Professional Documents
Culture Documents
DLPforDummies 2.4.1 Full JAC
DLPforDummies 2.4.1 Full JAC
DLPforDummies 2.4.1 Full JAC
Option 1 - A configured DLP solution (this will be used when using Forcepoint virtual labs):
Your instructor will have guided you through the initial/basic configuration of your on-prem Email
Security solution. This will likely be performed in Forcepoint virtual labs however that is not a
requirement.
Option 2- An On-Prem DLP solution from Scratch (POCs or Partner internal Practice):
You will have an on-prem infrastructure either in the partner premises or with a customer/prospect
for POCs or demoing the DLP solution from Scratch.
In the case of the virtual labs, you will be asked to send a compressed archive of the screenshots
generated in this lab. Please provide descriptive names for your files so the the person that
receives them can identify quickly which step and what you are taking the screenshot of.
1
Data Loss Prevention for Dummies Guide
TABLE OF CONTENTS
USE CASE #6 - PCI (PAYMENT CARD INDUSTRY DATA SECURITY STANDARD) ........ 78
2
Data Loss Prevention for Dummies Guide
USE CASE #12 – IDENTIFYING TEXT ON AN IMAGE (WEB CHANNEL) ............................ 137
USE CASE #13 – FINDING TEXT AND TEXT ON AN IMAGE (EMAIL CHANNEL) ............ 169
3
Data Loss Prevention for Dummies Guide
In order to start this implementation, we are assuming you have knowledge of how to build the
environment either on-prem or in the Forcepoint virtual desktop, remember you will need to
build the full required environment, when you finish to build you will see something similar to
the following, this scenario can change depending on the POC or Virtual Lab you are
implementing:
NOTE: Remember that this is just the beginning, please be sure to understand the dynamics of
this implementation so you can add/delete the components you require, for virtual lab you will
have the following considerations:
FSMServer 192.168.122.20 Windows User: Administrator Forcepoint Security Manager Server on Windows Server 2016
Windows Password: Provided
FSMUser: admin
FSM Password: Provided
Windows 10 192.168.122.21 Windows User: Administrator This is the Windows 10 client where you will install the DLP
Windows Password: Provided Agent
4
Data Loss Prevention for Dummies Guide
Important Tips/Notes
ALWAYS DEPLOY or Save after making config changes. This is EXTREMELY important.
There are a lot of referenced objects used in our DLP configuration.
LAB IT UP!!! There are lots of configuration options. You will only get better with practice.
5
Data Loss Prevention for Dummies Guide
1.- Identify your assigned user – usually this is the user that you use for connecting via RDP or Web
Example 1:
Example 2:
https://watermelon.go4labs.net/login?username=manuel.nolen&password=uenMvbtk
2.- Identify and create your hostname for public access (all the instances of Go4Labs has a public IP
that can be used to integrate public services)
Take your user name and add the prefix “.lab.go4labs.net”, so in this case the result will be:
manuel.nolen.lab.go4labs.net
NOTE: Keep this information at your reach since you will be using it, in some of the following steps.
6
Data Loss Prevention for Dummies Guide
Note: Even we have all this lab pre-configured for you, it’s always important to
know how we prepared this for you.
Probably you will not need to deploy the first few tasks but you will become
wiser.
7
Data Loss Prevention for Dummies Guide
8
Data Loss Prevention for Dummies Guide
Outlined below are some tips for a successful installation of the Management Server
and its ongoing operation:
9
Data Loss Prevention for Dummies Guide
10
Data Loss Prevention for Dummies Guide
Press INSTALL
11
Data Loss Prevention for Dummies Guide
12
Data Loss Prevention for Dummies Guide
13
Data Loss Prevention for Dummies Guide
14
Data Loss Prevention for Dummies Guide
Make sure to exclude the Forcepoint directory from your anti-virus scanning and real-
time scanning:
15
Data Loss Prevention for Dummies Guide
16
Data Loss Prevention for Dummies Guide
Note: This step apply to all versions of Windows Server with IE, please verify it is correctly
disabled before beginning the installation. The following path can also be used, Server Manager
> Local Server > IE Enhanced Security Configuration > Turn it to off
17
Data Loss Prevention for Dummies Guide
For DEP > Goto “System Properties” > Select “Advanced Tab” > Performance > Settings
18
Data Loss Prevention for Dummies Guide
For UAC > Goto “Control Panel” > Select “All Control Panel Items” > User Access
Control, after this don’t forget to reboot your server and continue after that.
19
Data Loss Prevention for Dummies Guide
20
Data Loss Prevention for Dummies Guide
21
Data Loss Prevention for Dummies Guide
Note: Use your partner or enduser credentials to sign to Forcepoint support page, if you
don’t have one contact your partner or Forcepoint.
For FSM you will need to install a SQL Server, for demo or PoCs for small amount of users you
can use SQL Express, but if you are considering a final and full installation you will need to
consider to install a SQL Server with a Standard or Data Center License, you can find these
details on the following link.
http://www.websense.com/content/support/library/deployctr/v85/dic_sys_req.aspx
In this particular case we are going to use the SQL Express Software.
22
Data Loss Prevention for Dummies Guide
NOTE: It is important to consider that during the installation of the FSM it will ask you to connect
to the SQL database in order to create the specific structure used to store all the events that are
needed for monitor, track, reports and Dashboards, so it will be important to install first the SQL
software.
If you try to install the FSM without installing the SQL Software first you will see this message in
the installation window:
So let’s go and install SQL Server First, go and download the software, once you have it
proceed to the installation …
NOTE: If for any reason you have executed the FSM Installation file before installing the SQL
Server Software, close the installer and during the exit phase select the “Keep Installation Files”
Checkbox, and then press the YES button, this way you will preserve all the previous steps you
have made, otherwise continue …..
You can install the SQL Express software on the same computer as the FSM for demo or PoCs
purposes, for final implementations is recommended to have it on a separate server or just be
careful with the requirements of memory, processor and hard disk in order to have both in the
same place.
23
Data Loss Prevention for Dummies Guide
Open the installation program of the SQL Server software with administrator privileges and select
the CUSTOM installation:
24
Data Loss Prevention for Dummies Guide
When you reach the “Server Configuration” tab, change to AUTOMATIC the SQL Server
Browser service and press NEXT
25
Data Loss Prevention for Dummies Guide
When you reach the “Database Engine Configuration” tab, Select “Mixed Mode” and add a
password of your own to the sa account, which will be your superuser database account.
