Scribd
Upload
9 views8 pages

All About Forcepoint DLP

The document provides an overview of Forcepoint DLP, detailing its licensing, stages of data, terminology, system components, and policy types. It explains how data is monitored and protected through various components like FSM servers, protectors, and gateways, while also outlining the roles of policies and incidents in data protection. Additionally, it describes the three types of DLP policies: Quick, Predefined, and Custom, emphasizing the flexibility and power of custom policies.

Uploaded by

guestzubair
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views8 pages

All About Forcepoint DLP

The document provides an overview of Forcepoint DLP, detailing its licensing, stages of data, terminology, system components, and policy types. It explains how data is monitored and protected through various components like FSM servers, protectors, and gateways, while also outlining the roles of policies and incidents in data protection. Additionally, it describes the three types of DLP policies: Quick, Predefined, and Custom, emphasizing the flexibility and power of custom policies.

Uploaded by

guestzubair
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

ALL ABOUT FORCEPOINT DLP

1. Licensing
 Forcepoint subscription came in .xml files.
 They are
 uploaded to FSM.
 They can be opened and read
 In case the subscription got expire the analytics of it will not
work properly

2. Stages of data

 Data in use
DLP agent is install on the end point machine which will monitor the application even a little
communication like something is being copied to another. The agent will keep assure of all the
communication and protect the network

 Data in Motion
When data is being transmitted over some email with smtp or transmitting through the
webserver using https.

 Data in rest
When data is not being transmitted or it’s not doing anything just staying at the rest in cloud or
in database

3. DLP terminology
 Policies

Policy: Collection of rules that protects your data

Rule: Protection logic you define

Resources: People, devices or applications that are monitored by the policies

Classifier: It’s way to identify the data that is monitored by the policies on some

keywords bases or some content bases.

Deploy: When you create a policy or you do any changes in policy then you

have to click on deploy in order to implement those changes.

 Incidents
Transaction: Movement of data from one point to another or any use of data
which is being monitored by the policy engine

Incident: Something Match to a DLP policy found by the policy engine.


Exfiltration: Unauthorized removal copying or transfer of data to somewhere
outside.

4. DLP system components

 FSM Servers (Management Servers)


 Like a main controller and a brain of the DLP
 It manages all the DLP settings: like policies, incidents, user
information and alerts
 Admin use it to set policies, rules according to their need
 It stores logs, alert and incident from the whole DLP system
 Supplemental DLP Servers
 It works little extra for the FSM server.
 They handle
1. Heavy Scanning
2. Traffic Analysis
3. Encryption/Decryption
4. Very Useful on large scale when you have heavy data volume
or many users.
5. It’s help us to scale up our DLP without making it slow
 Analytics Engine (Not necessary)
 Adds an extra layer of smart detection beyond rules.
 It uses AI/ML and behavior analysis to detect risky patterns,
 like a user suddenly sending lots of email to it personal email
address
 Someone trying to bypass security controls
 Protectors
 They work like enforcers
 They mostly placed at
 Email Traffic (to scan messages)
 Network Traffic (uploading, downloading)
 Endpoints (laptops, desktops)
 When data is sent out (via email, web, etc.), Protectors check it against
the rules.
 If they find a violation, they can:
 Block it
 Warn the user
 Log the incident
 Email Security Gateway
 It scans incoming and outgoing emails.
 Works with DLP to:
 Prevent Sending Sensitive files out
 Detect Malware and Phishing
 Apply DLP policies (e.g., block emails with sensitive
attachments)
 Web Content Gateway
 This watches what users do on the internet
 It
 Scans upload to cloud services (like Gmail, Dropbox)
 Block access to risky websites
 Apply DLP policies to web traffic
 Log user activity for review

How They Work Together (Simplified Flow)


1. Admin sets up rules and policies in the FSM Server.
2. A user sends an email/upload/file.

3. The data passes through Protectors, Email or Web Gateway.

4. Protectors scan the data. If needed, they ask Supplemental Servers to help with analysis.

5. If it violates rules:

o It’s blocked, quarantined, or logged.

o FSM logs the incident and can notify admins.

6. The Analytics Engine looks for risky patterns or behaviors over time.

5. Management server and Forcepoint Security Manager


 Management server will keep all the configuration settings.
1. What actions are allowed or blocked
2. Which users or groups are being monitored
3. Integration settings with email, web, endpoints, etc.
 It will also keep store the primary policies store.

 It will also store the primary fingerprint repository.

1. Fingerprints in DLP refer to digital signatures of sensitive


documents.
i. Example: If you fingerprint a confidential PDF, the
system will detect if someone tries to send even a
piece of it outside—even if it’s copy-pasted.
2. The primary fingerprint repository is where these sensitive
document fingerprints are stored.
3. Protectors check here to detect exact data matches.
 And by default, it also stores forensic repository.
1. The forensic repository is where the system keeps copies of data
that triggered DLP policies.
i. For example: If someone tries to email a salary
sheet and it’s blocked, the system may store a
snapshot of that attempt for auditing.
 It's useful for investigation later—admins can see what data was involved
and who tried to send it.

 The forensic repository is where the system keeps copies of data that
triggered DLP policies.
 For example: If someone tries to email a salary sheet and it’s blocked, the
system may store a snapshot of that attempt for auditing.
 It's useful for investigation later—admins can see what data was involved
and who tried to send it.
DLP POLICIES

FORCEPOINT DLP CONTAINS THREE TYPES OF DLP POLICIES

Quick Policies:

o Useful out of the box policies


o Quickly protects an environment
o Apply to all sources and destinations

Predefined Policies:

o Use predefined script classifiers.

Custom Policies:

o The true power of Forcepoint DLP


o Use a 5-step wizard to define policy rules

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy