Introduction

Advanced analysis and bypass features, including SSL decryption bypass, are available with Forcepoint™ Web Security. These features are not available with Forcepoint URL Filtering.

Content Gateway performs advanced analysis of web traffic as it flows through the on-premises proxy. Only sites that are not already blocked, based on the active policy, are analyzed.

• Configuring content categorization, categorizes content from URLs that are not in the Forcepoint URL Database and from sites with dynamic content, as identified by Forcepoint Security Labs. Analysis returns a category for use in policy enforcement.
• Configuring tunneled protocol detection, analyzes traffic to discover protocols tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol policy enforcement. Analysis is performed on both inbound and outbound traffic.
• Configuring content security, analyzes inbound content to find security threats such as malware, viruses, phishing, URL redirection, web exploits, proxy avoidance, and others.
• Configuring file analysis, can apply to as many as 2 methods of inspection to detect security threats.
  • Traditional antivirus (AV) definition files to find virus-infected files.
  • Advanced File Analysis sends suspicious files for analysis and can be configured to send alerts via email, SNMP, or both when a file is found to contain malicious content.

  The File Type Options settings determine which types of files are analyzed for malicious content, including executable and unrecognized files. Individual file extensions may also be specified. This setting does not apply to Advanced File Analysis.

• Content Gateway outbound security analysis, provides 2 types of outbound analysis. The first performs outbound content analysis that mirrors your inbound Security Threats content analysis and file analysis configuration. The second performs data theft analysis, looking for and blocking outbound custom encrypted files, password files, and other sensitive data.
• The Content Categorization and Scanning Sensitivity control allows you to tune the Content Categorization and Content Analysis sensitivity thresholds (Content Gateway advanced analysis options).
• For large, streaming, or slow transactions, the Content Delay Handling option provides some control over how long to wait before releasing a portion of buffered content to the client (Content Gateway advanced analysis options).
• The Scanning Timeout, File Size Limit and Content Stripping Advanced Options apply to all traffic transiting the proxy (Content Gateway advanced analysis options).

Several presentation reports can provide details about how advanced analysis features protect your network from attempts to access sites containing threats. See Reporting on advanced real-time analysis.

Scanning exceptions are lists of hostnames or URLs that are always analyzed or never analyzed. The type of analysis to always or never perform is specified per hostname/URL or group of hostnames/URLs. A list of client IP addresses whose content is never analyzed can also be specified. See Configuring exceptions to Content Gateway analysis.