Now is time to install SQL Server Management Studio, this will be a main component for the
fingerprint database Use Case, install it with Administrator privileges.
You will receive the following message, but WAIT, Before Re-Starting the Windows Server
consider to verify the Network configuration on the SQL Express server.
26
Data Loss Prevention for Dummies Guide
Open SQL Server Configuration Manager and go to Network Configuration, and verify that Share
Memory, Named Pipes and TCP/IP are ENABLED, if not enable them by double-click each one
of them, one enable you need to restart the services, or you can go now and restart the Windows
Server
27
Data Loss Prevention for Dummies Guide
28
Data Loss Prevention for Dummies Guide
After this you need to restart the SQL Server Service, verify that the SQL Server service and
the SQL Server Browser are in RUNNING state.
Once you finish, execute the FSM file with administrator privileges …
29
Data Loss Prevention for Dummies Guide
30
Data Loss Prevention for Dummies Guide
Once you reach the “Installation Type” screen, select the Custom Option and press NEXT …
Press “Install” on the Forcepoint Management Infrastructure section, this should be the very first
option to install, once it is installed you can continue with the other options, in this case Forcepoint
DLP.
NOTE: You will install each one of the options separately as required.
31
Data Loss Prevention for Dummies Guide
When it asks for SQL Server info, fill it up with your recent SQL Server installation info, verify your
SQL server IP address and use the correct one with Port 1433.
NOTE: PASSWORD is the one you assign to the sa user during the SQL Server Custom
Installation
32
Data Loss Prevention for Dummies Guide
Use the IP address where you are installing the FSM or in some cases the corresponding PE,
the Password is the one from the Windows Server Administrator
Create the FSM admin user Password according to your password strategy and add a working
email so you can receive notifications.
33
Data Loss Prevention for Dummies Guide
Leave unselected the “configure email settings” you can modify these ones later.
After this verify your final settings and press “NEXT” until the installation conclude.
When you finish close the setup windows and press YES when you are asked to exit the
installation, be sure you have selected the “Keep Installation files”.
After this step please REBOOT your Windows server in order to restart and finish any pending
components.
34
Data Loss Prevention for Dummies Guide
Once you have installed the FSM, you need to add the required components of the product, in
this case you will add the DLP Manager component.
This will install all the required infrastructure and predefined components so you can start to
work on the product.
35
Data Loss Prevention for Dummies Guide
Use the credentials you have already used for Windows Server Administrator and for the sa
user in the SQL Express Server.
36
Data Loss Prevention for Dummies Guide
It is possible that you can see the following message, since this is a demo you can ignore it, but
if you have the required space is better.
Select “YES” and continue with the installation, you can later add space to the disk.
Once you finished is time to start testing your FSM installation and add your license ….
37
Data Loss Prevention for Dummies Guide
Username: admin
Password: Password set during install
38
Data Loss Prevention for Dummies Guide
Verify the license is correct ….. otherwise Update the license with the right one.
39
Data Loss Prevention for Dummies Guide
You will see the main components to start working with Policies and rules.
40
Data Loss Prevention for Dummies Guide
Adding AD Server using GNS3, if you are using Forcepoint virtual desktop, otherwise follow
the configuration details from the local AD.
1. Navigate to GNS3.
41
Data Loss Prevention for Dummies Guide
42
Data Loss Prevention for Dummies Guide
Goto “support.forcepoint.com” > Downloads > “Endpoint Security” > “Forcepoint One Endpoint”
> “20” > Download “Forcepoint One Endpoint v20.02.4499 package builder ”
Note: Use your partner or enduser credentials to sign to Forcepoint support page, if you
don’t have one contact your partner or Forcepoint.
After you download it, move all the files contained on the ZIP file to the following directory in the
FSM server, C:\Program Files (x86)\Websense\Data Security\client, after you perform this,
execute the builder program, this is going to generate a final installation file that can be
deployed on all the corresponding endpoints.
43
Data Loss Prevention for Dummies Guide
Select the operating system where you are going to deploy the DLP Endpoint, there is going to
be generated a file per OS, also add the corresponding PASSWORD for modifying or deleting
the installation.
Leave the default installation path unless you have any specific strategy for this
44
Data Loss Prevention for Dummies Guide
Fill the IP address field with the corresponding info of the PE or Policy Engine that is going to
update your policy in the endpoint, in this case we are considering the FSM since it contains our
initial PE (Policy Engine).
On final implementations and if your corporate policy allows it, you can enable the automatic
software updates checkbox.
Interactive
Stealth
The endpoint software user interface is not displayed to the user and the software runs in
the background. Because they don’t see block notifications or continuation dialogs, it is
best reserved for discovery tasks and audit-only policies.
Users do not know when files are contained.
45
Data Loss Prevention for Dummies Guide
Press FINISH
Once you have the installation file, move it or deploy it to all the involved Windows/Mac/Linux clients you
are considering to protect with the endpoint. By using the following steps.
Open a network file sharing connection to the FSM server by selecting run - \\192.168.122.20\c$
46
Data Loss Prevention for Dummies Guide
Find the DLP endpoint installation file you just create, copy it to the corresponding client or clients and
execute them in order to install the DLP endpoint client, otherwise you will need a software distribution
tool for this purpose.
47
Data Loss Prevention for Dummies Guide
After you move the installer to the corresponding clients, locate it in your hard disk, in this case we are
installting on a Windows 10 laptop.
48
Data Loss Prevention for Dummies Guide
Press INSTALL
49
Data Loss Prevention for Dummies Guide
After it reboots you should see the presence of the agent in your taskbar
Right Click the endpoint agent and select “Open Forcepoint DLP Endpoint”
50
Data Loss Prevention for Dummies Guide
You should see something like this, and you will need to identify two main details:
1. You should see on the Connection section that the connection status is “Connected”, if it shows
something different please go and troubleshoot the communication between the client and the
FSM, it could be possible that some Firewall, AV or intermediate Device is blocking the
communication.
2. You should see on the Endpoint Settings when it was performed the latest update of the rules and
the Status should be “Enabled”
Once you have these 2 ready, update the policy by selecting the Update button in the DLP Enpoint after
you verify the upload of the new policy, you can CONTINUE with the policies testing.
