident response.

Forcepoint Advanced Malware Detection (AMD) leverages proven Lastline technology to detect zero-day and other advanced malware. Using Lastline’s Deep Content Inspection technology, Forcepoint AMD emulates an entire host, interacting with malware to expose and observe a malicious object’s possible actions. These include advanced evasion techniques, O/S or application specific threats, dormant code analysis and even CPU and in-memory activity.

Forcepoint Advanced Malware Detection provides leading malware detection capabilities. The sandbox is based on a unique architecture that emulates and analyzes the activity of an entire host, including the CPU, system memory and all input/output devices. Often missed by other security technologies, AMD’s Deep Content Inspection provides visibility into the behavior of malicious code by emulating a complete operating system and hardware environment. Emulation eliminates the clues that malware often uses to evade detection in more traditional, virtualized sandboxes.

AMD is available as a fully integrated option for Forcepoint CASB, NGFW, Web Security and Email Security. In this integration, Forcepoint’s core solutions first assess the broader context of an internet transaction for potential indicators of compromise. After performing static analysis of suspicious files, AMD can be called upon to perform the deep behavioral analysis necessary to identify zero-day threats and other modern malware. Available as a cloud service for high availability, scalability, low maintenance and other SaaS benefits, on-premises for cloud-adverse organizations, or even deployed as an air gapped solution with Forcepoint NGFW for physically isolated network requirements. Forcepoint AMD is the perfect complement to your Forcepoint CASB, NGFW, Web Security or Email Security solution. It provides unparalleled threat detection, as well as consistent threat forensic information, to optimize incident response teams. Forcepoint AMD will give you all the information you need—regardless of the threat vector—while ‘zero-false positives’ means you’ll spend your valuable time working against true threats. Regardless of your size or industry, Forcepoint provides the comprehensive security solutions you need to challenge today’s fast evolving, highly evasive threats.

Protect endpoints and networks from web threats and phishing attacks with Forcepoint Web Security with Remote Browser Isolation. Forcepoint web security technology provides unrivaled threat protection. The Advanced Classification Engine (ACE) identifies threats using comprehensive analytics including behavioral baselines and real-time global threat intelligence. And the dynamic security platform is powered by human-centric behavioral intelligence to understand risky activities. Forcepoint Remote Browser Isolation powered by Ericom delivers enhanced protection to secure environments using browser isolation. Browser isolation prevents websites from delivering malware, zero-day exploits, and phishing threats to endpoints, improving security and productivity by enabling broad web access for users. Risky websites, like uncategorized sites or new domains, and phishing URLs are rendered in remote virtual containers, isolating devices from threats, while users experience a safe, fully interactive browsing experience.

Forcepoint Remote Browser Isolation offer:
• Expand Web Access Without Additional Risk. Securely expand web access to uncategorized and risky sites.
• Protect C-Level and Other High-Risk Users. Protect users with elevated privileges by air-gapping their endpoints from web threats.
• Block Phishing Attacks. Stop phishing from compromising endpoints, delivering ransomware, and stealing credentials.
• Prevent Data Loss. Keep sensitive web app data out of browser caches; limit user data sharing activities on websites.

Forcepoint Data Guard secure data and file transfer between physically separated networks. The persistent threat of cyberattacks, penetration and data loss require that only the most secure methods are used to maintain the highest standards of security, particularly in highly regulated industries. Many organizations struggle with how to balance protecting sensitive data while at the same time utilizing cutting edge collaboration and automation technologies. The common approach many organizations take is to separate sensitive data and networks from information technology systems and the internet. This is a good security practice, but on its own can leave systems vulnerable and prevent adoption of automation and cloud-based technologies. Forcepoint Data Guard delivers this balance by enabling highly complex, bidirectional, automated data and file transfers between physically separated networks. To provide defense-grade data control at scale, Data Guard leverages a trusted operating system and security policies that enforce role and process separation and isolation for automated, byte-level content inspection and sanitization, with customizable rules to handle even the most specialized data types and protocols.

