Users & Access Security – DCS Website
 
 
 
 
 

  Web Security

 
 
Forcepoint ONE Secure Web Gateway (SWG)
The Forcepoint ONE Secure Web Gateway (SWG) is one of the three foundational gateways of the Forcepoint ONE all-in-one cloud platform. Forcepoint ONE SWG monitors and controls any interaction with any website, including blocking access to websites based on category and risk score, blocking download of malware, blocking upload of sensitive data to personal file sharing accounts, detecting shadow IT, and optionally providing Remote Browser Isolation (RBI) with Content Disarm and Reconstruction (CDR)
Sangfor Internet Access Gateway
Sangfor IAG enables you to identify, analyze and take immediate action upon user internet access behavior. Gain full visibility to find any bad behavior in encrypted traffic. Uncover user identity with analytics into who is using what applications and when it is used on your network. Take full control to increase user productivity by ensuring internet access compliance.

Product Advantages

Proxy Avoidance Protection:
Web filters are commonly used by the organization to restrict user internet access to certain web application content, and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. The R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.

Intelligent Traffic Management
Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control manages both up-link and down-link P2P traffic and can customize traffic “packages” for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.

Gateway and Client Decryption to Uncover Encrypted Traffic
Typically, most of the internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.

Unified Network-wide Management of all Clients
Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.

Precise and Accurate Application Control
Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.

Offloading Performance When Using ICAP Integration with Third-Party System
Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.

Secure Onboarding Devices with Endpoint Compliance Check
Sangfor IAG identifies and secures endpoint devices with or without agents, it helps to ensure these devices are connected with compliance and security. You gain visibility and control of what is in your environment without impacting your network performance.

Web Security
The rising sophistication and complexity of web threats, coupled with the new ways your employees do their work, have eroded the effectiveness of traditional web security solutions. In addition to blocking malicious code, inappropriate websites, and targeted attacks, security managers also need to protect an increasingly mobile workforce who frequently adopt new cloud-based applications.Trend Micro Web Security protects against cyber threats before they reach your users. It uses cross-generational defense techniques to catch known and unknown threats, giving you visibility and access control on unsanctioned cloud applications for each of your users. Our unique deployment model provides you with the flexibility to deploy gateways on-premises, in the cloud, or both—protecting your users no matter where they are. One cloud-based management console simplifies your workload, letting you set up policy, manage users, and access reporting across a single pane of glass.
Zscaler Internet Access (ZIA)
Zscaler Internet Access includes a comprehensive suite of AI-powered security and data protection services to help you stop cyberattacks and data loss. As a fully cloud-delivered SaaS solution, you can add new capabilities without any additional hardware or lengthy deployment cycles. The modules available as part of Zscaler Internet Access are:

  • Cloud Secure Web Gateway (SWG): Deliver a safe, fast web experience that eliminates ransomware, malware, and other advanced attacks with real-time, AI-powered analysis and URL filtering from the only leader in the 2020 Gartner MQ for SWGs.
  • Cloud Access Security Broker (CASB): Secure cloud apps with integrated CASB to protect data, stop threats, and ensure compliance across your SaaS and IaaS environments.
  • Cloud Data Loss Prevention (DLP): Protect data in motion with full inline inspection and advanced measures like exact data match (EDM), optical character recognition (OCR), and machine learning.
  • Zscaler Firewall & cloud IPS: Extend industry- leading protection to all ports and protocols and replace edge and branch firewalls with a cloud native platform.
  • Zscaler Sandbox: Stop never-before-seen and elusive malware across web and file transfer protocols with AI-driven quarantine, sharing consistent and global protection across all users in real time.
  • AI-Powered Cloud Browser Isolation: Make web-based attacks obsolete and prevent data loss by creating a virtual air gap between users, the web, and SaaS.
  • Digital Experience Monitoring: Reduce IT operational overhead and speed up ticket resolution with a unified view of application, cloud path, and endpoint performance metrics for analysis and troubleshooting.
  • Zero Trust Branch Connectivity: Reduce risk and complexity with non-routable branch and data center connectivity for users, servers, and IOT/OT devices.
  • DNS Security: Optimize DNS security and performance for all users, devices, and applications, on all ports and protocols, anywhere in the world.
 
 
 
 

Asset Discovery

Email Security

Endpoint Security

NAC (Network Access Control)

Web Security

ZTNA