51
Data Loss Prevention for Dummies Guide
52
Data Loss Prevention for Dummies Guide
Press Next
53
Data Loss Prevention for Dummies Guide
54
Data Loss Prevention for Dummies Guide
55
Data Loss Prevention for Dummies Guide
You should see all the Predefined policies selected associated to Mexico / Banking &
Software
Select Mexico PII and you should see on the right all the corresponding Pre-defined
classifiers
Repeat same steps for “Credit Cards” and “Regulations, Compliance and Standards”
56
Data Loss Prevention for Dummies Guide
Press the “Use Policies” button and then Select the “Deploy” button
You will see the policies in process of being applied to all the components of the DLP
configuration
When if finishes press “Close”
57
Data Loss Prevention for Dummies Guide
58
Data Loss Prevention for Dummies Guide
Goto Severity & Action tab and modify the Action Plan for “at least 3”
59
Data Loss Prevention for Dummies Guide
Once you have verified that your endpoint is running and connected we can test it with the First
DLP Policy you have already created.
You will need to create 2 (two) text documents using either Wordpad or Notepad
1.- First document should have some text to validate in this case just add one line containing
the following text:
CIDJ681025JF8
2.- Second document should have similar text but in this case should contain 3 lines with
different text but with the same format.
CIDJ681025JF8
DIGA270109RH7
CIJC250211NM8
60
Data Loss Prevention for Dummies Guide
61
Data Loss Prevention for Dummies Guide
6.- When you try to print the file with only ONE line, the print process SUCCEED and you are able to
create the PDF file
7.- When you try to print the file with THREE lines, the print process was BLOCKED, you can see the
alert message that shows that the operation has been blocked and the file was not created.
62
Data Loss Prevention for Dummies Guide
63
Data Loss Prevention for Dummies Guide
64
Data Loss Prevention for Dummies Guide
65
Data Loss Prevention for Dummies Guide
You will see a new USB Drive (D:) in your File manager
Try to SAVE or COPY the file with one line and also the one with three lines, you should
obtain this result on the last one.
66
Data Loss Prevention for Dummies Guide
On the Win10 client create a new file with 5 instances of the RFC
CIDJ681025JF8
DIGA270109RH7
CIJC250211NM8
CIDP040822YT6
DIGP681025JF8
67
Data Loss Prevention for Dummies Guide
Fill the name and modify the actions on the Endpoint Channels section, when you finish
press OK
68
Data Loss Prevention for Dummies Guide
Go to Policy Management -> DLP Policies -> Manage Policies and search the Mexican
PII policy you created
Open the current action plan properties, enable the last match option, change the value
of matches to at least 5, with severity High and select the action plan you just create:
69
Data Loss Prevention for Dummies Guide
Goto your Windows 10 Client and verify that the new rule has been updated, using the
Forcepoint Endpoint One application “update” button
70
Data Loss Prevention for Dummies Guide
Choose the new file with the 5 instances of RFC and try to save it to the USB Drive, you
should get a message like this one.
Verify that the file has been encrypted and the decrypting tools are available.
71
Data Loss Prevention for Dummies Guide
You will see that under Action column, the action was enforced with encryption on the USB channel
Open a network file sharing connection to the FSM server by selecting run - \\192.168.122.20\c$
72
Data Loss Prevention for Dummies Guide
Goto your recent policy on Policy Management -> DLP Policies -> Manage Policies, and select the
“Mexico PII” rule you have been using and open it for EDIT.
Goto the Destination Tab and enable the “Endpoint LAN” option
73
Data Loss Prevention for Dummies Guide
Press OK and Deploy, after this go back to the Win10 Client and update the policy in the DLP Endpoint.
After updating the policy try to move your create files from the Win10 client to the FSM server and see
the RESULTS.
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
You will see that under Channel column, the action was detected on the LAN Channel.
74
Data Loss Prevention for Dummies Guide
PrintScreen Scenario
75
Data Loss Prevention for Dummies Guide
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
This event was triggered while trying to do a Printscreen on the Wordpad application.
76
Data Loss Prevention for Dummies Guide
Cut/Paste Scenario
77
Data Loss Prevention for Dummies Guide
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard
for organizations that handle branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands but administered by the Payment Card Industry
Security Standards Council. The standard was created to increase controls around cardholder data
to reduce credit card fraud.
Goto Policy Management -> DLP Policies -> Manage Policies -> Credit Cards section -> Credit
Cards Rule
Goto -> Severity & Action tab -> enable and add a 2 matches event with severity High and
Action Plan to Block All.
Press OK and then press NO before DEPLOY, we will modify another rule before that.
78
Data Loss Prevention for Dummies Guide
Goto Policy Management -> DLP Policies -> Manage Policies -> PCI -> PCI: Credit-Card
Numbers (default) and then edit the rule
Goto -> Severity & Action tab -> enable and add a 2 matches event with severity High and
Action Plan to Block All.
79
Data Loss Prevention for Dummies Guide
Goto Win10 Client and simply copy/paste the info below on an excel type of file and save
it with the name you decide:
CCN
3925-2700-8985-2094 5007 2341 7254 6560 4795690530897980
6119-6661-5526-2515 4492 0099 9803 7376 6864436888091170
5361-0153-4188-4880 4860 8276 1506 5601 4274011228563020
6715-5329-8954-5376 4771 6409 4004 2171 3702856617474500
6716-2240-5692-6858 5669 7981 3497 5937 4583887662144650
4350-1144-7091-5585 5515 6831 9905 4594 6114288268505050
3911-6797-8376-2357 5181 3708 9291 6195
6468-6780-1264-4519
4354-9482-2743-1594
5752-0034-6540-3536
80
Data Loss Prevention for Dummies Guide
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
You will be able to see all the affected Policies that are enabled and the associated file for
forensic research.
81
Data Loss Prevention for Dummies Guide
Goto Policy Management -> DLP Policies -> Manage Policies -> Credit Cards section ->
And enable the following rules:
American Express
Mastercard
VISA
Don’t DEPLOY until you finish enabling all the mentioned rules.
Once you finished press OK and Deploy
Goto your Win10 client and update the policy by pressing the UPDATE button
Create a file with the following info:
type: Visa
number: 4532 7931 8374 6550
cvv: 457
exp: 12/18
name: Luke Skwalker
Address: Calle 37 b sur 27-29 envigado
type: American Express
number: 3445 202966 40628
cvv: 570
exp: 08/19
name: Han Solo
Address: Calle 43 # 5-13 El Poblado Medellin
type: Mastercard
number: 5554 4269 4901 1171
cvv: 805
exp: 10/18
name: Darth Vader
Address: Av Industriales 45-37 Torre Sur piso 10
82
Data Loss Prevention for Dummies Guide
Now you are able to see more specific rules for specific formats of credit cards.