Data Guard is designed to evolve as the demands on your environment change. Thanks to its highly flexible and customizable rule- and policy-based structure, Data Guard ensures an enterprise’s ability to monitor and control any future data types and devices. Data Guard was designed for highly regulated environments such as government, military, critical infrastructure, law enforcement, and any other environment that must:

• Move sensitive data between separated networks
• Adhere to strict regulations for devices that move data between networks
• Utilize non-standard or non-typical data types and formats

Security analysts in law enforcement, military and commercial settings spend too much time collecting and collating data across different public and private sources. Their time would be much better spent analyzing the real threats so they can respond rapidly and effectively.

Data Analyzer delivers a dramatically different experience: By employing virtual data warehousing, federated search, powerful algorithms for automated information discovery and intuitive workflow tools, security analysts gain the ability to respond to cyber threats, fraud, other criminal activity and even terrorism as they’re happening — not hours, days or months later.

Traditional approaches to security analysis require organizations to set up data warehouses and ingest mass data — a process that taxes IT resources, triggers onerous compliance requirements, raises sticky questions of data ownership and drives up your total cost of ownership (TCO). By contrast, we avoid those pitfalls by using virtual data warehousing technology that accesses data at high speed without ever needing to copy or move it. The result is a faster, more economical solution that is quicker and easier to set up, and that avoids putting long-term burdens on your IT and compliance resources.

Data Analyzer has been designed from the ground up to be easy to use and to enable rapid collaboration across teams. Its sophisticated data visualization tools enable your analysts to interactively expose patterns, trends and anomalies hiding in large amounts of complex data:

• Link Analysis — Easily uncover clusters of information or key individuals and their relationship to suspicious events
• Temporal Analysis — Quickly recognize a change in behavioral patterns or unusual conduct needing further investigation
• Geospatial Analysis — Unearth an unknown relationship or the importance of information based on geographic correlations
• Statistical Analysis — Identify unexpected peaks in activities or values

Data Analyzer also includes faceted and tactical searching for selective information discovery using visual search filters, as well as alerting functionality and an integrated intelligence database that supports secure information sharing.

On one pane-of-glass, FC2 offers a graphic user interface for managing guards across your Forcepoint CDS enterprise. The interface displays critical information including guard status, data flows and configurations. Configuration changes follow a smooth workflow for creating, staging, validating and approving changes. Approved changes are easily pushed to the guards. Whether you have two or fifty guards to manage, FC2 is what you to need to manage at scale. Agility within operations is often critical to mission success. Forcepoint Control Center (FC2) brings command-and-control to your enterprise. Whether your guards are collocated in your data center or globally dispersed—FC2 gives you one dashboard to manage and make changes efficiently without the complexity of Linux Command Line Interface (CLI). FC2 is a graphic administration tool that registers guards which can be grouped to control large enterprises if needed. Details about system health, throughput and data flows are available with a simple click-through to the status page. In FC2, changes are made and then validated prior to staging for approvals. Once the staged changes have been approved by both the System Administrator and the Security Administrator, the changes can be pushed out to the guards with the click of a link. FC2 enforces strong process and role separation to ensure that only delegated resources can commit changes.

Forcepoint developed WebShield as a mechanism by which users can securely access multiple networks at varying security levels from a single desktop device. Forcepoint WebShield promotes more complete information browsing and discovery, which in turn increases users’ ability to carry out their missions or job requirements.

Forcepoint WebShield is a Commercial-Off-The-Shelf (COTS) data guard that provides secure web search and browse-down capabilities from high-side networks to lower level networks. WebShield allows for the transparent protection of the entire network (i.e., not just a single local server). Security officers can use WebShield to control what data users retrieve. Users surfing lower-level networks can be restricted to specific servers and file types as defined by security policies. All processing is performed at the incoming information level; therefore, the request is processed at the high-side level and the server response is processed at the server level. All requests, responses, and transfers go through various security controls such as dirty word search, virus scan, and malicious content checks. Organizations can also place restrictions on the low-side network to limit data accessed by high-side users. The standard WebShield configuration allows secure “on-demand” web browsing from one security domain to another. This on-demand approach eliminates data duplication and streamlines network traffic, without the inherent risks and slowdowns that can come with traditional methods of transferring information between levels. WebShield acts as a web proxy, forwarding requests and corresponding responses from one security domain to the other (Figure 1). Web clients, or browsers, on the high side can access lower-level web servers. WebShield can also support global deployments of more than 100,000 users, which are load balanced at a local and regional level, and provide failover in the event of an outage.

