IT security in the age of hybrid work, multi-cloud environments and distributed teams cannot rely on the old perimeter defense model. When users work from home, coffee shops and offices around the world, and data lives in dozens of SaaS applications, the traditional “protected corporate network” model no longer exists. SASE (Secure Access Service Edge) is the answer, and Forcepoint ONE implements this architecture in a single, consistent cloud platform.
Key findings
- Forcepoint ONE is an SASE platform that combines network and data security in a single cloud-based solution
- Eliminates the need to maintain separate SWG, CASB, ZTNA and DLP solutions
- Uses Zero Trust architecture – every user and device is verified on every access
- Protects data no matter where it resides: on the device, on the network, in the cloud
- The platform scales automatically and does not require managing its own infrastructure
Table of contents
- What is SASE and why is it becoming a standard?
- Forcepoint ONE platform architecture
- Secure Web Gateway (SWG) – secure browsing.
- CASB – access control for SaaS applications
- Zero Trust Network Access (ZTNA) – access without a VPN.
- Data Loss Prevention at Forcepoint ONE
- Management and visibility from a single console
- FAQ
- Summary
What is SASE and why is it becoming a standard?
SASE (Secure Access Service Edge) is a Gartner-defined security architecture that combines network functions (SD-WAN) with security services (SWG, CASB, ZTNA, FWaaS) into a single, cloud-delivered platform. The key idea: security is delivered close to the user, regardless of their location, rather than centrally at the company’s headquarters.
The traditional approach required routing traffic through the company’s datacenter for inspection – which, when working remotely, meant performance and latency problems. SASE moves traffic inspection to nodes close to the user, maintaining full protection without performance compromises.
Forcepoint ONE platform architecture
Forcepoint ONE is a cloud-native SASE platform that consolidates in a single solution: Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Data Loss Prevention (DLP). All of these functions run on a common platform with one management console, one policy for all access channels and one agent on the user’s device.
This consolidation is a fundamental operational advantage – instead of managing four separate products with different consoles, policies and reporting, the administrator works in one environment.
Secure Web Gateway (SWG) – secure browsing.
Forcepoint ONE’s SWG controls all users’ web traffic, regardless of where they connect from. It filters sites by category (blocking inappropriate content, malicious domains), scans downloads for malware, and applies DLP policies to web traffic.
A key feature is Remote Browser Isolation (RBI), a technology that runs the browser in an isolated cloud environment, with the user seeing only a secure rendered image of the page. The malicious code executes in isolation, never touching the user’s device.
CASB – access control for SaaS applications
Cloud Access Security Broker provides visibility and control over SaaS applications used by the organization – both IT-approved and shadow IT (applications used without IT’s knowledge).
CASB in Forcepoint ONE monitors and controls user activity in SaaS applications (Salesforce, Microsoft 365, Google Workspace, Box and many others), applies DLP policies to cloud data, and detects anomalies indicating possible account compromise. It also provides control over file sharing – blocking the sending of sensitive documents outside the organization.
Zero Trust Network Access (ZTNA) – access without a VPN.
ZTNA is a modern alternative to VPNs, implementing the Zero Trust principle: no user or device is trusted by default, every access is verified and granted on a least privilege basis.
Forcepoint ONE ZTNA provides access to internal applications through a secure, encrypted tunnel without exposing the entire network – the user only has access to specific applications for which he or she is authorized. Compared to a traditional VPN, ZTNA is much more secure (no lateral movement in case of account compromise) and efficient (no need to route through a central point).
Data Loss Prevention at Forcepoint ONE
DLP in Forcepoint ONE works across all channels simultaneously: web traffic (SWG), SaaS applications (CASB), internal application access (ZTNA) and endpoint devices. One DLP policy is enforced everywhere – without the need to configure separate rules in each product.
This is a fundamental change from the traditional approach, where network DLP, cloud DLP and endpoint DLP were separate products with separate policies whose synchronization was a real challenge.
Management and visibility from a single console
Forcepoint ONE offers a unified management console for all platform functions. The administrator can see in one place user activity across all channels, security incidents from all layers, device status and compliance, and a complete audit of accesses and data operations.
This visibility is crucial for insider threat detection and incident response – multi-stage attacks that involve different channels are detected by correlating events from different sources.
FAQ
Does Forcepoint ONE require agent installation on devices? For full functionality, an agent is recommended. For managed devices, this is the standard implementation. For unmanaged (BYOD), agentless modes are available via proxy.
How does Forcepoint ONE handle encrypted HTTPS traffic? The platform performs SSL/TLS inspection by terminating and re-encrypting traffic, applying security policies to its content.
Does Forcepoint ONE replace existing VPNs? ZTNA is designed as a target alternative to VPN. Migration can be gradual – both solutions can run in parallel during the transition period.
What does the implementation of Forcepoint ONE look like? As a cloud-native platform, it does not require infrastructure installation. Deployment comes down to policy configuration and agent installation on users’ devices.
Summary
Forcepoint ONE addresses the realities of the modern hybrid operating environment: a single SASE platform that replaces multiple separate security products, delivers consistent protection regardless of user location, and protects data across all channels simultaneously. This approach reduces operational complexity and eliminates security gaps resulting from tool silos.