Verify your Dashboard
83
Data Loss Prevention for Dummies Guide
84
Data Loss Prevention for Dummies Guide
Content Classifiers:
Type of Classifiers:
85
Data Loss Prevention for Dummies Guide
For patterns you will usually need a custom regex (regular expression), for Phrases can be any
type of fixed text.
Key Phrases
86
Data Loss Prevention for Dummies Guide
Fill the fields with proper information, for phrase to search select the phrase you want to search
inside the content:
Press OK you will see a message similar to this one, indicating you need to associate this new
classifier with a rule, you can add it now or wait, for the moment press CANCEL.
You can verify that your new classifier has been added:
87
Data Loss Prevention for Dummies Guide
Goto Policy Management -> DLP Policies -> Manage Policies -> Add -> Custom Policy
Step 2 – Add the classifier on the Condition TAB, by pressing Add button, search for the
name of your recent created classifier and press OK, you will see it on the list of
classifiers, press NEXT
88
Data Loss Prevention for Dummies Guide
Step 3 – On Severity & Action TAB, add a new match line for at least 2 incidents and
assign an ACTION PLAN, press NEXT
Next Steps – Leave default values for the rest and press NEXT until you get to FINISH,
you will be able to see the new Policy/Rule, go ahead and DEPLOY
Goto your Win10 Client and update the policy by pressing the UPDATE button.
Create a file with the following text, just copy/paste it, it contains your key phrase
embedded
Star Wars is an American epic space-opera media franchise created by George Lucas, which
began with the eponymous 1977 film and quickly became a worldwide pop-culture phenomenon.
The franchise has been expanded into various films and other media, including television series,
video games, novels, comic books, theme park attractions, and themed areas, comprising an all-
encompassing fictional universe.The franchise holds a Guinness World LimeStone Records title
for the "Most successful film merchandising franchise". In 2020, the total value of the Star Wars
franchise was estimated at US$70 billion, and it is currently the fifth-highest-grossing media
franchise of all time.
89
Data Loss Prevention for Dummies Guide
Dictionaries
90
Data Loss Prevention for Dummies Guide
Over 100 pre-defined patterns, some are used by the Policy Template Wizard
Create your own classifiers using regular expressions
1. login.php
2. login1.php
3. login2.php
4. login3.php
5. login_internal.php
91
Data Loss Prevention for Dummies Guide
Under General TAB fill the new name of the rule, Press NEXT
Under Severty&Action TAB add a new match for at least 3 incidents or events with an
Audit Action Plan, Press NEXT until the end, then FINISH and DEPLOY
GoTo Win10 Client -> Update the policy
Create a file with the information mentioned before and test the file and let’see the
results.
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
Verify the rules that are triggered
92
Data Loss Prevention for Dummies Guide
Predefined Scripts
Python scripts allow unlimited analysis
• Weighted scoring
• Complex conditional statements
• Context sensitive
• External dictionaries
• Tunable
• Developed exclusively by Forcepoint
More accurate than regular expressions
Analyze content and context using statistical analysis or decision trees.
Three sensitivity levels: default, wide (less accurate) and narrow (more focused and
accurate)
Fingerprinting of structured and unstructured data allows data owners to define data types and
identify full and partial matches across business documents, design plans and databases, and
then apply the right control or policy that matches the data.
Goto FSM Server -> Find the SQL Server Management Studio -> Connect to the SQL Server
DB using your previous SQL sa credentials.
93
Data Loss Prevention for Dummies Guide
Add a new database or create a new database and fill it with useful information that can be
used to match any possible Data Loss in the configured channels, in this example we are
recovering a backup of a DB.
Select Databases -> Restore DB -> Device -> Add -> Search for the corresponding database
(Northwind.bak) usually positioned on the Backup Subdirectory -> Select Database -> Press
OK.
94
Data Loss Prevention for Dummies Guide
Press OK button, you should now see your DB loaded on the SQL Server Studio:
NEXT STEP is to establish a trusted association between the FSM and the DB we have just
added.
Goto your FSM and locate the ODBC Connector installer on the following route:
C:\Windows\SysWOW64\odbcad32.exe
Go and start the installation, use the “User SDN” TAB, and select ADD
95
Data Loss Prevention for Dummies Guide
Fill the Empty Fields and choose the device where the SQL Server is installed in this case the
local FSM Server, then press NEXT.
96
Data Loss Prevention for Dummies Guide
You will need to authenticate to the SQL Server you can either use the user for the DB or the
workstation authentication, select which suits you better.
If the authentication process was correct, you will be able to see a list of DB that are already
working on the SQL Server, go and select the Database where you are going to be connected,
and press NEXT.
You will see a window like this, Select “Test Data Source” to verify the configuration
97
Data Loss Prevention for Dummies Guide
If you receive the following message then you are CONNECTED and VERIFIED!!!! Press OK
twice and continue with the configuration
Goto FSM -> Policy Management -> Content Classifiers -> Database Fingerprinting
98
Data Loss Prevention for Dummies Guide
Fill the information to authenticate to the SQL Server via the ODBC Connector
Select the table and the fields you are going to use for matching
99
Data Loss Prevention for Dummies Guide
Go ahead press NEXT and then FINISH, when you reach the creation message press CANCEL
and wait until the Crawler finishes to fingerprint the DB.
100
Data Loss Prevention for Dummies Guide
Goto your Win10 Client and update the policy using the DLP Endpoint Client Update
button.
Copy/Paste the following data and create a document or spreadsheet file with the
following info on it:
Davolio Nancy
Fuller Andrew
Leverling Janet
Peacock Margaret
Buchanan Steven
Suyama Michael
King Robert
Callahan Laura
Dodsworth Anne
101
Data Loss Prevention for Dummies Guide
102
Data Loss Prevention for Dummies Guide
An analytics engine is used to calculate incident risk, rank it with similar activity, and assign it a risk
score, the analytics engine works on a CentOS server.
This is how your FSM Main Dashboard looks like before Analytics engine is integrated.
If you are working with Forcepoint Virtual Desktop, you should have a CentOS server added in
your GNS3 environment.
103
Data Loss Prevention for Dummies Guide
Edit the interface and goto -> IPv4 Configuration and change “Automatic” to “Manual”,
then Select “Show”, that will enable the configuration window
Select “Add” button and configure fix addresses to the server, in this case I am going to use:
Addresses: 192.168.122.19
Netmask: 255.255.255.0
Gateway: 192.168.122.1
DNS Server: 8.8.8.8
After finishing move to OK using either TAB or Down Arrow Key
Press “Back” and then “Quit”, after that execute the following commands:
Ifdown eth0
Ifup eth0
Verify the IP using the “ip a show eth0” command.
104
Data Loss Prevention for Dummies Guide
Transfer your “AnalyticsEngine86” file from your landing machine to your new CentOS server
105
Data Loss Prevention for Dummies Guide
Go back to FSM
See the added DLP Dashboard with new Risk section
106
Data Loss Prevention for Dummies Guide
Since the IRR option analyzes all the events that have a risk score higher than 4, we will need to
modify the configuration so it can show also the low and medium events we have been
generating.
Press OK
107
Data Loss Prevention for Dummies Guide
Since the Risk section updates each 24 hrs during the night, you need to force the
update.
Go To the CentOS server where the Analytics Engine is installed and go to the following
directory: /opt/websense/AnalyticsEngine/scripts
Execute ./ae_run
Go back to FSM and you should see the Top Cases updated
108
Data Loss Prevention for Dummies Guide
109
Data Loss Prevention for Dummies Guide
There are two Web Content Gateway module options available for Forcepoint DLP.
The one included with Forcepoint DLP Network provides DLP over the web channel
including encrypted SSL content. This core Forcepoint DLP component permits the use of
custom policies, fingerprinting, and more.
The one included in Forcepoint Web Security provides SSL decryption, URL
categorization, content security, web policy enforcement, and more. In this deployment
mode, the gateway is limited to the web DLP quick policies.
We are going to work with the one included with the DLP Network license, the DLP WCG engine
works on a CentOS server or a Forcepoint appliance.
Interface C (control) – the purpose of this is to connect to the FSM in order to receive
configurations.
Interface P1 – This will be the proxy interface and it will be used as the gateway/next hop
for all the traffic that will be analyzed.
RAM 6Gb and 2 vCPUS
If you are working with Forcepoint Virtual Desktop, you should have a CentOS server added in
your GNS3 environment for this WCG server, it should not have links enabled to the switch
because you need first to configure the interfaces on the virtual engine.
Goto General Settings and increase the RAM and the vCPU parameters.
110
Data Loss Prevention for Dummies Guide
Goto the network tab and modify the adapters value to “2”, after that APPLY and OK
Go and enable the link button and you will see that now you have 2 interfaces in the server.
Connect both of them to the switch, and start the CentOs server, you will have then ready the
server for configuration.
111
Data Loss Prevention for Dummies Guide
Edit the interface and goto -> IPv4 Configuration and change “Automatic” to “Manual”, then
Select “Show”, that will enable the configuration window
Select “Add” button and configure fix addresses to the server, in this case I am going to use:
Addresses: 192.168.122.21
Netmask: 255.255.255.0
Gateway: 192.168.122.1
DNS Server: 8.8.8.8
This will be the C Interface, after finishing move to OK using either TAB or Down Arrow Key
112
Data Loss Prevention for Dummies Guide
Press “Back” and then “Quit”, after that execute the following commands:
Ifdown eth0
Ifup eth0
Verify the IP using the “ip a show eth0” command.
You will need to add a secondary interface in order to configure the P1 interface, add a
secondary interface and configure it with the following addresses
Addresses: 192.168.122.22
Netmask: 255.255.255.0
Gateway: 192.168.122.1
DNS Server: 8.8.8.8
After configuring it, enable it and verify the IP using the “ip a show eth1” command.
113
Data Loss Prevention for Dummies Guide
Once you have configured your interface, you need to configure the hostname and the
corresponding hosts file in order to have the correct interface associations.
So the first step is to download the software from the Forcepoint support site, once you have it,
upload it to the CentOS server.
Copy it to the tmp directory, once there unpack it using the command gunzip and then tar -xvf to
expand the installation files, you can also use a single command to unpack the software:
114
Data Loss Prevention for Dummies Guide
Before installing the WCG, you will need to disable the network manager and install some
dependencies (libraries)
If you are connected to a yum repository you can install these packages with the following command:
115
Data Loss Prevention for Dummies Guide
You will have to select how you want to install this WCG, in this particular case you will select option 2,
this is because we are only considering the WCG as a component of Forcepoint DLP without the web
security.
Enter the Forcepoint Security Manager address that will control this WCG and leave the default
port assignments by selecting “X”
This will be a single node so leave the default selection for this.
116
Data Loss Prevention for Dummies Guide
Verify your configuration and if it’s correct you can continue the installation by selecting “y”.
117
Data Loss Prevention for Dummies Guide
Go back to your FSM server, open a browser session and try to access the WCG with the
following information:
https://192.168.122.22:8081
Goto Configure TAB -> Subscription -> Use the subscription Key from FSM and introduce it to
the WCG Subscription Field and APPLY
After doing this you will need to restart the engine, Goto Basic Section on Configure TAB and
press RESTART
118
Data Loss Prevention for Dummies Guide
After restart Goto Configure TAB -> Basic -> General -> Features -> Enable ON the integration
Section and verify that Web DLP is selected -> APPLY -> Restart
After restart Goto Configure TAB -> Security -> Web DLP -> Fill the empty fields with the FSM
admin information in order to register the Forcepoint DLP -> Press Register
119
Data Loss Prevention for Dummies Guide
Goto FSM -> Deployment -> System Modules, verify the presence of the WCG -> Deploy
In order to be able to INSPECT HTTPS traffic we need to make the WCG trustable to our
endpoints, so in order to do that we need to generate a certificate that we will upload on the
required browsers.
In this particular case we are going to consider mainly 2 types of browsers (Chrome and Firefox),
each one of them has a different way to configure, so we will explain both methods to you.
120
Data Loss Prevention for Dummies Guide
Connect via your browser to you WCG Admin interface and authenticate:
https://192.168.122.21:8081
Goto Configure TAB -> Basic -> General -> And enable HTTPS protocol on the protocols
division of the features section.
Then press APPLY and RESTART, this should enable a new section SSL on the configure
TAB.
Now Goto SSL -> Internal Root CA -> Create Root CA -> Select Country (MX) -> Fill the fields
with asterisk as a minimum -> Press the “Generate and Deploy” button
121
Data Loss Prevention for Dummies Guide
If succeded you will see the following message, go ahead and RESTART the WCG.
After this you will need to backup the public and private cert keys so you can import them on
the corresponding browsers, after doing this move the certificate keys to your Win10 Client.
NOTE: If you don’t have Chrome Browser or Firefox on your Win10 Client you will have to
install it.