Forcepoint Webshield:

• Supports service-based server-toserver access through HTTP
• Supports standard web browsers and requires no software installation on the user’s desktop
• Provides seamless access to webbased resources at lower levels
• Includes customizable virus scanning, dirty word search, file typing, and active content blocking
• Increases productivity while maintaining a high level of security
• Provides accountability for user actions with a Strong Authentication option
• Supports local, site, and regional site-to-site load distribution and failover

WebShield is used in operational systems worldwide. As part of those systems, WebShield provides intelligence and operations analysts the capability to securely access information at different classification levels and the ability to securely share information with coalition and multinational networks.

Forcepoint Trusted Thin Client is comprised of two components, a Distribution Console and client software. The Distribution Console is the solution’s server component and provides the physical connection to one or more single-level virtualized networks, maintaining separation between each. The Distribution Console leverages the Common Criteria evaluated (EAL4+) Red Hat Enterprise Linux operating system with Security-Enhanced Linux (SELinux) to provide stringent security controls and maintain the necessary network/data separation. The client software communicates directly with the Distribution Console and provides secure, simultaneous access to permitted networks, applications and data. While providing connectivity to multiple security domains through common virtualization and desktop and application redisplay technologies (e.g., Citrix, Microsoft, VMware), each network has a separate physical network interface connection on the Distribution Console that is assigned the classification level of the domain.

Designed and built to meet the needs of any enterprise deployment, Forcepoint Trusted Thin Client is the most secure yet flexible access solution available today, providing robust centralized management for multiple form factors, globally dispersed sites and thousands of users. Administrators are equipped with centralized administration and monitoring, scalability to easily add networks and clients, and the flexibility to enable access to users in offices, in-theater, and in the field from virtually any device.

Environments that provide connection to high-risk networks, such as unclassified networks or the open Internet, are required to operate in a restricted manner. To enforce this requirement, Forcepoint Trusted Thin Client installation is modular based on your environment. Restricted, high-risk environments are installed with some features removed.

The Distribution Console is the solution’s administration and monitoring hub from which all Distribution Consoles, endpoints and users are administered through the Management Console application. It is recommended that all deployments utilize multiple Distribution Consoles to address server outages, scheduled maintenance and unexpected hardware failures.

Forcepoint Trusted Thin Client solves the difficult problem of satisfying security needs while enhancing user productivity. It provides users with secure simultaneous access to any number of sensitive networks through a single device, in support of an enterprise-ready trusted collaboration experience that brings people, data, security, policy, and governance into alignment. Forcepoint Trusted Thin Client is designed to satisfy information assurance requirements, eliminate potential leaks and risks, and provide users with a familiar desktop environment. Forcepoint’s multi-network access technology: Trusted Thin Client, is currently in operation across a multitude of federal agencies including the DOD, DOJ, and IC with over 160,000 access devices deployed around the globe. It has proven deployments of over 60 classification levels and the ability to easily add more classification levels and endpoints at anytime. All IT resources, including endpoint updates are easily managed through a central management console. Forcepoint’s cross domain multilevel solutions are designed to meet or exceed extensive and rigorous security A&A testing for simultaneous connections to various networks at different security levels. Forcepoint offers an experienced professional services team to guide customers through the technical implementation and A&A processes.

Forcepoint Trusted Gateway System enables safe and simultaneous multi-directional file movement between physically separated networks of varying security and classification levels. Trusted Gateway System specializes in the transfer of unstructured files, such as Microsoft Office and PDF files, facilitating critical information-sharing to the right people at the right time. Forcepoint’s secure information-sharing solutions have a proven track record of proactively preventing government agencies from being compromised, while fostering the secure and efficient access to and transfer of information. Trusted Gateway System solves the difficult problem of satisfying security needs while facilitating unstructured file sharing. It is designed to meet most, if not all, cross domain security best practices.

Trusted Gateway System can be configured for different scenarios based on customer requirements and individual site security policy. Regardless of the workflows or combinations instituted, file movement can occur to and from an unlimited number of approved networks. Any-to-any classification level transfer and multiple file transfer requests are supported:

• Two-Person Human Review/Reliable Human Review (RHR)
-The Producer role is responsible for assembling and submitting transfers (or jobs).
-The Releaser role is responsible for review and approval (release) of the transfer.

