Professional Documents
Culture Documents
Forcepoint - Data Protection Whiteboard
Forcepoint - Data Protection Whiteboard
Erik Scoralick
Sr. Sales Engineer
Jason Kemmerer
Sales Engineer
Outline
1. The 3 Pillars of Data Protection
2. Pillar 1: Data
3. Pillar 2: Channel
4. Pillar 3: People
5. Forcepoint Behavioral Analytics (Data Scenarios)
6. Dynamic Data Protection (Risk Adaptive Protection)
7. Everything together
8. Forcepoint High Level Architecture
© 2019 Forcepoint | 2
The 3 Pillars of Data Protection
Classifiers Network IT
Data Label Endpoint Legal
Compliance Storage Contractors
© 2019 Forcepoint | 3
Pillar 1: Data
© 2019 Forcepoint | 4
Pillar 2: Channel
Cloud ServiceNow
Network – Detecting data in motion via Email and Web HTTP/S (OCR support for data in motion
Network
channels)
Endpoint Endpoint – Detecting data in motion via Removable Media, Printers, and Endpoint-based Web, Email,
Storage and LAN. Data in use over IM, file sharing clients, and OS clipboard. Data at rest for endpoints.
Storage – Discover, scan, and remediate data at rest for on-prem file servers, network storage,
Sharepoint + Exchange servers.
© 2019 Forcepoint | 5
Pillar 3: People
People
Who does this impact? How do we educate and enable them?
HR Human Resources – How do they interact with employee records on a daily basis?
Information Technology – How does this affect users with privileged access?
IT Legal – Are there privacy concerns around how this data is being used?
Legal Contractors – Should contractors have the same restrictions applied as employees?
Contractors
© 2019 Forcepoint | 6
Forcepoint Behavioral Analytics
Data Scenarios:
Data Exfiltration – When users exhibit risky behaviors, such as stockpiling data to leak across different channels.
Malicious User - Authorized internal users that deliberately abuse their trusted privileges to harm your company.
Compromised User - Their accounts are taken over by a malicious outsider who then takes action to harm your company.
Illicit Behavior - User places your company at risk through unlawful behavior, espionage, conflicts of interest, malpractice.
Negative Behavior – User shows undesirable behavior, such as harassment, violence, obscenity, oversight evasion.
© 2019 Forcepoint | 7
Dynamic Data Protection
Blocking the
Business as Usual riskiest users
Still non-blocking,
but encrypting data
Dynamic Data Protection has feeds from Forcepoint DLP in order to apply risk adaptive
protection based on risk levels and user behaviors.
• Endpoint Incidents: Endpoint Web, Endpoint Email, Endpoint Removable media, Endpoint printing,
Endpoint applications, Endpoint LAN.
• Endpoint Events: Web Activities (URL Visited), Email (Sent and Received), File copy to removable
media and printing operations.
© 2019 Forcepoint | 8
Forcepoint Data Protection
Endpoint Incidents:
• Endpoint Web
Data Channel People Action Plans based on
Risk Levels
• Endpoint Email 1 – Audit only without
• Endpoint Removable IP Cloud HR Forensics
media 2 – Audit only
• Endpoint printing Classifiers Network IT 3 – Audit and Notify
• Endpoint applications 4 – Encryption over
Data Label Endpoint Legal email and USB
• Endpoint LAN
Compliance Contractors 5 – Block all
Storage
Endpoint Events:
• Web Activities (URL
Visited) DDP leverages the
analytic capabilities
• Email (Sent and Forcepoint Behavioral Analytics only to the Data
Received) Exfiltration data
• File copy to DDP
scenario.
removable media Malicious Compromised Illicit Negative
Data
• Printing User User Behavior Behavior FBA enables all data
Exfiltration
scenarios.
© 2019 Forcepoint | 9
© 2019 Forcepoint | 10
© 2019 Forcepoint | 11