122
Data Loss Prevention for Dummies Guide
Goto your File Manager in your Win10 Client and double-Click the PCAcert you have just
copied.
You will see the following window, for general browsers this will be sufficient, but there are
some browsers that needs to install it in the different way, for the moment press the Install
Certificate button.
123
Data Loss Prevention for Dummies Guide
Place the certificate on the “Trusted Root Certification Authorities” certificate store.
Press OK you should get a success message, now you can start to test the web channel with
Chrome
124
Data Loss Prevention for Dummies Guide
Goto your Chrome Browser Proxy Settings and Enable Manual Proxy Setup, fill the address
with your WCG IP address and the Port should be 8080 -> SAVE -> Restart the browser.
Let’s validate the Internet Connection and that the traffic is going thru the DLP WCG.
125
Data Loss Prevention for Dummies Guide
Select “Privacy and Security” -> Scroll Down -> View Certificates -> Import
Select your PCACert file and OPEN it -> Select TRUST to identify both websites and email
users -> Press OK
Now let’s configure the proxy in the firefox Browser -> Goto General -> Network Settings ->
Manual Proxy Configuration and fill the Proxy fields for HTTP and HTTPS -> Press OK ->
Restart Firefox Browser and TEST.
126
Data Loss Prevention for Dummies Guide
Goto FSM -> Policy Management -> Resources -> Endpoint Application Groups -> Browsers ->
Enable the FILE ACCESS option -> Press SAVE & CLOSE -> Select DEPLOY
Goto FSM -> Policy Management -> DLP rules -> Manage Policies -> Select your
“Patterns&Phrase” rule -> Modify the severity action plans
Goto Destination TAB -> Endpoint Applications -> Edit -> Select All & Move to the Include
section -> press OK -> DEPLOY
127
Data Loss Prevention for Dummies Guide
Open your Chrome or firefox browser and goto “dlptest.com” site, try to HTTP/HTTPS Post your
sample files that belongs to the Phrase rule you just modify.
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
Verify the rules that are triggered, as you can see the test was blocked by the Endpoint
not by the WCG, let’s do some extra config.
Goto your FSM -> Deployment -> System Modules -> Web Content Gateway and SELECT the
Forcepooint Web Content Gateway line by double-clicking it.
Goto HTTP/HTTPS TAB and from the Mode field change from Monitoring to Blocking -> Press
OK -> DEPLOY
128
Data Loss Prevention for Dummies Guide
Goto your Win10 Client -> DLP Endpoint -> Update -> now try to write several times the phrase
on the text window and press SUBMIT
You will see a different message, now the WCG is the one answering
129
Data Loss Prevention for Dummies Guide
Goto FSM Server -> Reporting -> Data Loss Prevention -> Incidents
Verify the rules that are triggered, as you can see now the it was blocked by the WCG.
130
Data Loss Prevention for Dummies Guide
131
Data Loss Prevention for Dummies Guide
The OCR server enables the system to analyze image files being sent through network channels,
such as email attachments and web posts. The server determines whether the images are textual,
and if so, extracts and analyzes the text for sensitive content. There is no special policy attribute
to configure for optical character recognition (OCR). If sensitive text is found, the image is blocked
or permitted according to the active policies.
The server can also be used to locate sensitive text in images during network discovery.
This feature does not support either handwriting or images containing text that is skewed more
than 10 degrees.
Summary: Support for many image file types + images embedded within Microsoft Office
documents and PDFs.
In this particular case you will need to install a supplemental DLP server that contains the OCR
Server, this needs to be installed on a Windows Server which need to be tuned similarly as the
Forcepoint Security Manager and install only the DLP Server component, this will automatically
add the OCR Server on it.
Execute the FSM file with administrator privileges on the new WinServ …
132
Data Loss Prevention for Dummies Guide
Select the “Accept” Checkbox and press NEXT, select the Custom option …
133
Data Loss Prevention for Dummies Guide
This will install all the required infrastructure and predefined components including the OCR
Server.
Select the IP address of the server where you are installing the DLP Server component.
134
Data Loss Prevention for Dummies Guide
Select Computner name and user with sufficient rights on the server (Administrator) -> Press
NEXT.
It is possible that you can see the following message, since this is a demo you can ignore it, but
if you have the required space is better.
You will need to register the Forcepoint Security Manager -> Use the IP of the server and the
credentials of the admin for the FSM -> Press NEXT.
135
Data Loss Prevention for Dummies Guide
Confirm Installation -> Press INSTALL -> If you find this message press YES
Continue until you FINISH -> Goto FSM and validate the presence of the new DLP Server on
the Deployment -> System Modules section -> you will see the new server with the OCR Server
on it.
136
Data Loss Prevention for Dummies Guide
In order to test the detection of the text inside an image, we will use the rules created on Use
Case #8 Patterns and Phrases with the word “LimeStone”, so go ahead and use your Win10
client and Open your favorite image editor and create an image containing several instances of
the word “LimeStone”.
Note: I create this one using Paint and save it as a JPEG image.
Goto FSM -> Settings -> Deployment -> Select your WCG Server -> Policy Engine
Enable OCR -> Select the recently installed OCR Server on the supplemental DLP Server
137
Data Loss Prevention for Dummies Guide
Once you finish connect to dlptest.com or to your email account (Gmail or Hotmail), and try to
add your images as an attachment, you will see a Upload Failed message
Goto FSM -> Reporting -> Data Loss Prevention -> Incidents (7 days)
138
Data Loss Prevention for Dummies Guide
139
Data Loss Prevention for Dummies Guide
There are two Email Gateway module options available for Forcepoint DLP.
The one included with Forcepoint DLP Network provides DLP over the email channel. This
core Forcepoint DLP component permits the use of custom policies, fingerprinting, and
more.
The one included in Forcepoint Email Security provides Phishing, Antispam, Drip DLP,
email encryption, Image Analysis, URL Wrapping, and more. In this deployment mode, the
gateway is limited to the Email DLP quick policies.
We are going to work with the one included with the DLP Network license, the DLP EGW engine
works on a Vmware environment using an ISO or OVA format or a Forcepoint appliance.
Interface C (control) – the purpose of this is to connect to the FSM in order to receive
configurations.
Interface P1 – This will be the email interface and it will be used as the gateway/next hop
for all the traffic that will be analyzed.
RAM 6Gb and 2 vCPUS
If you are working with Forcepoint Virtual Desktop, you should have an email appliance first
boot added in your GNS3 environment for this EGW server, it should not have links connected
to the switch so Go and enable the link button and you will see that you have 4 interfaces in the
appliance.