• Template-based Submit
-A web-based interface presents users with a predefined template of the file destination and releaser information.
-User drags and drops files into the application to perform all configured validations.

• Self-Release
-Approved users can create a job and send it to approved destinations in one step without requiring the two-person human review process.
-Users must be granted the Self-Release role. Additional permission granularity is available.

• Bulk Upload
-Users have the ability to transfer large quantities of files from low- to higher-level networks, machineto-machine.
-Direct file transfers are supported using Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP) from a configured network to the appropriate destination. Only configured hosts can access the input directory through SCP. All other connection attempts are denied.
-Users can copy/paste text or drag and drop files into the tool.
-An optional service can be included on a Microsoft Windows system (2000 or later) allowing users to maintain local input directories. This service monitors the local folder and automatically copies the file for processing. A right-click shortcut allows users to send files to defined destinations, which can be secure file transfer protocol (SFTP) servers or email addresses at permitted classification levels.

• Directory Transfer Service Option (DTSO)
-A secure mechanism is provided to transfer directories from a low to a high network.
-DTSO runs on Linux and Microsoft Windows servers.
-This service is able to watch one or more top level, or “root,” directories and transfers files placed in those directories to a high side server.

Forcepoint Trusted Gateway System:
• Eliminate sensitive file sharing inefficiencies (“sneakernet”) during mission-critical activities.
• Quickly and securely move unstructured files between and within classification levels.
• Inspect and sanitize files with a R.A.I.N (Redundant filters that are Always Invoked) compliant solution.
• Configure file transfer workflows based on site-specific requirements and policies.
• Comply with the U.S. Government’s Raise-the-Bar initiatives.
• Add functionality with Forcepoint Trusted Print Delivery and Trusted Mail System.

Forcepoint Trusted Print Delivery provides a secure means to consolidate printers (generally to the more sensitive network) and allows these organizations to eliminate hundreds to thousands of printers and meet cost-saving mandates. Forcepoint Trusted Print Delivery is a Commercial-Off-The-Shelf (COTS), highly secure solution that allows users to print from existing applications at different security or sensitivity levels to a single printer located on the more sensitive (high side) network. Reducing printer hardware at individual security levels reduces capital investment, printer inventory, hardware maintenance/supplies, and administration. Forcepoint Trusted Print Delivery leverages the widely deployed, accredited, and U.S. Unified Cross Domain Services Management Office (UCDSMO) Baseline-listed Forcepoint Trusted Gateway System as the secure transfer guard component. Forcepoint Trusted Gateway System ensures that malicious data is not transferred from low to high networks and that sensitive data is not inadvertently or intentionally transferred from high to low. In addition to the Forcepoint Trusted Gateway System transfer guard, Forcepoint Trusted Print Delivery utilizes two Print Adapters, Ingress and Egress. The Ingress Adapter accepts print jobs from users and submits them to the guard for review. Once approved, the inspected print job is transferred to the Egress Adapter, which sends the print job to the physical printer. Print job submissions appear standard to the end user. Forcepoint Trusted Print Delivery enables secure printing in environments where multilevel printing is a requirement. When extraneous printers at multiple sensitivity levels are eliminated, organizations recognize significant savings from reduced hardware, space, power, support and supplies. The robust security provided by the certified and accredited Forcepoint Trusted Gateway System transfer guard ensures that users can safely print to high side printers from multiple security levels without the risk of transferring malicious data or transferring sensitive data from high to low networks. Forcepoint secure information sharing solutions are designed to enable secure access and transfer of sensitive information for government, intelligence community, civilian, and corporate entities in the US and around the globe, including 5 Eyes nations and NATO. Forcepoint secure information sharing solutions continue to strike the right balance between information protection and information sharing—a vital component to enterprise security.

Provides enterprise administration:
• Seamless interoperability with established print infrastructures
• Configurable banner/trailer pages to ensure that ownership and sensitivity levels are clearly identified, as required
• Correlated status information across domains
• Minimal user desktop configuration, similar to any enterprise printer/driver implementation

Reduces the number of printers needed to support multilevel printing requirements

Leverages Forcepoint Trusted Gateway System guard technology for content inspection and security policy enforcement:
• Exceptional built-in manual review and automatic validations
• Data inspections that include dirty word search, virus scanning, file type verification and deep content inspection

Forcepoint Trusted Mail System addresses the specific need for the secure transfer of email and attachments between multiple security levels and different networks. Forcepoint Trusted Mail System is a Commercial-Off-The-Shelf (COTS) highly secure solution that enables the policy-enforced exchange of emails and attachments between users on different networks, eliminating the need to switch between email systems at multiple levels. Forcepoint Trusted Mail System provides a “single inbox” that consolidates email residing on various networks at the highest level, making it less likely that important and mission-sensitive email communications are overlooked. Users are able to read, forward, and respond to any email message that they receive regardless of the security level, but any emails generated will originate from the security level at which the single inbox resides (normally the highest security level). Email messages received from different security levels can be color coded within Microsoft Outlook using a set of simple client-based rules.

Forcepoint Trusted Gateway System performs deep content inspection filtering of email messages, attachments, and nested content (including multi-part MIME) which includes:

• File type identification
• Virus scanning
• Dirty word search
• Analysis of Microsoft Office documents via Purifile
• PDF transformation and sanitization
• Image transformation

Forcepoint Trusted Mail System ensures that status and error message information from the recipient’s domain are correlated to the original email sent from the sender’s domain. This is especially helpful for administrators when troubleshooting email errors. For additional security, Forcepoint Trusted Mail System provides complete end-to-end auditing of all events through the system for comprehensive security monitoring and post-event forensics.

Forcepoint Trusted Mail System enables secure, policyenforced exchange of email and attachments between users on different networks allowing use of a single inbox for all email activity. The ability to use a single inbox increases productivity for those who require access to multiple email clients residing on different networks at varying classification levels. Utilizing the US UCDSMO Baseline listed Forcepoint Trusted Gateway System as the cross domain guard ensures that users can securely exchange email between multiple email systems without the risk of transferring malicious data or unintentionally transferring sensitive data.

Forcepoint secure information sharing solutions are designed to enable secure access and transfer of sensitive information for government, intelligence community, civilian, and corporate entities in the US and around the globe, including 5 Eyes nations and NATO member countries. Forcepoint’s secure information sharing solutions continue to strike the right balance between information protection and information sharing – a vital component to enterprise security.

Non-Smart TV HD/Full HD

HD Ready LED TV with exceptional picture quality.
With 2 HDMI ports, you can connect to your Satellite box, games console, Blu-Ray player or any other HDMI equipped device. The USB port allows you to enjoy your music, movies or photos from a USB memory key.

• HD READY TV
• SCREEN SIZE 60 cm (24”)
• 2 HDMI INPUTS
• USB FOR MULTIMEDIA PLAYBACK
• HD TUNER DVB-T/T2/C/S/S2 (MPEG4 + HEVC/H.265 (10-bit))

Android TV HD/Full HD

HD Ready LED Android TV™ with exceptional multimedia functionality.
Android Smart HD Ready 32BI5EA provides a wide range of connection possibilities. Android TV™ provides customers with a modern and intuitive approach to TV that provides more value than just watching content.It’s an all in one, entertainment hub. Android TV™ with the Google Assistant provides a smarter viewing experience. Quickly access entertainment, control smart devices, get answers on screen, and more using your voice.

• HD Ready Android TV™
• Screen Size 81 cm (32”)
• HARMAN/KARDON® Speaker System
• The Google Assistant
• Chromecast Built-in
• Bluetooth®
• HD Tuner DVB-T/T2/C/S/S2 (MPEG4 + 10-bit HEVC/H.265)

Non-Smart TV HD/Full HD

HD Ready LED TV with exceptional picture quality.
With 3 HDMI ports, you can connect to your Satellite box, games console, Blu-Ray player or any other HDMI equipped device. The USB port allows you to enjoy your music, movies or photos from a USB memory key.

• HD READY TV
• SCREEN SIZE 81 cm (32”)
• HARMAN/KARDON SPEAKER SYSTEM
• 3 HDMI INPUTS
• 2 USB FOR MULTIMEDIA PLAYBACK
• HD TUNER DVB-T/T2/C/S/S2 (MPEG4 + HEVC/H.265 (10-bit))

Android TV HD/Full HD

HD Ready Frameless LED Android TV™ with exceptional multimedia functionality.
Android Smart HD Ready 32DI4EA provides a wide range of connection possibilities. Android TV™ provides customers with a modern and intuitive approach to TV that provides more value than just watching content. It’s an all in one, entertainment hub. Android TV™ with the Google Assistant provides a smarter viewing experience. Quickly access entertainment, control smart devices, get answers on screen, and more using your voice.

• HD Ready Android TV™
• Screen Size 81 cm (32”)
• HARMAN/KARDON® Speaker System
• The Google Assistant
• Chromecast Built-in
• Bluetooth®
• HD Tuner DVB-T/T2/C/S/S2 (MPEG4 + 10-bit HEVC/H.265)

Smart TV HD/Full HD

Full HD Smart LED TV with exceptional picture quality.
Using the integrated Smart TV functions or connecting to your smart device, is simple and fun. With 3 HDMI ports, you can connect to your Satellite box, games console, Blu-Ray player or any other HDMI equipped device. The USB port allows you to enjoy your music, movies or photos from a USB memory key.

• FULL HD SMART TV
• SCREEN SIZE 106 cm (42”)
• HARMAN/KARDON SPEAKER SYSTEM
• WIRELESS CONNECTION WITH MOBILE DEVICES
• 3 HDMI INPUTS
• 2 USB FOR MULTIMEDIA PLAYBACK
• HD TUNER DVB-T/T2/C/S/S2 (MPEG4 + HEVC/H.265 (10-bit))

Android TV 4K UHD

4K Ultra High Definition LED Android TV™ with exceptional multimedia functionality.
Android Smart Ultra HD 43BN5EA provides a wide range of connection possibilities. Android TV™ provides customers with a modern and intuitive approach to TV that provides more value than just watching content. It’s an all in one, entertainment hub. Android TV™ with the Google Assistant provides a smarter viewing experience. Quickly access entertainment, control smart devices, get answers on screen, and more using your voice.

• 4K Ultra HD Android TV™
• HDR (High Dynamic Range)
• Screen Size 109 cm (43”)
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• HARMAN/KARDON® Speaker System
• The Google Assistant
• Chromecast Built-in
• Bluetooth®
• UHD Tuner DVB-T/T2/C/S/S2 (MPEG4 + HEVC/H.265 (10-bit))

Smart TV 4K UHD

4K Ultra High Definition Smart Frameless LED TV with exceptional picture quality.
Smart Ultra HD 50DJ3E provides a wide range of connection possibilities. Three HDMI ports are able to receive a 2160p@60Hz signal (as specified in HDMI 2.0), and three USB ports are ready for connecting a USB stick or hard disc drive with your favourite multimedia content. HDR technology delivers better contrast and increased brightness, compared with standard TV sets, and dts-HD surround sound technology together with harman/kardon speaker technology will introduce you to the world of cinematic sound.

• 4K UHD SMART TV
• HDR (High Dynamic Range)
• SCREEN SIZE 126 cm (50”)
• HARMAN/KARDON SPEAKER SYSTEM
• WIRELESS CONNECTION WITH MOBILE DEVICES
• SD CARD READER
• 3x HDMI INPUTS
• HD TUNER DVB-T/T2/C/S/S2 (MPEG4 + 10-bit HEVC/H.265)

Android TV 4K UHD

4K Ultra High Definition Frameless LED Android TV™ with exceptional multimedia functionality.
Android Smart Ultra HD 50DN3EA provides a widerange of connection possibilities. Android TV™ provides customers with a modern and intuitive approach to TV that provides more value than just watching content. It’s an all in one, entertainment hub. Android TV™ with the Google Assistant provides a smarter viewing experience. Quickly access entertainment, control smart devices, get answers on screen, and more using your voice.

• 4K Ultra HD Android TV™
• HDR (High Dynamic Range)
• Screen Size 126 cm (50”)
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• HARMAN/KARDON® Speaker System
• The Google Assistant
• Chromecast Built-in
• Bluetooth®
• UHD Tuner DVB-T/T2/C/S/S2 (MPEG4 + HEVC/H.265 (10-bit))

Android TV 4K UHD

4K Ultra High Definition Frameless Quantum Dot Sharp Android TV™ with exceptional multimedia functionality.
Sharp 55EQ3EA displays the ultimate colour gamut using Quantum Dot Technology – Q-COLOUR. Any HDR or Dolby Vision content looks life-like with perfect colour reproduction. The Hybrid Harman/Kardon sound system has a unique driver setup – front firing tweeters and downfiring woofers. A combination that ensures perfect sound clarity and solid bass reproduction. Advanced dts Virtual:X and Dolby Atmos technologies delivers virtual height and multichannel virtual surround for the best home cinema experience. Integrated Google Assistant offers quickand helpful support and makes operating simple thanks to voice control.