Select ports “C” and “P1”, connect both of them to the switch, and start the appliance, you will
have then ready the appliance for configuration.
140
Data Loss Prevention for Dummies Guide
Goto GNS3 -> Right-Click the email appliance -> Select Console
This will open a session to the appliance and show you the initial installation message
Type “yes”
141
Data Loss Prevention for Dummies Guide
Enable the NTP option in the email appliance and type the name of the NTP server:
time.nist.gov, you can add more than one if you want.
Type number 10 for Mexico City Time Zone or select the corresponding time zone you are
located in.
142
Data Loss Prevention for Dummies Guide
Type “yes” so you can help us in improving our products for you.
143
Data Loss Prevention for Dummies Guide
Type the networking configuration with the corresponding IP address, Subnet Mask, Default
Gateway and DNS Server(s), if everything looks OK just type “yes” and ENTER
Verify your full configuration if everything is OK, type “yes” and then ENTER.
144
Data Loss Prevention for Dummies Guide
You will see the installation process beginning, wait until it ends, after the installation ends, the
appliance will restart and you will see the following screen to continue the preparation of the
appliance.
As you can see you already have configured the C interface (management interface), but you
also need to have the P1 interface configured, for that you will use the CLI (Command Line
Interface).
Type your user (admin) and password (the one you just create).
Type “config” at the prompt, it will ask you for the admin password and press ENTER, after this
you will see that you are in the configuration mode
145
Data Loss Prevention for Dummies Guide
Type the following command -> set interface ipv4 –interface p1 –ip 192.168.122.31 –mask –
255.255.255.0 –gateway 192.168.122.1
Press ENTER and they type the following command to set the DNS info -> set interface dns –
dns1 192.168.122.1 –dns2 8.8.8.8
Press ENTER and then type exit -> ENTER, you will return back to the first level of the CLI,
then type -> show interface info, this will show you if the P1 interface is configured as you
want.
146
Data Loss Prevention for Dummies Guide
After this we need to add the Email component to our FSM so it can be managed.
Goto FSM server (Windows) -> Find “Forcepoint Security Setup” -> Select it and start the
application
147
Data Loss Prevention for Dummies Guide
On Configuration select your Database Location and the user/password you have used before.
Then type the password for the user where the FSM is installed
Leave the Default path for the Database you have already installed before, press NEXT
148
Data Loss Prevention for Dummies Guide
149
Data Loss Prevention for Dummies Guide
After the installation finishe you will see the following message -> Press DONE
Goto FSM -> You will see the New Email tab on the upper left cornet, select it, and change to
the email environment.
150
Data Loss Prevention for Dummies Guide
You will be asked for an Email License, type your license here and press OK.
Once it is validated you will see the expiration date and the amount of registered users, Press
CONTINUE
After this you will have to choose, either use the Wizard or go directly to the dashboard you can
accomplish the configuration either way, in this case we are going to go directly to the Email
Security Dashboard.
151
Data Loss Prevention for Dummies Guide
You will see the FMS window just go to the Email section of the FSM.
We need to validate some configurations before continuing, find the appliances icon in the top-
right of the FSM window and select it.
You will see the new appliance added and registered with the FSM, validate the information
152
Data Loss Prevention for Dummies Guide
If the configuration is OK, Go and select again the Mail section of the FSM
3. Press OK
153
Data Loss Prevention for Dummies Guide
NOTE: Remember that your domain address wil be your lab id plus the
extension“.lab.go4labs.net”, for example, if your lab id is bev.siwicki.
Your domain address will be “bev.siwicki.lab.go4labs.net”.
154
Data Loss Prevention for Dummies Guide
1. Goto User Directories -> move your user directory (Active Directory) to the
Recipients section
2. Press OK
This configuration is extremely important to get right. These settings tell the email gateway
where to send mail when it receives it both inbound and outbound. It makes this decision based
on the Recipient or the Recipients Domain in the received mail.
Example: The below email route configuration says, when a message is received, look at the
domain it is being sent to (the Recipient), perform a DNS lookup on that domains MX record,
and send this mail to the destination found from the MX lookup.
155
Data Loss Prevention for Dummies Guide
5. Under Delivery Method select SMTP Server IP Address and add the mail server IP to
that list
156
Data Loss Prevention for Dummies Guide
7. Select OK
4. Select OK
NOTE: Something to note. In 99% of instances you will not have to configure a User Directory-
based Route. The “default” Domain-based Route will be sufficient.
157
Data Loss Prevention for Dummies Guide
IP Groups are an extremely simple concept but are the most forgotten configuration in all email
deployments.
Trusted IP Groups simply tell the gateway what IPs it can trust to either receive mail from or send
mail too. ANYTHING that sends mail to or receives mail from the gateway must have its IP placed
in this list.
158
Data Loss Prevention for Dummies Guide
1. Navigate to Main > Policy Management > Policies > Inbound Default
2. Under Rules select each rule individually and enable all of them.
3. Make sure to select OK after enabling each rule and when complete OK on the
policy.
After completing this your rules should look like the following.
159
Data Loss Prevention for Dummies Guide
NOTE: Please consider any of the users in the list of AD (Users Group)
160
Data Loss Prevention for Dummies Guide
Update the email address in the General Tab with the corresponding
format explained before User_Name@<Your Go4Labs Domain>
Ex. Barbara@manuel.nolen.lab.go4labs.net
After modifying your selected user email information, verify the changes
Goto FSM (email) -> Settings -> Users -> User Directories
161
Data Loss Prevention for Dummies Guide
You should see that users email is now synced to the email gateway with the
corresponding domain name of your lab.
162
Data Loss Prevention for Dummies Guide
Goto GNS3 -> Double-Click your webmail object -> Select Configure
Uncomment the “static config” section and adjust the values, I will used the following as an
example.
Press SAVE and then OK -> STOP and START the WebMail Object
163
Data Loss Prevention for Dummies Guide
When is available again -> Double-Click again your webmail object -> Select Auxiliary console
On the prompt type the command “ip a” and validate that you have the right configuration on
your interface.
164
Data Loss Prevention for Dummies Guide
Configure the mail server to accept communications from your lab domain.
Open the browser on the land machine
Navigate to http://192.168.122.35/?admin
Use “User” admin and “Password” Forcepoint1
165
Data Loss Prevention for Dummies Guide
NOTE: After saving for the first time re-open the Domain you have added, sometimes the Port on
the SMPT side changes, in case this happens fix it and change it to Port=25 and press UPDATE
166
Data Loss Prevention for Dummies Guide
Open again the Rainloop mail client but this time by simply putting in the IP of
192.168.122.35
At login enter barbara@<YOUR Go4Labs Domain> and any password you want .