• 4K Ultra HD Android TV™ with Quantum Dot
• Full Aluminium Slim Frameless Design
• HDMI 2.1 with eARC, VRR and ALLM
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• DTS:X immersive audio codec
• DTS Virtual:X 3D audio post processing
• Hybrid HARMAN/KARDON® Speaker System
• AQUOS UltraClear Video Processor
• AQUOS Smooth Motion – Frame Interpolation Technology
• Light Sensor with OPC (Optical Picture Control)

Android TV 4K UHD

4K Ultra High Definition Frameless Quantum Dot Sharp Android TV™ with exceptional multimedia functionality.
Sharp 65EQ3EA displays the ultimate colour gamut using Quantum Dot Technology – Q-COLOUR. Any HDR or Dolby Vision content looks life-like with perfect colour reproduction. The Hybrid Harman/Kardon sound system has a unique driver setup – front firing tweeters and downfiring woofers. A combination that ensures perfect sound clarity and solid bass reproduction. Advanced dts Virtual:X and Dolby Atmos technologies delivers virtual height and multichannel virtual surround for the best home cinema experience. Integrated Google Assistant offers quick and helpful support and makes operating simple thanks to voice control.

• 4K Ultra HD Android TV™ with Quantum Dot
• Full Aluminium Slim Frameless Design
• HDMI 2.1 with eARC and ALLM
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• DTS:X immersive audio codec
• DTS Virtual:X 3D audio post processing
• Hybrid HARMAN/KARDON® Speaker System
• AQUOS UltraClear Video Processor
• AQUOS Smooth Motion – Frame Interpolation Technology
• Light Sensor with OPC (Optical Picture Control)

Android TV 4K UHD

4K Ultra High Definition Frameless LED Android TV™ with exceptional multimedia functionality.
Sharp Android Smart Ultra HD 70DN5EA provides a wide range of connection possibilities. Sharp Android TV™ provides customers with a modern and intuitive approach to TV that provides more value than just watching content. It’s an all in one, entertainment hub. Sharp Android TV™ with the Google Assistant provides a smarter viewing experience. Quickly access entertainment, control smart devices, get answers on screen, and more using your voice.

• 4K Ultra HD Android TV™
• Full Aluminium Slim Frameless Design
• HDMI 2.1 with eARC and ALLM
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• dts:X immersive audio codec
• dts Virtual:X 3D audio post processing
• 2.1 HARMAN/KARDON® Speaker System
• The Google Assistant with Microphone
• AQUOS UltraClear video processor
• AQUOS Smooth Motion – Frame Interpolation Technology
• 10-bit DVB-T/T2/C/S/S2 UHD Tuner (MPEG4 + HEVC/H.265)

Android TV 4K UHD

4K Ultra High Definition Frameless Quantum Dot Sharp Android TV™ with exceptional multimedia functionality.
Sharp 75EQ4EA displays the ultimate colour gamut using Quantum Dot Technology – Q-COLOUR. Any HDR or Dolby Vision content looks life-like with perfect colour reproduction. The Hybrid Harman/Kardon sound system has a unique driver setup – front firing tweeters and down firing woofers. A combination that ensures perfect sound clarity and solid bass reproduction. Advanced dts Virtual:X and Dolby Atmos technologies delivers virtual height and multichannel virtual surround for the best home cinema experience. Integrated Google Assistant offers quick and helpful support and makes operating simple thanks to voice control.

• 4K Ultra HD Android TV™ with Quantum Dot
• Full Aluminium Slim Frameless Design
• HDMI 2.1 with eARC and ALLM
• Dolby Vision™ – cinema-inspired HDR
• Dolby Atmos® – full 360° sound experience
• DTS:X immersive audio codec
• DTS Virtual:X 3D audio post processing
• Hybrid HARMAN/KARDON® Speaker System
• AQUOS UltraClear Video Processor
• AQUOS Smooth Motion – Frame Interpolation Technology
• Light Sensor with OPC (Optical Picture Control)