(ex. barbara@bev.siwicki.lab.go4labs.net)
You will see the user on the top right side of the email client.
167
Data Loss Prevention for Dummies Guide
Outbound
1. Select New
2. Craft a message just like the following and send it to your Forcepoint/Partner email
address.
3. You should receive the message in your work inbox within minutes.
168
Data Loss Prevention for Dummies Guide
Applying Use Case #6 – PCI / Credit Cards & Use Case #8 – Patterns & Phrases
Goto FSM (Data) -> Policy Management -> DLP Policies -> Manage Policies ->
Limestone Policy –> Limestone Rule -> Edit the rule
169
Data Loss Prevention for Dummies Guide
Goto your Win10 Client -> Connect to your email interface -> Perform the following tests based on the
files that you have already generate:
Send the work “limestone” in the body of the email as many times as needed so the rule apply
Try to attach a file containing the word “Limestone” as many times as needed so the rule apply
Try to attach an image file containing the word “Limestone” as many times as needed so the rule
apply
Verify your results on the Incidents Reports and verify which channel blocks each one, you will see the
following behavior
The reason is that we have already configured to apply the rule on the endpoint and web channel
environment, and this is because we have an endpoint installed and we are using a proxy configuration
in the browser, let-s view it from a different angle.
Goto your FSM server, considering that it doesn’t have the endpoint or a proxy configuration.
Open an email session from the browser located in the FSM server
Try to perform the same exercises as before and see the behavior
170
Data Loss Prevention for Dummies Guide
Goto FSM (Data) -> General -> System Modules -> Forcepoint Email Security -> Policy Engine
Goto FSM Server -> Try to send an image via email and see the results in the incident report,
sending the image with Credit Card info was identified and in Quarantine
171
Data Loss Prevention for Dummies Guide
172
Data Loss Prevention for Dummies Guide
Goto FSM (Data) -> Policy Management -> Discovrey Policies -> Manage Policies -> add any
policy like you do with DLP Policies, in this case I select Mexico PII policy
Modify the Severity & Action of the chosen policy according to your testing
173
Data Loss Prevention for Dummies Guide
Goto FSM (Data) -> Policy Management -> Discovery Policies -> Endpoint Discovery Tasks
Select NEW and fill the info for scheduling the Discovery Tasks
On select the endpoints for scan , leave the “ALL” Default and press NEXT
174
Data Loss Prevention for Dummies Guide
On the policies section, goto Selected policies and choose the rule you create for discovery
After it finishes -> Goto your Win10 Client -> Update your policy at the endpoint, after it finishes
you will see the Discovery section of the endpoint enabled and the Discovery Status will change
from Idle to Running, when it finishes scanning your hard disk, it will send the results to the
report section of the FSM
175
Data Loss Prevention for Dummies Guide
You will see the results of the discovery process and the findings.
176
Data Loss Prevention for Dummies Guide
177
Data Loss Prevention for Dummies Guide
Rules
Components
o Condition
Classifiers
Condition Logic (AND, OR, NOT), thresholds
Resources
o Severity & Action
Cumulative rules
o Sources
o Destinations
Example Rule
178
Data Loss Prevention for Dummies Guide
Creating Policies
(Regular Expressions)
Quick Policies
Custom Policies
179
Data Loss Prevention for Dummies Guide
An endpoint is a laptop, server etc. that applies Forcepoint DATA policies independently of the
network-based Forcepoint DATA installation.
F1E ENDPOINT has 2 parts: it can intercept data (Data Endpoint); it also can send Web traffic
to the cloud proxy (Web Endpoint)
Endpoints can run endpoint discovery tasks on their local hard drives
• Block
• Permit
• Confirm (Endpoint Only)
• Encrypt
• Encrypt with user password
Note: Encrypt is available for removable media only. Additionally, drop attachment and
quarantine are NOT available actions for Endpoint.
180
Data Loss Prevention for Dummies Guide
Supported platforms
181
Data Loss Prevention for Dummies Guide
Screen capture
File access
Cut/Copy/Paste
Endpoint Discovery
Manual
Microsoft-based tools
System Center Configuration Manager (SCCM)
Systems Management Server (SMS)
182
Data Loss Prevention for Dummies Guide
Two installers
183
Data Loss Prevention for Dummies Guide
A DLP Solution requires a license to run the different components offered. These licenses are
based on:
Customers who own our Email and Web Security products can “add-on” DLP licensing to those
products.
184
Data Loss Prevention for Dummies Guide
Forcepoint DLP Endpoint (in-use) - Endpoint protects your critical data on Windows and Mac
machines, both on and off the corporate network. It includes advanced protection and control for
data at rest (discovery), in motion and in use. It integrates with Microsoft Azure Information
Protection to analyze encrypted data and apply appropriate DLP controls. The DLP endpoint
monitors web uploads, including HTTPS, as well as uploads to cloud services like Office 365 and
Box Enterprise. Full integration with Outlook, Notes and email clients.
Forcepoint DLP Network (in-motion) - DLP Network stops the theft of data in motion through
email and web channels. This solution helps identify and prevent malicious and accidental data
loss from outside attacks, or from insider threats. OCR (Optical Character Recognition)
recognizes data within an image. Analytics identify DLP incidents to help stop the theft of data by
more easily spotting high-risk user behaviors.
Forcepoint DLP Cloud Applications (at rest) - Powered by Forcepoint CASB, DLP Cloud
Applications extends the advanced analytics and single control of Forcepoint DLP to critical cloud
applications, including Office 365, Salesforce, Google Apps, Box and more.
Forcepoint DLP Discovery (at rest) - DLP Discovery identifies sensitive data across your
network, as well as data stored in cloud services like Office 365 and Box Enterprise. Advanced
fingerprinting technology identifies regulated data and intellectual property at rest, and protects
that data by applying appropriate encryption and controls.
185
Data Loss Prevention for Dummies Guide
Policy Engine
Policy Engine is the DATA component responsible for all data analysis and policy enforcement
PE – Policy Engine
XML – Based Policies
Fingeprinting Repository
You will find a PE component on any of these implementations including the FSM:
186
Data Loss Prevention for Dummies Guide
FORCEPOINT PROTECTOR
PROTECTOR – INLINE
187
Data Loss Prevention for Dummies Guide
188
Data Loss Prevention for Dummies Guide
189